Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

May 19 18:07:03.279068 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:03.282515 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:03.282570 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:03.288469 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:03.489137 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 18:07:03.690741 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:03.769570 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:03.836876 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:03.938024 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:03.991735 osdx ubnt-cfgd[851670]: inactive
May 19 18:07:04.010711 osdx INFO[851677]: FRR daemons did not change
May 19 18:07:04.038519 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:04.088372 osdx WARNING[851748]: No supported link modes on interface eth0
May 19 18:07:04.089682 osdx modulelauncher[851748]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:04.089693 osdx modulelauncher[851748]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:04.090786 osdx modulelauncher[851748]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:04.090793 osdx modulelauncher[851748]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:04.293554 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:04.294075 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:04.308994 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:04.453130 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 18:07:04.514205 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 18:07:04.641790 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:04.695634 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:04.791649 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:04.883985 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:04.934529 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:05.030659 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:05.078774 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 19 18:07:05.171632 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:05.244406 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:05.315025 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:05.376117 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:05.466316 osdx ubnt-cfgd[851862]: inactive
May 19 18:07:05.485822 osdx INFO[851871]: FRR daemons did not change
May 19 18:07:05.497471 osdx ca-certificates[851887]: Updating certificates in /etc/ssl/certs...
May 19 18:07:05.966600 osdx ubnt-cfgd[852899]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:05.974271 osdx ca-certificates[852905]: 1 added, 0 removed; done.
May 19 18:07:05.976923 osdx ca-certificates[852911]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:05.979451 osdx ca-certificates[852913]: done.
May 19 18:07:06.038933 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:06.046086 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:06.046598 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:06.060368 osdx dnscrypt-proxy[852917]: dnscrypt-proxy 2.0.45
May 19 18:07:06.060434 osdx dnscrypt-proxy[852917]: Network connectivity detected
May 19 18:07:06.060652 osdx dnscrypt-proxy[852917]: Dropping privileges
May 19 18:07:06.061297 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:06.063023 osdx dnscrypt-proxy[852917]: Network connectivity detected
May 19 18:07:06.063058 osdx dnscrypt-proxy[852917]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:06.063062 osdx dnscrypt-proxy[852917]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:06.063081 osdx dnscrypt-proxy[852917]: Firefox workaround initialized
May 19 18:07:06.063086 osdx dnscrypt-proxy[852917]: Loading the set of cloaking rules from [/tmp/tmp7wpectoz]
May 19 18:07:06.188688 osdx dnscrypt-proxy[852917]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 19 18:07:06.188708 osdx dnscrypt-proxy[852917]: [RD] OK (DoH) - rtt: 111ms
May 19 18:07:06.188717 osdx dnscrypt-proxy[852917]: Server with the lowest initial latency: RD (rtt: 111ms)
May 19 18:07:06.188721 osdx dnscrypt-proxy[852917]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:06.211683 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

May 19 18:07:12.000262 osdx systemd-timedated[780476]: Changed local time to Tue 2026-05-19 18:07:12 UTC
May 19 18:07:12.001249 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'set date 2026-05-19 18:07:12'.
May 19 18:07:12.001901 osdx systemd-journald[505760]: Time jumped backwards, rotating.
May 19 18:07:12.286048 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:12.289948 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:12.290005 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:12.295164 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:12.488463 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 18:07:12.683496 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:12.760850 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:12.829938 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:12.886867 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:12.977496 osdx ubnt-cfgd[854665]: inactive
May 19 18:07:12.996198 osdx INFO[854672]: FRR daemons did not change
May 19 18:07:13.021930 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:13.065325 osdx WARNING[854743]: No supported link modes on interface eth0
May 19 18:07:13.066673 osdx modulelauncher[854743]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:13.066685 osdx modulelauncher[854743]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:13.067809 osdx modulelauncher[854743]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:13.067816 osdx modulelauncher[854743]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:13.280847 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:13.281998 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:13.304655 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:13.442516 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 18:07:13.504667 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 18:07:13.632988 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:13.686859 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:13.781917 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:13.839642 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:13.942692 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:14.035711 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:14.084836 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 19 18:07:14.179176 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:14.254462 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:14.327187 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:14.391623 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:14.477442 osdx ubnt-cfgd[854857]: inactive
May 19 18:07:14.498784 osdx INFO[854866]: FRR daemons did not change
May 19 18:07:14.512013 osdx ca-certificates[854882]: Updating certificates in /etc/ssl/certs...
