Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 30 12:14:06.309019 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.1M, max 15.3M, 13.1M free. Oct 30 12:14:06.311495 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:14:06.311555 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:14:06.320483 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:14:06.651082 osdx osdx-coredump[129382]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:14:06.661034 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:14:07.120691 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:07.204826 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:07.316822 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:07.398060 osdx ERROR[129390]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:07.402116 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:07.531490 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:14:07.629067 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:07.655870 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:07.672832 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:07.814207 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:14:08.031241 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:08.102305 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:14:08.216117 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:14:08.280501 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:14:08.368167 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:14:08.428550 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:14:08.536347 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 12:14:08.594661 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:14:08.746009 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:08.802236 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:08.937628 osdx ERROR[129506]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:08.942967 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:09.041042 osdx ca-certificates[129533]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:09.599269 osdx ca-certificates[130535]: 1 added, 0 removed; done. Oct 30 12:14:09.603134 osdx ca-certificates[130543]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:09.606139 osdx ca-certificates[130545]: done. Oct 30 12:14:09.699793 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:09.701066 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:09.704047 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:09.732935 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:09.900729 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:14:09.922234 osdx dnscrypt-proxy[130549]: dnscrypt-proxy 2.0.45 Oct 30 12:14:09.922301 osdx dnscrypt-proxy[130549]: Network connectivity detected Oct 30 12:14:09.922497 osdx dnscrypt-proxy[130549]: Dropping privileges Oct 30 12:14:09.924576 osdx dnscrypt-proxy[130549]: Network connectivity detected Oct 30 12:14:09.924611 osdx dnscrypt-proxy[130549]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:14:09.924616 osdx dnscrypt-proxy[130549]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:14:09.924635 osdx dnscrypt-proxy[130549]: Firefox workaround initialized Oct 30 12:14:09.924639 osdx dnscrypt-proxy[130549]: Loading the set of cloaking rules from [/tmp/tmpf4rvm6du] Oct 30 12:14:10.110158 osdx dnscrypt-proxy[130549]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 12:14:10.110173 osdx dnscrypt-proxy[130549]: [RD] OK (DoH) - rtt: 105ms Oct 30 12:14:10.110181 osdx dnscrypt-proxy[130549]: Server with the lowest initial latency: RD (rtt: 105ms) Oct 30 12:14:10.110186 osdx dnscrypt-proxy[130549]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:14:15.082552 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:14:15.265701 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 30 12:14:22.295568 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:14:22.297454 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:14:22.297501 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:14:22.305008 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:14:22.633416 osdx osdx-coredump[132183]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:14:22.641364 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:14:23.098850 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:23.171747 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:23.260891 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:23.331864 osdx ERROR[132191]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:23.332548 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:23.445387 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:14:23.552270 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:23.584574 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:23.608723 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:23.766979 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:14:23.893799 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:23.955088 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:14:24.058938 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:14:24.122699 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:14:24.212666 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:14:24.273135 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:14:24.367833 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 12:14:24.421926 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:14:24.529907 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:24.586040 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:24.720200 osdx ERROR[132307]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:24.721353 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:24.814011 osdx ca-certificates[132334]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:25.317295 osdx ca-certificates[133337]: 1 added, 0 removed; done. Oct 30 12:14:25.320158 osdx ca-certificates[133344]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:25.322852 osdx ca-certificates[133346]: done. Oct 30 12:14:25.389677 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:25.390680 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:25.392955 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:25.411558 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:25.412845 osdx dnscrypt-proxy[133350]: dnscrypt-proxy 2.0.45 Oct 30 12:14:25.412915 osdx dnscrypt-proxy[133350]: Network connectivity detected Oct 30 12:14:25.413151 osdx dnscrypt-proxy[133350]: Dropping privileges Oct 30 12:14:25.415742 osdx dnscrypt-proxy[133350]: Network connectivity detected Oct 30 12:14:25.415776 osdx dnscrypt-proxy[133350]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:14:25.415781 osdx dnscrypt-proxy[133350]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:14:25.415811 osdx dnscrypt-proxy[133350]: Firefox workaround initialized Oct 30 12:14:25.415816 osdx dnscrypt-proxy[133350]: Loading the set of cloaking rules from [/tmp/tmpr9t8c_j7] Oct 30 12:14:25.609542 osdx dnscrypt-proxy[133350]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 12:14:25.609665 osdx dnscrypt-proxy[133350]: [RD] OK (DoH) - rtt: 140ms Oct 30 12:14:25.609696 osdx dnscrypt-proxy[133350]: Server with the lowest initial latency: RD (rtt: 140ms) Oct 30 12:14:25.609728 osdx dnscrypt-proxy[133350]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:14:30.578881 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:14:30.762141 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 30 12:14:30.995527 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:14:30.997414 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:14:30.997452 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:14:31.004635 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:14:31.277575 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:31.377846 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:14:31.453978 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:14:31.560959 osdx ERROR[133397]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:31.561670 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:31.629550 osdx dnscrypt-proxy[133350]: Stopped. Oct 30 12:14:31.629608 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:14:31.630628 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:14:31.630748 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:31.726933 osdx ca-certificates[133443]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:14:31.979406 osdx ca-certificates[134012]: done. Oct 30 12:14:31.982609 osdx ca-certificates[134022]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:32.452338 osdx ca-certificates[134872]: 140 added, 0 removed; done. Oct 30 12:14:32.455548 osdx ca-certificates[134879]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:32.459244 osdx ca-certificates[134881]: done. Oct 30 12:14:32.487947 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:32.490336 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:32.508333 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:33.734846 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:33.793853 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:14:33.895254 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:14:33.963695 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:14:34.065000 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:14:34.163622 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:14:34.217069 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 12:14:34.313482 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:14:34.383743 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:34.492687 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:34.566195 osdx ERROR[134908]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:34.567668 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:34.680635 osdx ca-certificates[134937]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:35.183969 osdx ca-certificates[135940]: 1 added, 0 removed; done. Oct 30 12:14:35.186895 osdx ca-certificates[135947]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:35.189935 osdx ca-certificates[135949]: done. Oct 30 12:14:35.209389 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:14:35.405800 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:35.407341 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:35.429210 osdx dnscrypt-proxy[136012]: dnscrypt-proxy 2.0.45 Oct 30 12:14:35.429280 osdx dnscrypt-proxy[136012]: Network connectivity detected Oct 30 12:14:35.429496 osdx dnscrypt-proxy[136012]: Dropping privileges Oct 30 12:14:35.431741 osdx dnscrypt-proxy[136012]: Network connectivity detected Oct 30 12:14:35.431768 osdx dnscrypt-proxy[136012]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:14:35.431772 osdx dnscrypt-proxy[136012]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:14:35.431792 osdx dnscrypt-proxy[136012]: Firefox workaround initialized Oct 30 12:14:35.431795 osdx dnscrypt-proxy[136012]: Loading the set of cloaking rules from [/tmp/tmpuyg8eb6j] Oct 30 12:14:35.437743 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:35.460279 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:35.606417 osdx dnscrypt-proxy[136012]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 12:14:35.606528 osdx dnscrypt-proxy[136012]: [RD] OK (DoH) - rtt: 134ms Oct 30 12:14:35.606574 osdx dnscrypt-proxy[136012]: Server with the lowest initial latency: RD (rtt: 134ms) Oct 30 12:14:35.606611 osdx dnscrypt-proxy[136012]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:14:40.618449 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:14:40.805720 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 30 12:14:41.020724 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:14:41.021383 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:14:41.021416 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:14:41.032016 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:14:41.312311 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:41.368849 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:14:41.479034 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:14:41.541851 osdx ERROR[136079]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:41.542732 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:41.635199 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:14:41.635248 osdx dnscrypt-proxy[136012]: Stopped. Oct 30 12:14:41.636216 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:14:41.636331 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:41.732554 osdx ca-certificates[136125]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:14:42.000141 osdx ca-certificates[136694]: done. Oct 30 12:14:42.004222 osdx ca-certificates[136703]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:42.412775 osdx ca-certificates[137555]: 140 added, 0 removed; done. Oct 30 12:14:42.415662 osdx ca-certificates[137561]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:42.418415 osdx ca-certificates[137563]: done. Oct 30 12:14:42.447817 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:42.451258 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:42.475294 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:43.679363 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:43.744955 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:14:43.846404 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:14:43.908666 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:14:43.991895 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:14:44.051008 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:14:44.146384 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 12:14:44.207053 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:14:44.305850 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:44.361234 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:44.476173 osdx ERROR[137590]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:44.477389 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:44.564059 osdx ca-certificates[137619]: Updating certificates in /etc/ssl/certs... Oct 