May 19 18:07:14.977277 osdx ubnt-cfgd[855894]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:14.984309 osdx ca-certificates[855899]: 1 added, 0 removed; done.
May 19 18:07:14.987728 osdx ca-certificates[855906]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:14.990336 osdx ca-certificates[855908]: done.
May 19 18:07:15.062180 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:15.067868 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:15.068305 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:15.080877 osdx dnscrypt-proxy[855912]: dnscrypt-proxy 2.0.45
May 19 18:07:15.080933 osdx dnscrypt-proxy[855912]: Network connectivity detected
May 19 18:07:15.081591 osdx dnscrypt-proxy[855912]: Dropping privileges
May 19 18:07:15.082780 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:15.083901 osdx dnscrypt-proxy[855912]: Network connectivity detected
May 19 18:07:15.083929 osdx dnscrypt-proxy[855912]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:15.083933 osdx dnscrypt-proxy[855912]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:15.083947 osdx dnscrypt-proxy[855912]: Firefox workaround initialized
May 19 18:07:15.083952 osdx dnscrypt-proxy[855912]: Loading the set of cloaking rules from [/tmp/tmpdfu6risa]
May 19 18:07:15.207284 osdx dnscrypt-proxy[855912]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 19 18:07:15.207301 osdx dnscrypt-proxy[855912]: [RD] OK (DoH) - rtt: 109ms
May 19 18:07:15.207311 osdx dnscrypt-proxy[855912]: Server with the lowest initial latency: RD (rtt: 109ms)
May 19 18:07:15.207315 osdx dnscrypt-proxy[855912]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:15.231925 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

May 19 18:07:15.417654 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:15.418036 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:15.418065 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:15.429249 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:15.656312 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:15.707859 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:07:15.819467 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:07:15.875095 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:15.966105 osdx ubnt-cfgd[855966]: inactive
May 19 18:07:15.985810 osdx dnscrypt-proxy[855912]: Stopped.
May 19 18:07:15.985836 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:07:15.986667 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:07:15.986779 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:16.041613 osdx WARNING[856030]: No supported link modes on interface eth0
May 19 18:07:16.042905 osdx modulelauncher[856030]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:16.042916 osdx modulelauncher[856030]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:16.044051 osdx modulelauncher[856030]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:16.044061 osdx modulelauncher[856030]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:16.059646 osdx ca-certificates[856053]: Clearing symlinks in /etc/ssl/certs...
May 19 18:07:16.308933 osdx ca-certificates[856630]: done.
May 19 18:07:16.311635 osdx ca-certificates[856639]: Updating certificates in /etc/ssl/certs...
May 19 18:07:16.721834 osdx ubnt-cfgd[857497]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:16.729548 osdx ca-certificates[857503]: 142 added, 0 removed; done.
May 19 18:07:16.732207 osdx ca-certificates[857509]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:16.734723 osdx ca-certificates[857511]: done.
May 19 18:07:16.776182 osdx INFO[857523]: FRR daemons did not change
May 19 18:07:16.887517 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:16.888077 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:16.908118 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:18.019269 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:18.072315 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:18.168156 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:18.225685 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:18.316414 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:18.368218 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:18.455018 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 19 18:07:18.503952 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:18.624817 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:18.674008 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:18.782218 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:18.837713 osdx ubnt-cfgd[857576]: inactive
May 19 18:07:18.858880 osdx INFO[857585]: FRR daemons did not change
May 19 18:07:18.870336 osdx ca-certificates[857601]: Updating certificates in /etc/ssl/certs...