30 12:14:45.076299 osdx ca-certificates[138622]: 1 added, 0 removed; done. Oct 30 12:14:45.080054 osdx ca-certificates[138629]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:14:45.083807 osdx ca-certificates[138631]: done. Oct 30 12:14:45.101431 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:14:45.273793 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:14:45.275234 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:45.306065 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:45.306837 osdx dnscrypt-proxy[138694]: dnscrypt-proxy 2.0.45 Oct 30 12:14:45.306913 osdx dnscrypt-proxy[138694]: Network connectivity detected Oct 30 12:14:45.307131 osdx dnscrypt-proxy[138694]: Dropping privileges Oct 30 12:14:45.310945 osdx dnscrypt-proxy[138694]: Network connectivity detected Oct 30 12:14:45.310987 osdx dnscrypt-proxy[138694]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:14:45.310993 osdx dnscrypt-proxy[138694]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:14:45.311019 osdx dnscrypt-proxy[138694]: Firefox workaround initialized Oct 30 12:14:45.311024 osdx dnscrypt-proxy[138694]: Loading the set of cloaking rules from [/tmp/tmpq4wyrj7e] Oct 30 12:14:45.324104 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:45.813462 osdx dnscrypt-proxy[138694]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 12:14:45.813484 osdx dnscrypt-proxy[138694]: [RD] OK (DoH) - rtt: 223ms Oct 30 12:14:45.813495 osdx dnscrypt-proxy[138694]: Server with the lowest initial latency: RD (rtt: 223ms) Oct 30 12:14:45.813500 osdx dnscrypt-proxy[138694]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:14:50.473136 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:14:50.657921 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 30 12:14:57.000498 osdx systemd-timedated[140333]: Changed local time to Wed 2024-10-30 12:14:57 UTC Oct 30 12:14:57.001364 osdx systemd-journald[1923]: Time jumped backwards, rotating. Oct 30 12:14:57.002745 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'set date 2024-10-30 12:14:57'. Oct 30 12:14:57.351162 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:14:57.353369 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:14:57.353439 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:14:57.360471 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:14:57.705637 osdx osdx-coredump[140350]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:14:57.715232 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:14:58.218751 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:58.294917 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:58.384360 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:58.463456 osdx ERROR[140358]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:58.464157 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:14:58.597379 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:14:58.699331 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:14:58.725946 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:14:58.746171 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:14:58.924455 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:14:59.085419 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:14:59.147554 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:14:59.246111 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:14:59.318156 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:14:59.445505 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:14:59.510114 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:14:59.639374 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:14:59.697342 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:14:59.803120 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:14:59.855939 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:14:59.962644 osdx ERROR[140474]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:14:59.963888 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:00.055217 osdx ca-certificates[140500]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:00.575160 osdx ca-certificates[141505]: 1 added, 0 removed; done. Oct 30 12:15:00.579076 osdx ca-certificates[141511]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:00.582518 osdx ca-certificates[141513]: done. Oct 30 12:15:00.645714 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:00.647507 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:00.649586 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:00.670783 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:00.677107 osdx dnscrypt-proxy[141518]: dnscrypt-proxy 2.0.45 Oct 30 12:15:00.678060 osdx dnscrypt-proxy[141518]: Network connectivity detected Oct 30 12:15:00.678393 osdx dnscrypt-proxy[141518]: Dropping privileges Oct 30 12:15:00.681761 osdx dnscrypt-proxy[141518]: Network connectivity detected Oct 30 12:15:00.682071 osdx dnscrypt-proxy[141518]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:00.682123 osdx dnscrypt-proxy[141518]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:00.682200 osdx dnscrypt-proxy[141518]: Firefox workaround initialized Oct 30 12:15:00.682239 osdx dnscrypt-proxy[141518]: Loading the set of cloaking rules from [/tmp/tmpc9bqzevc] Oct 30 12:15:00.701793 osdx dnscrypt-proxy[141518]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 30 12:15:07.309750 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.1M, max 15.3M, 13.2M free. Oct 30 12:15:07.310218 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:07.310258 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:07.319711 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:07.646485 osdx osdx-coredump[143144]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:15:07.656467 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:15:08.123417 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:08.199921 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:08.301226 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:08.369315 osdx ERROR[143152]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:08.370064 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:08.502118 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:08.601571 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:08.636381 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:08.651798 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:08.794371 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:15:08.985258 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:09.060268 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:09.173813 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:09.239335 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:09.331092 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:09.397766 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:09.492766 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:15:09.553439 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:09.666646 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:09.719011 