May 19 18:07:19.339506 osdx ubnt-cfgd[858613]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:19.346971 osdx ca-certificates[858619]: 1 added, 0 removed; done.
May 19 18:07:19.349678 osdx ca-certificates[858625]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:19.352216 osdx ca-certificates[858627]: done.
May 19 18:07:19.405905 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:19.447623 osdx WARNING[858696]: No supported link modes on interface eth0
May 19 18:07:19.448945 osdx modulelauncher[858696]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:19.448957 osdx modulelauncher[858696]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:19.450067 osdx modulelauncher[858696]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:19.450075 osdx modulelauncher[858696]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:19.534221 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:19.563406 osdx dnscrypt-proxy[858740]: dnscrypt-proxy 2.0.45
May 19 18:07:19.563483 osdx dnscrypt-proxy[858740]: Network connectivity detected
May 19 18:07:19.563698 osdx dnscrypt-proxy[858740]: Dropping privileges
May 19 18:07:19.565993 osdx dnscrypt-proxy[858740]: Network connectivity detected
May 19 18:07:19.566021 osdx dnscrypt-proxy[858740]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:19.566025 osdx dnscrypt-proxy[858740]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:19.566040 osdx dnscrypt-proxy[858740]: Firefox workaround initialized
May 19 18:07:19.566044 osdx dnscrypt-proxy[858740]: Loading the set of cloaking rules from [/tmp/tmpigd0ld72]
May 19 18:07:19.694792 osdx dnscrypt-proxy[858740]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 19 18:07:19.694805 osdx dnscrypt-proxy[858740]: [RD] OK (DoH) - rtt: 111ms
May 19 18:07:19.694812 osdx dnscrypt-proxy[858740]: Server with the lowest initial latency: RD (rtt: 111ms)
May 19 18:07:19.694816 osdx dnscrypt-proxy[858740]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:19.700923 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:19.701383 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:19.715859 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:19.850233 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

May 19 18:07:20.047707 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.9M, max 13.8M, 11.9M free.
May 19 18:07:20.049903 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:20.049945 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:20.056642 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:20.292166 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:20.384611 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:07:20.475166 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:07:20.541691 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:20.634143 osdx ubnt-cfgd[858828]: inactive
May 19 18:07:20.653296 osdx dnscrypt-proxy[858740]: Stopped.
May 19 18:07:20.653413 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:07:20.654244 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:07:20.654349 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:20.704760 osdx WARNING[858892]: No supported link modes on interface eth0
May 19 18:07:20.706065 osdx modulelauncher[858892]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:20.706075 osdx modulelauncher[858892]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:20.707198 osdx modulelauncher[858892]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:20.707205 osdx modulelauncher[858892]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:20.722844 osdx ca-certificates[858914]: Clearing symlinks in /etc/ssl/certs...
May 19 18:07:20.969627 osdx ca-certificates[859491]: done.
May 19 18:07:20.972319 osdx ca-certificates[859500]: Updating certificates in /etc/ssl/certs...
May 19 18:07:21.365611 osdx ubnt-cfgd[860358]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:21.373103 osdx ca-certificates[860364]: 142 added, 0 removed; done.
May 19 18:07:21.375744 osdx ca-certificates[860370]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:21.378261 osdx ca-certificates[860372]: done.
May 19 18:07:21.423495 osdx INFO[860384]: FRR daemons did not change
May 19 18:07:21.543083 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:21.592338 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:21.607527 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:22.727907 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:22.783267 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:22.875949 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:22.934377 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:23.022336 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:23.078694 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:23.177191 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 19 18:07:23.225011 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:23.341656 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:23.391428 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:23.503253 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:23.559549 osdx ubnt-cfgd[860437]: inactive
May 19 18:07:23.582816 osdx INFO[860446]: FRR daemons did not change
May 19 18:07:23.594526 osdx ca-certificates[860462]: Updating certificates in /etc/ssl/certs...
May 19 18:07:24.059870 osdx ubnt-cfgd[861474]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:24.067097 osdx ca-certificates[861480]: 1 added, 0 removed; done.
May 19 18:07:24.069793 osdx ca-certificates[861486]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:24.072370 osdx ca-certificates[861488]: done.
May 19 18:07:24.125905 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:24.165598 osdx WARNING[861557]: No supported link modes on interface eth0
May 19 18:07:24.166860 osdx modulelauncher[861557]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:24.166871 osdx modulelauncher[861557]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:24.167954 osdx modulelauncher[861557]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:24.167961 osdx modulelauncher[861557]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:24.266196 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:24.296411 osdx dnscrypt-proxy[861601]: dnscrypt-proxy 2.0.45
May 19 18:07:24.296467 osdx dnscrypt-proxy[861601]: Network connectivity detected
May 19 18:07:24.296650 osdx dnscrypt-proxy[861601]: Dropping privileges
May 19 18:07:24.298474 osdx dnscrypt-proxy[861601]: Network connectivity detected
May 19 18:07:24.298502 osdx dnscrypt-proxy[861601]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:24.298506 osdx dnscrypt-proxy[861601]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:24.298520 osdx dnscrypt-proxy[861601]: Firefox workaround initialized
May 19 18:07:24.298525 osdx dnscrypt-proxy[861601]: Loading the set of cloaking rules from [/tmp/tmpmi31e19m]
May 19 18:07:24.428727 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:24.429169 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:24.438659 osdx dnscrypt-proxy[861601]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:07:24.438682 osdx dnscrypt-proxy[861601]: [RD] OK (DoH) - rtt: 124ms
May 19 18:07:24.438691 osdx dnscrypt-proxy[861601]: Server with the lowest initial latency: RD (rtt: 124ms)
May 19 18:07:24.438697 osdx dnscrypt-proxy[861601]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:24.446653 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:24.596446 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 19 18:07:31.283042 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:31.284856 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:31.284898 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:31.291837 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:31.486186 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 18:07:31.685762 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:31.763292 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:31.831307 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:31.888275 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:31.978904 osdx ubnt-cfgd[863382]: inactive
May 19 18:07:31.998464 osdx INFO[863389]: FRR daemons did not change
May 19 18:07:32.024880 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:32.066415 osdx WARNING[863460]: No supported link modes on interface eth0
May 19 18:07:32.067749 osdx modulelauncher[863460]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:32.067761 osdx modulelauncher[863460]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:32.068867 osdx modulelauncher[863460]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:32.068875 osdx modulelauncher[863460]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:32.271695 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:32.272116 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:32.286143 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:32.423625 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 18:07:32.488431 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 18:07:32.616055 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:32.669745 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:32.764537 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:32.824079 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:32.910181 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:32.966921 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:33.054091 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:07:33.102955 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:33.218004 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:33.268283 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:33.373267 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:33.433889 osdx ubnt-cfgd[863574]: inactive
May 19 18:07:33.452919 osdx INFO[863583]: FRR daemons did not change
May 19 18:07:33.464482 osdx ca-certificates[863598]: Updating certificates in /etc/ssl/certs...
May 19 18:07:33.925116 osdx ubnt-cfgd[864611]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:33.932255 osdx ca-certificates[864617]: 1 added, 0 removed; done.
May 19 18:07:33.934891 osdx ca-certificates[864623]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:33.937485 osdx ca-certificates[864625]: done.