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:09.830979 osdx ERROR[143268]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:09.831862 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:09.917917 osdx ca-certificates[143295]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:10.393400 osdx ca-certificates[144298]: 1 added, 0 removed; done. Oct 30 12:15:10.396145 osdx ca-certificates[144305]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:10.398890 osdx ca-certificates[144307]: done. Oct 30 12:15:10.462504 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:10.463806 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:10.466352 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:10.485147 osdx dnscrypt-proxy[144311]: dnscrypt-proxy 2.0.45 Oct 30 12:15:10.485223 osdx dnscrypt-proxy[144311]: Network connectivity detected Oct 30 12:15:10.485442 osdx dnscrypt-proxy[144311]: Dropping privileges Oct 30 12:15:10.487899 osdx dnscrypt-proxy[144311]: Network connectivity detected Oct 30 12:15:10.487931 osdx dnscrypt-proxy[144311]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:10.487936 osdx dnscrypt-proxy[144311]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:10.487959 osdx dnscrypt-proxy[144311]: Firefox workaround initialized Oct 30 12:15:10.487963 osdx dnscrypt-proxy[144311]: Loading the set of cloaking rules from [/tmp/tmppmwf1ovt] Oct 30 12:15:10.497606 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:10.499737 osdx dnscrypt-proxy[144311]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 30 12:15:10.658199 osdx dnscrypt-proxy[144311]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 12:15:10.658213 osdx dnscrypt-proxy[144311]: [RD] OK (DoH) - rtt: 136ms Oct 30 12:15:10.658221 osdx dnscrypt-proxy[144311]: Server with the lowest initial latency: RD (rtt: 136ms) Oct 30 12:15:10.658226 osdx dnscrypt-proxy[144311]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 30 12:15:10.774730 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:15:10.778116 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:10.778177 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:10.787901 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:11.035144 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:11.129972 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:15:11.200854 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:15:11.297838 osdx ERROR[144350]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:11.298679 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:11.364823 osdx dnscrypt-proxy[144311]: Stopped. Oct 30 12:15:11.364881 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:15:11.365768 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:15:11.365892 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:11.489561 osdx ca-certificates[144396]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:15:11.748212 osdx ca-certificates[144965]: done. Oct 30 12:15:11.751663 osdx ca-certificates[144975]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:12.177580 osdx ca-certificates[145825]: 140 added, 0 removed; done. Oct 30 12:15:12.180446 osdx ca-certificates[145832]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:12.183125 osdx ca-certificates[145834]: done. Oct 30 12:15:12.211163 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:12.214037 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:12.231246 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:13.526940 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:13.595428 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:13.692945 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:13.760824 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:13.849217 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:13.909385 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:14.008094 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 12:15:14.061444 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:14.174037 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:14.227689 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:14.337884 osdx ERROR[145861]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:14.338787 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:14.428304 osdx ca-certificates[145890]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:14.915440 osdx ca-certificates[146894]: 1 added, 0 removed; done. Oct 30 12:15:14.918174 osdx ca-certificates[146900]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:14.920840 osdx ca-certificates[146902]: done. Oct 30 12:15:14.938107 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:15.106411 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:15.107757 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:15.129421 osdx dnscrypt-proxy[146965]: dnscrypt-proxy 2.0.45 Oct 30 12:15:15.129497 osdx dnscrypt-proxy[146965]: Network connectivity detected Oct 30 12:15:15.129731 osdx dnscrypt-proxy[146965]: Dropping privileges Oct 30 12:15:15.132121 osdx dnscrypt-proxy[146965]: Network connectivity detected Oct 30 12:15:15.132167 osdx dnscrypt-proxy[146965]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:15.132173 osdx dnscrypt-proxy[146965]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:15.132201 osdx dnscrypt-proxy[146965]: Firefox workaround initialized Oct 30 12:15:15.132207 osdx dnscrypt-proxy[146965]: Loading the set of cloaking rules from [/tmp/tmph8jou8og] Oct 30 12:15:15.133046 osdx dnscrypt-proxy[146965]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 30 12:15:15.136975 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:15.160107 osdx OSDxCLI[101074]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 30 12:15:15.429780 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:15:15.430218 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:15.430249 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:15.439333 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:15.692861 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:15.749465 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:15:15.864674 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:15:15.936173 osdx ERROR[147025]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:15.938511 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:16.058669 osdx dnscrypt-proxy[146965]: Stopped. Oct 30 12:15:16.058719 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:15:16.059665 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:15:16.059767 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:16.174224 osdx ca-certificates[147071]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:15:16.429882 osdx ca-certificates[147640]: done. Oct 30 12:15:16.434541 osdx ca-certificates[147649]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:16.860124 osdx ca-certificates[148500]: 140 added, 0 removed; done. Oct 30 12:15:16.862854 osdx ca-certificates[148507]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:16.865462 osdx ca-certificates[148509]: done. Oct 30 12:15:16.897581 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:16.901173 