May 19 18:07:33.989092 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:33.995924 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:33.996338 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:34.008947 osdx dnscrypt-proxy[864629]: dnscrypt-proxy 2.0.45
May 19 18:07:34.009002 osdx dnscrypt-proxy[864629]: Network connectivity detected
May 19 18:07:34.009181 osdx dnscrypt-proxy[864629]: Dropping privileges
May 19 18:07:34.010999 osdx dnscrypt-proxy[864629]: Network connectivity detected
May 19 18:07:34.011026 osdx dnscrypt-proxy[864629]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:34.011029 osdx dnscrypt-proxy[864629]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:34.011044 osdx dnscrypt-proxy[864629]: Firefox workaround initialized
May 19 18:07:34.011053 osdx dnscrypt-proxy[864629]: Loading the set of cloaking rules from [/tmp/tmpp2huwbxr]
May 19 18:07:34.011751 osdx dnscrypt-proxy[864629]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 19 18:07:34.022649 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:34.138743 osdx dnscrypt-proxy[864629]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:07:34.138757 osdx dnscrypt-proxy[864629]: [RD] OK (DoH) - rtt: 112ms
May 19 18:07:34.138764 osdx dnscrypt-proxy[864629]: Server with the lowest initial latency: RD (rtt: 112ms)
May 19 18:07:34.138768 osdx dnscrypt-proxy[864629]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 19 18:07:41.284240 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:41.287786 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:41.287829 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:41.293026 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:41.483525 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 18:07:41.681499 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:41.759730 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:41.829081 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:41.886913 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:41.976590 osdx ubnt-cfgd[866374]: inactive
May 19 18:07:41.994633 osdx INFO[866381]: FRR daemons did not change
May 19 18:07:42.019813 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:42.064744 osdx WARNING[866452]: No supported link modes on interface eth0
May 19 18:07:42.066066 osdx modulelauncher[866452]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:42.066077 osdx modulelauncher[866452]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:42.067159 osdx modulelauncher[866452]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:42.067165 osdx modulelauncher[866452]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:42.239092 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:42.239554 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:42.256356 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:42.399928 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 18:07:42.462375 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 18:07:42.590346 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:42.645191 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:42.742293 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:42.800810 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:42.887172 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:42.939913 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:43.029326 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:07:43.078417 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:43.196578 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:43.244766 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:43.350754 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:43.408017 osdx ubnt-cfgd[866566]: inactive
May 19 18:07:43.428377 osdx INFO[866575]: FRR daemons did not change
May 19 18:07:43.439384 osdx ca-certificates[866591]: Updating certificates in /etc/ssl/certs...
May 19 18:07:43.905212 osdx ubnt-cfgd[867603]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:43.912393 osdx ca-certificates[867610]: 1 added, 0 removed; done.
May 19 18:07:43.915024 osdx ca-certificates[867615]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:43.917607 osdx ca-certificates[867617]: done.
May 19 18:07:43.992588 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:44.002601 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:44.003034 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:44.014312 osdx dnscrypt-proxy[867621]: dnscrypt-proxy 2.0.45
May 19 18:07:44.014367 osdx dnscrypt-proxy[867621]: Network connectivity detected
May 19 18:07:44.014544 osdx dnscrypt-proxy[867621]: Dropping privileges
May 19 18:07:44.016345 osdx dnscrypt-proxy[867621]: Network connectivity detected
May 19 18:07:44.016374 osdx dnscrypt-proxy[867621]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:44.016378 osdx dnscrypt-proxy[867621]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:44.016392 osdx dnscrypt-proxy[867621]: Firefox workaround initialized
May 19 18:07:44.016397 osdx dnscrypt-proxy[867621]: Loading the set of cloaking rules from [/tmp/tmpldf08bew]
May 19 18:07:44.017177 osdx dnscrypt-proxy[867621]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 19 18:07:44.020120 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 19 18:07:44.244835 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:44.247788 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:44.247835 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:44.253566 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:44.490804 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:44.541275 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:07:44.649248 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:07:44.705728 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:44.796766 osdx ubnt-cfgd[867673]: inactive
May 19 18:07:44.817052 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:07:44.817280 osdx dnscrypt-proxy[867621]: Stopped.
May 19 18:07:44.817968 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:07:44.818070 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:44.876238 osdx WARNING[867737]: No supported link modes on interface eth0
May 19 18:07:44.877630 osdx modulelauncher[867737]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:44.877643 osdx modulelauncher[867737]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:44.878805 osdx modulelauncher[867737]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:44.878814 osdx modulelauncher[867737]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:44.895007 osdx ca-certificates[867759]: Clearing symlinks in /etc/ssl/certs...
May 19 18:07:45.156853 osdx ca-certificates[868336]: done.
May 19 18:07:45.159513 osdx ca-certificates[868345]: Updating certificates in /etc/ssl/certs...
May 19 18:07:45.553993 osdx ubnt-cfgd[869203]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:45.561946 osdx ca-certificates[869209]: 142 added, 0 removed; done.
May 19 18:07:45.564690 osdx ca-certificates[869215]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:45.567323 osdx ca-certificates[869217]: done.
May 19 18:07:45.609947 osdx INFO[869229]: FRR daemons did not change
May 19 18:07:45.722873 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:45.723313 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:45.741420 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:46.867368 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:46.921069 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:47.016833 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:47.075170 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:47.167045 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:47.221223 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:47.311674 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 19 18:07:47.362673 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:47.482535 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:47.531858 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:47.636209 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:47.698448 osdx ubnt-cfgd[869282]: inactive
May 19 18:07:47.719192 osdx INFO[869291]: FRR daemons did not change
May 19 18:07:47.731138 osdx ca-certificates[869307]: Updating certificates in /etc/ssl/certs...
May 19 18:07:48.195865 osdx ubnt-cfgd[870319]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:48.203330 osdx ca-certificates[870325]: 1 added, 0 removed; done.
May 19 18:07:48.206007 osdx ca-certificates[870331]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:48.208547 osdx ca-certificates[870333]: done.
May 19 18:07:48.287798 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:48.328144 osdx WARNING[870402]: No supported link modes on interface eth0
May 19 18:07:48.329493 osdx modulelauncher[870402]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:48.329505 osdx modulelauncher[870402]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:48.330634 osdx modulelauncher[870402]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:48.330644 osdx modulelauncher[870402]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:48.420194 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:48.443991 osdx dnscrypt-proxy[870446]: dnscrypt-proxy 2.0.45
May 19 18:07:48.444048 osdx dnscrypt-proxy[870446]: Network connectivity detected
May 19 18:07:48.444211 osdx dnscrypt-proxy[870446]: Dropping privileges
May 19 18:07:48.446331 osdx dnscrypt-proxy[870446]: Network connectivity detected
May 19 18:07:48.446365 osdx dnscrypt-proxy[870446]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:48.446369 osdx dnscrypt-proxy[870446]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:48.446391 osdx dnscrypt-proxy[870446]: Firefox workaround initialized
May 19 18:07:48.446396 osdx dnscrypt-proxy[870446]: Loading the set of cloaking rules from [/tmp/tmpf5wip0eo]
May 19 18:07:48.447350 osdx dnscrypt-proxy[870446]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 19 18:07:48.578969 osdx dnscrypt-proxy[870446]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:07:48.578986 osdx dnscrypt-proxy[870446]: [RD] OK (DoH) - rtt: 115ms
May 19 18:07:48.578993 osdx dnscrypt-proxy[870446]: Server with the lowest initial latency: RD (rtt: 115ms)
May 19 18:07:48.578999 osdx dnscrypt-proxy[870446]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:48.594687 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:48.595135 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:48.621648 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 19 18:07:48.874915 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:07:48.875786 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:07:48.875830 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:07:48.883591 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:07:49.136601 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:49.212819 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:07:49.362729 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:07:49.422808 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:49.514669 osdx ubnt-cfgd[870531]: inactive
May 19 18:07:49.534223 osdx dnscrypt-proxy[870446]: Stopped.