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:16.917443 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:18.177261 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:18.239599 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:18.343937 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:18.413103 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:18.508840 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:18.572182 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:18.667188 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:15:18.726375 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 12:15:18.823814 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:18.898687 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:18.991689 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:19.070696 osdx ERROR[148539]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:19.076383 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:19.190183 osdx ca-certificates[148568]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:19.712251 osdx ca-certificates[149572]: 1 added, 0 removed; done. Oct 30 12:15:19.715382 osdx ca-certificates[149578]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:19.718673 osdx ca-certificates[149580]: done. Oct 30 12:15:19.734109 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:19.886374 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:19.887508 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:19.915655 osdx dnscrypt-proxy[149643]: dnscrypt-proxy 2.0.45 Oct 30 12:15:19.915889 osdx dnscrypt-proxy[149643]: Network connectivity detected Oct 30 12:15:19.916077 osdx dnscrypt-proxy[149643]: Dropping privileges Oct 30 12:15:19.917359 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:19.919441 osdx dnscrypt-proxy[149643]: Network connectivity detected Oct 30 12:15:19.919619 osdx dnscrypt-proxy[149643]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:19.919669 osdx dnscrypt-proxy[149643]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:19.919771 osdx dnscrypt-proxy[149643]: Firefox workaround initialized Oct 30 12:15:19.919802 osdx dnscrypt-proxy[149643]: Loading the set of cloaking rules from [/tmp/tmpe5kuhevz] Oct 30 12:15:19.920648 osdx dnscrypt-proxy[149643]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 30 12:15:19.940983 osdx OSDxCLI[101074]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 30 12:15:27.321512 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.4M, max 15.3M, 12.9M free. Oct 30 12:15:27.324099 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:27.324172 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:27.332543 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:27.652389 osdx osdx-coredump[151288]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Oct 30 12:15:27.660401 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system coredump delete all'. Oct 30 12:15:28.137177 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:28.208165 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:28.301112 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:28.369849 osdx ERROR[151296]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:28.374031 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:28.484101 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:28.585760 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:28.621485 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:28.641785 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:28.784737 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 30 12:15:28.964493 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:29.025504 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:29.121582 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:29.187050 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:29.279411 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:29.342833 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:29.444709 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:15:29.501919 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 12:15:29.599774 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:29.668012 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:29.762718 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:29.876131 osdx ERROR[151415]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:29.877286 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:29.995307 osdx ca-certificates[151442]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:30.486003 osdx ca-certificates[152446]: 1 added, 0 removed; done. Oct 30 12:15:30.489094 osdx ca-certificates[152452]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:30.492869 osdx ca-certificates[152454]: done. Oct 30 12:15:30.572524 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:30.573960 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:30.576127 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:30.592964 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:30.597664 osdx dnscrypt-proxy[152458]: dnscrypt-proxy 2.0.45 Oct 30 12:15:30.597735 osdx dnscrypt-proxy[152458]: Network connectivity detected Oct 30 12:15:30.597958 osdx dnscrypt-proxy[152458]: Dropping privileges Oct 30 12:15:30.600696 osdx dnscrypt-proxy[152458]: Network connectivity detected Oct 30 12:15:30.600728 osdx dnscrypt-proxy[152458]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:30.600734 osdx dnscrypt-proxy[152458]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:30.600759 osdx dnscrypt-proxy[152458]: Firefox workaround initialized Oct 30 12:15:30.600765 osdx dnscrypt-proxy[152458]: Loading the set of cloaking rules from [/tmp/tmp43oa6d97] Oct 30 12:15:30.748906 osdx dnscrypt-proxy[152458]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 12:15:30.748921 osdx dnscrypt-proxy[152458]: [RD] OK (DoH) - rtt: 120ms Oct 30 12:15:30.748929 osdx dnscrypt-proxy[152458]: Server with the lowest initial latency: RD (rtt: 120ms) Oct 30 12:15:30.748932 osdx dnscrypt-proxy[152458]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:15:35.759510 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:15:35.957554 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 30 12:15:36.158150 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:15:36.160089 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:36.160135 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:36.167378 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:36.420948 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:36.477516 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:15:36.589278 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:15:36.649842 osdx ERROR[152506]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:36.652288 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:36.742096 osdx dnscrypt-proxy[152458]: Stopped. Oct 30 12:15:36.742127 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:15:36.742962 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:15:36.743051 