May 19 18:07:49.534260 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:07:49.534908 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:07:49.535012 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:49.589368 osdx WARNING[870595]: No supported link modes on interface eth0
May 19 18:07:49.590614 osdx modulelauncher[870595]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:49.590625 osdx modulelauncher[870595]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:49.591687 osdx modulelauncher[870595]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:49.591694 osdx modulelauncher[870595]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:49.607834 osdx ca-certificates[870617]: Clearing symlinks in /etc/ssl/certs...
May 19 18:07:49.861271 osdx ca-certificates[871195]: done.
May 19 18:07:49.864272 osdx ca-certificates[871205]: Updating certificates in /etc/ssl/certs...
May 19 18:07:50.275243 osdx ubnt-cfgd[872062]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:50.282975 osdx ca-certificates[872067]: 142 added, 0 removed; done.
May 19 18:07:50.285651 osdx ca-certificates[872074]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:50.288208 osdx ca-certificates[872076]: done.
May 19 18:07:50.333561 osdx INFO[872088]: FRR daemons did not change
May 19 18:07:50.474731 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:50.503567 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:50.534854 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:07:51.648253 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:07:51.702593 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:07:51.796786 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:07:51.894420 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:07:51.945218 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:07:52.039137 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:07:52.087765 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:07:52.180811 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 19 18:07:52.230703 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:07:52.351734 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:07:52.402067 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:07:52.506510 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:07:52.562458 osdx ubnt-cfgd[872142]: inactive
May 19 18:07:52.583614 osdx INFO[872151]: FRR daemons did not change
May 19 18:07:52.594713 osdx ca-certificates[872167]: Updating certificates in /etc/ssl/certs...
May 19 18:07:53.058073 osdx ubnt-cfgd[873179]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:07:53.065186 osdx ca-certificates[873185]: 1 added, 0 removed; done.
May 19 18:07:53.067852 osdx ca-certificates[873191]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:07:53.070381 osdx ca-certificates[873193]: done.
May 19 18:07:53.095796 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:07:53.143104 osdx WARNING[873262]: No supported link modes on interface eth0
May 19 18:07:53.144581 osdx modulelauncher[873262]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:07:53.144595 osdx modulelauncher[873262]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:07:53.146141 osdx modulelauncher[873262]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:07:53.146151 osdx modulelauncher[873262]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:07:53.252462 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:07:53.296585 osdx dnscrypt-proxy[873306]: dnscrypt-proxy 2.0.45
May 19 18:07:53.296641 osdx dnscrypt-proxy[873306]: Network connectivity detected
May 19 18:07:53.296806 osdx dnscrypt-proxy[873306]: Dropping privileges
May 19 18:07:53.299199 osdx dnscrypt-proxy[873306]: Network connectivity detected
May 19 18:07:53.299233 osdx dnscrypt-proxy[873306]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:07:53.299238 osdx dnscrypt-proxy[873306]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:07:53.299257 osdx dnscrypt-proxy[873306]: Firefox workaround initialized
May 19 18:07:53.299263 osdx dnscrypt-proxy[873306]: Loading the set of cloaking rules from [/tmp/tmpu3ad5e47]
May 19 18:07:53.300533 osdx dnscrypt-proxy[873306]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 19 18:07:53.427141 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:07:53.427624 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:07:53.432124 osdx dnscrypt-proxy[873306]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:07:53.432152 osdx dnscrypt-proxy[873306]: [RD] OK (DoH) - rtt: 113ms
May 19 18:07:53.432162 osdx dnscrypt-proxy[873306]: Server with the lowest initial latency: RD (rtt: 113ms)
May 19 18:07:53.432167 osdx dnscrypt-proxy[873306]: dnscrypt-proxy is ready - live servers: 1
May 19 18:07:53.454427 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

May 19 18:08:00.286817 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:00.288702 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:00.288760 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:00.296348 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:00.487705 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 18:08:00.727025 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:00.805315 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:00.874136 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:00.933448 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:01.023895 osdx ubnt-cfgd[875083]: inactive
May 19 18:08:01.042851 osdx INFO[875090]: FRR daemons did not change
May 19 18:08:01.068618 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:01.112929 osdx WARNING[875161]: No supported link modes on interface eth0
May 19 18:08:01.114532 osdx modulelauncher[875161]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:01.114542 osdx modulelauncher[875161]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:01.115638 osdx modulelauncher[875161]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:01.115645 osdx modulelauncher[875161]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:01.323543 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:01.324021 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:01.338419 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:01.483399 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 18:08:01.544428 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 18:08:01.676874 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:02.180320 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:02.233133 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:02.337930 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:02.388618 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:02.483800 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:02.531712 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:08:02.626553 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 19 18:08:02.676584 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:02.797418 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:02.845373 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:02.956308 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:03.012226 osdx ubnt-cfgd[875276]: inactive
May 19 18:08:03.031504 osdx INFO[875285]: FRR daemons did not change
May 19 18:08:03.042989 osdx ca-certificates[875301]: Updating certificates in /etc/ssl/certs...