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:36.836043 osdx ca-certificates[152552]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:15:37.071427 osdx ca-certificates[153122]: done. Oct 30 12:15:37.074844 osdx ca-certificates[153131]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:37.472313 osdx ca-certificates[153981]: 140 added, 0 removed; done. Oct 30 12:15:37.475211 osdx ca-certificates[153988]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:37.477961 osdx ca-certificates[153990]: done. Oct 30 12:15:37.507513 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:37.510091 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:37.527228 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:38.711899 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:38.772300 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:38.872970 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:38.936329 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:39.032030 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:39.099275 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:39.198937 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:15:39.263859 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 12:15:39.359702 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:39.474423 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:39.530560 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:39.644109 osdx ERROR[154020]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:39.645551 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:39.734844 osdx ca-certificates[154048]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:40.225087 osdx ca-certificates[155052]: 1 added, 0 removed; done. Oct 30 12:15:40.227765 osdx ca-certificates[155059]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:40.230510 osdx ca-certificates[155061]: done. Oct 30 12:15:40.244090 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:40.436367 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:40.438020 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:40.465121 osdx dnscrypt-proxy[155124]: dnscrypt-proxy 2.0.45 Oct 30 12:15:40.465202 osdx dnscrypt-proxy[155124]: Network connectivity detected Oct 30 12:15:40.465417 osdx dnscrypt-proxy[155124]: Dropping privileges Oct 30 12:15:40.467707 osdx dnscrypt-proxy[155124]: Network connectivity detected Oct 30 12:15:40.467733 osdx dnscrypt-proxy[155124]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:40.467737 osdx dnscrypt-proxy[155124]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:40.467762 osdx dnscrypt-proxy[155124]: Firefox workaround initialized Oct 30 12:15:40.467765 osdx dnscrypt-proxy[155124]: Loading the set of cloaking rules from [/tmp/tmpo6cbgovk] Oct 30 12:15:40.472712 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:40.500679 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:40.634903 osdx dnscrypt-proxy[155124]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 12:15:40.634922 osdx dnscrypt-proxy[155124]: [RD] OK (DoH) - rtt: 130ms Oct 30 12:15:40.634931 osdx dnscrypt-proxy[155124]: Server with the lowest initial latency: RD (rtt: 130ms) Oct 30 12:15:40.634937 osdx dnscrypt-proxy[155124]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:15:40.648476 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 30 12:15:40.859012 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:15:40.860097 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:40.860161 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:40.868915 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:41.116022 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:41.172930 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:15:41.283565 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:15:41.343321 osdx ERROR[155187]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:41.343946 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:41.446731 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:15:41.446929 osdx dnscrypt-proxy[155124]: Stopped. Oct 30 12:15:41.448037 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:15:41.448184 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:41.561750 osdx ca-certificates[155233]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:15:41.831365 osdx ca-certificates[155802]: done. Oct 30 12:15:41.834487 osdx ca-certificates[155812]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:42.283685 osdx ca-certificates[156664]: 140 added, 0 removed; done. Oct 30 12:15:42.286570 osdx ca-certificates[156669]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:42.290316 osdx ca-certificates[156671]: done. Oct 30 12:15:42.332611 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:42.334686 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:42.351561 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:43.634894 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:43.703334 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:43.805449 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:43.896184 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:43.989818 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:44.054787 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:44.158253 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 30 12:15:44.229615 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 12:15:44.335476 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:44.405317 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:44.495387 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:44.567994 osdx ERROR[156701]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:44.569350 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:44.731211 osdx ca-certificates[156729]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:45.260601 osdx ca-certificates[157734]: 1 added, 0 removed; done. Oct 30 12:15:45.263356 osdx ca-certificates[157740]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:45.266074 osdx ca-certificates[157742]: done. Oct 30 12:15:45.280099 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:45.444391 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:45.446618 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:45.467031 osdx dnscrypt-proxy[157805]: dnscrypt-proxy 2.0.45 Oct 30 12:15:45.467094 osdx dnscrypt-proxy[157805]: Network connectivity detected Oct 30 12:15:45.467283 osdx dnscrypt-proxy[157805]: Dropping privileges Oct 30 12:15:45.469504 osdx dnscrypt-proxy[157805]: Network connectivity detected Oct 30 12:15:45.469531 osdx dnscrypt-proxy[157805]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:45.469535 osdx dnscrypt-proxy[157805]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:45.469554 osdx dnscrypt-proxy[157805]: Firefox workaround initialized Oct 30 12:15:45.469558 osdx dnscrypt-proxy[157805]: Loading the set of cloaking rules from [/tmp/tmp606gx1xw] Oct 30 12:15:45.475965 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:45.517397 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:45.697571 osdx dnscrypt-proxy[157805]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 12:15:45.697592 osdx dnscrypt-proxy[157805]: [RD] OK (DoH) - rtt: 202ms Oct 30 12:15:45.697603 osdx dnscrypt-proxy[157805]: Server with the lowest initial latency: RD (rtt: 202ms) Oct 30 12:15:45.697609 osdx dnscrypt-proxy[157805]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:15:50.673942 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:15:50.868593 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 30 12:15:51.127641 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:15:51.128290 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:15:51.128344 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:15:51.137274 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:15:51.399992 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:51.456170 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:15:51.572765 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:15:51.637939 osdx ERROR[157872]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:51.640146 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:51.755129 osdx dnscrypt-proxy[157805]: Stopped. Oct 30 12:15:51.755167 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:15:51.756037 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:15:51.756151 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:51.862015 osdx ca-certificates[157918]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:15:52.114983 osdx ca-certificates[158487]: done. Oct 30 12:15:52.118984 osdx ca-certificates[158497]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:52.544649 osdx ca-certificates[159347]: 140 added, 0 removed; done. Oct 30 12:15:52.548404 osdx ca-certificates[159354]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:52.551258 osdx ca-certificates[159356]: done. Oct 30 12:15:52.582409 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:52.586096 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:52.631463 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:53.847087 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:15:53.908499 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:15:53.997056 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:15:54.062298 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:15:54.159587 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:15:54.225638 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:15:54.320566 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 12:15:54.376763 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 30 12:15:54.468711 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:15:54.536331 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:15:54.626063 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:15:54.697753 osdx ERROR[159386]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:15:54.703381 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:15:54.814889 osdx ca-certificates[159415]: Updating certificates in /etc/ssl/certs... Oct 30 12:15:55.340706 osdx ca-certificates[160418]: 1 added, 0 removed; done. Oct 30 12:15:55.343544 osdx ca-certificates[160425]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:15:55.347250 osdx ca-certificates[160427]: done. Oct 30 12:15:55.364095 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:15:55.568380 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:15:55.569553 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:15:55.597238 osdx dnscrypt-proxy[160490]: dnscrypt-proxy 2.0.45 Oct 30 12:15:55.597312 osdx dnscrypt-proxy[160490]: Network connectivity detected Oct 30 12:15:55.597537 osdx dnscrypt-proxy[160490]: Dropping privileges Oct 30 12:15:55.599940 osdx dnscrypt-proxy[160490]: Network connectivity detected Oct 30 12:15:55.599965 osdx dnscrypt-proxy[160490]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:15:55.599968 osdx dnscrypt-proxy[160490]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:15:55.599992 osdx dnscrypt-proxy[160490]: Firefox workaround initialized Oct 30 12:15:55.599995 osdx dnscrypt-proxy[160490]: Loading the set of cloaking rules from [/tmp/tmpos84mbpv] Oct 30 12:15:55.604072 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:15:55.622634 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:15:55.774863 osdx dnscrypt-proxy[160490]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 30 12:15:55.774878 osdx dnscrypt-proxy[160490]: [RD] OK (DoH) - rtt: 140ms Oct 30 12:15:55.774885 osdx dnscrypt-proxy[160490]: Server with the lowest initial latency: RD (rtt: 140ms) Oct 30 12:15:55.774890 osdx dnscrypt-proxy[160490]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:15:57.031052 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Oct 30 12:16:00.783927 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:16:00.969568 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 30 12:16:01.204122 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:16:01.208089 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:16:01.208141 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:16:01.215481 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:16:01.489299 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:16:01.546228 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:16:01.661193 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:16:01.724325 osdx ERROR[160559]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:16:01.727721 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:16:01.825768 osdx dnscrypt-proxy[160490]: Stopped. Oct 30 12:16:01.825775 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:16:01.826963 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:16:01.827060 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:16:01.942401 osdx ca-certificates[160605]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:16:02.219154 osdx ca-certificates[161175]: done. Oct 30 12:16:02.222774 osdx ca-certificates[161185]: Updating certificates in /etc/ssl/certs... Oct 30 12:16:02.646668 osdx ca-certificates[162037]: 140 added, 0 removed; done. Oct 30 12:16:02.649523 osdx ca-certificates[162044]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:16:02.652404 osdx ca-certificates[162046]: done. Oct 30 12:16:02.694894 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:16:02.697733 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:16:02.719670 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:16:03.967237 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:16:04.031079 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:16:04.131486 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:16:04.207495 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:16:04.301374 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:16:04.404396 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:16:04.463678 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 12:16:04.563350 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 30 12:16:04.615895 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:16:04.727998 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:16:04.783047 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:16:04.901729 osdx ERROR[162076]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:16:04.909782 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:16:04.997546 osdx ca-certificates[162104]: Updating certificates in /etc/ssl/certs... Oct 30 12:16:05.488210 osdx ca-certificates[163109]: 1 added, 0 removed; done. Oct 30 12:16:05.490984 osdx ca-certificates[163115]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:16:05.493858 osdx ca-certificates[163117]: done. Oct 30 12:16:05.508096 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:16:05.680358 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:16:05.681501 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:16:05.708798 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:16:05.712645 osdx dnscrypt-proxy[163180]: dnscrypt-proxy 2.0.45 Oct 30 12:16:05.712708 osdx dnscrypt-proxy[163180]: Network connectivity detected Oct 30 12:16:05.712887 osdx dnscrypt-proxy[163180]: Dropping privileges Oct 30 12:16:05.715449 osdx dnscrypt-proxy[163180]: Network connectivity detected Oct 30 12:16:05.715476 osdx dnscrypt-proxy[163180]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:16:05.715480 osdx dnscrypt-proxy[163180]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:16:05.715500 osdx dnscrypt-proxy[163180]: Firefox workaround initialized Oct 30 12:16:05.715504 osdx dnscrypt-proxy[163180]: Loading the set of cloaking rules from [/tmp/tmpn_sqqtj5] Oct 30 12:16:05.731662 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:16:05.880677 osdx dnscrypt-proxy[163180]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 30 12:16:05.880690 osdx dnscrypt-proxy[163180]: [RD] OK (DoH) - rtt: 140ms Oct 30 12:16:05.880697 osdx dnscrypt-proxy[163180]: Server with the lowest initial latency: RD (rtt: 140ms) Oct 30 12:16:05.880701 osdx dnscrypt-proxy[163180]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:16:10.887076 osdx OSDxCLI[101074]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 30 12:16:11.072683 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 30 12:16:11.320687 osdx systemd-journald[1923]: Runtime Journal (/run/log/journal/877522c656344df9b9ad28416f5f036f) is 2.0M, max 15.3M, 13.3M free. Oct 30 12:16:11.324094 osdx systemd-journald[1923]: Received client request to rotate journal, rotating. Oct 30 12:16:11.324149 osdx systemd-journald[1923]: Vacuuming done, freed 0B of archived journals from /run/log/journal/877522c656344df9b9ad28416f5f036f. Oct 30 12:16:11.333565 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'system journal clear'. Oct 30 12:16:11.610189 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:16:11.685466 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'delete'. Oct 30 12:16:11.808607 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 30 12:16:11.882846 osdx ERROR[163247]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:16:11.883476 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:16:11.987779 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 30 12:16:11.987807 osdx dnscrypt-proxy[163180]: Stopped. Oct 30 12:16:11.988859 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 30 12:16:11.988957 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:16:12.090826 osdx ca-certificates[163293]: Clearing symlinks in /etc/ssl/certs... Oct 30 12:16:12.365214 osdx ca-certificates[163862]: done. Oct 30 12:16:12.368242 osdx ca-certificates[163870]: Updating certificates in /etc/ssl/certs... Oct 30 12:16:12.853710 osdx ca-certificates[164722]: 140 added, 0 removed; done. Oct 30 12:16:12.856829 osdx ca-certificates[164729]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:16:12.859818 osdx ca-certificates[164731]: done. Oct 30 12:16:12.891800 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:16:12.893800 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:16:12.924964 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:16:14.253262 osdx OSDxCLI[101074]: User 'admin' entered the configuration menu. Oct 30 12:16:14.316920 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 30 12:16:14.424236 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 30 12:16:14.494219 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 30 12:16:14.623840 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 30 12:16:14.687189 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 68c25678167aeb1c6d3c5a2eee24cda4b0e03dd3e6b1ed1872dbed544374329e'. Oct 30 12:16:14.783457 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 30 12:16:14.843404 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 30 12:16:14.942434 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 30 12:16:15.008991 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 30 12:16:15.102779 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 30 12:16:15.225674 osdx ERROR[164761]: unexpected Traceback (most recent call last): File "osdx/bin/op/fan_control.py", line 23, in _send_fan_control_cmd FileNotFoundError: [Errno 2] No such file or directory Oct 30 12:16:15.226831 osdx OSDxCLI[101074]: User 'admin' added a new cfg line: 'show working'. Oct 30 12:16:15.338965 osdx ca-certificates[164790]: Updating certificates in /etc/ssl/certs... Oct 30 12:16:15.844464 osdx ca-certificates[165794]: 1 added, 0 removed; done. Oct 30 12:16:15.847287 osdx ca-certificates[165800]: Running hooks in /etc/ca-certificates/update.d... Oct 30 12:16:15.850088 osdx ca-certificates[165802]: done. Oct 30 12:16:15.864115 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 30 12:16:16.024392 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 30 12:16:16.025795 osdx cfgd[1636]: [101074]Completed change to active configuration Oct 30 12:16:16.045324 osdx dnscrypt-proxy[165865]: dnscrypt-proxy 2.0.45 Oct 30 12:16:16.045604 osdx dnscrypt-proxy[165865]: Network connectivity detected Oct 30 12:16:16.045851 osdx dnscrypt-proxy[165865]: Dropping privileges Oct 30 12:16:16.047940 osdx dnscrypt-proxy[165865]: Network connectivity detected Oct 30 12:16:16.048121 osdx dnscrypt-proxy[165865]: Now listening to 127.0.0.1:53 [UDP] Oct 30 12:16:16.048170 osdx dnscrypt-proxy[165865]: Now listening to 127.0.0.1:53 [TCP] Oct 30 12:16:16.048216 osdx dnscrypt-proxy[165865]: Firefox workaround initialized Oct 30 12:16:16.048246 osdx dnscrypt-proxy[165865]: Loading the set of cloaking rules from [/tmp/tmpd8yfufs9] Oct 30 12:16:16.061181 osdx OSDxCLI[101074]: User 'admin' committed the configuration. Oct 30 12:16:16.078688 osdx OSDxCLI[101074]: User 'admin' left the configuration menu. Oct 30 12:16:16.192208 osdx dnscrypt-proxy[165865]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 30 12:16:16.192230 osdx dnscrypt-proxy[165865]: [RD] OK (DoH) - rtt: 117ms Oct 30 12:16:16.192241 osdx dnscrypt-proxy[165865]: Server with the lowest initial latency: RD (rtt: 117ms) Oct 30 12:16:16.192247 osdx dnscrypt-proxy[165865]: dnscrypt-proxy is ready - live servers: 1 Oct 30 12:16:16.223097 osdx OSDxCLI[101074]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.