May 19 18:08:03.502401 osdx ubnt-cfgd[876313]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:03.509472 osdx ca-certificates[876319]: 1 added, 0 removed; done.
May 19 18:08:03.512124 osdx ca-certificates[876325]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:03.514700 osdx ca-certificates[876327]: done.
May 19 18:08:03.568948 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:03.578414 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:03.579010 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:03.595137 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:03.600607 osdx dnscrypt-proxy[876331]: dnscrypt-proxy 2.0.45
May 19 18:08:03.600662 osdx dnscrypt-proxy[876331]: Network connectivity detected
May 19 18:08:03.600843 osdx dnscrypt-proxy[876331]: Dropping privileges
May 19 18:08:03.602542 osdx dnscrypt-proxy[876331]: Network connectivity detected
May 19 18:08:03.602569 osdx dnscrypt-proxy[876331]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:03.602572 osdx dnscrypt-proxy[876331]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:03.602586 osdx dnscrypt-proxy[876331]: Firefox workaround initialized
May 19 18:08:03.602590 osdx dnscrypt-proxy[876331]: Loading the set of cloaking rules from [/tmp/tmpq_4vxgwv]
May 19 18:08:03.726826 osdx dnscrypt-proxy[876331]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 19 18:08:03.726841 osdx dnscrypt-proxy[876331]: [RD] OK (DoH) - rtt: 108ms
May 19 18:08:03.726849 osdx dnscrypt-proxy[876331]: Server with the lowest initial latency: RD (rtt: 108ms)
May 19 18:08:03.726854 osdx dnscrypt-proxy[876331]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:03.739368 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

May 19 18:08:03.927962 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:03.928611 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:03.928658 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:03.937122 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:04.176706 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:04.228426 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:08:04.337693 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:08:04.394659 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:04.484153 osdx ubnt-cfgd[876385]: inactive
May 19 18:08:04.505028 osdx dnscrypt-proxy[876331]: Stopped.
May 19 18:08:04.505058 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:08:04.505952 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:08:04.506054 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:04.564425 osdx WARNING[876449]: No supported link modes on interface eth0
May 19 18:08:04.565693 osdx modulelauncher[876449]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:04.565704 osdx modulelauncher[876449]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:04.566813 osdx modulelauncher[876449]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:04.566820 osdx modulelauncher[876449]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:04.583684 osdx ca-certificates[876471]: Clearing symlinks in /etc/ssl/certs...
May 19 18:08:04.872467 osdx ca-certificates[877049]: done.
May 19 18:08:04.875783 osdx ca-certificates[877058]: Updating certificates in /etc/ssl/certs...
May 19 18:08:05.298715 osdx ubnt-cfgd[877915]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:05.306077 osdx ca-certificates[877921]: 142 added, 0 removed; done.
May 19 18:08:05.308759 osdx ca-certificates[877927]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:05.311332 osdx ca-certificates[877929]: done.
May 19 18:08:05.353412 osdx INFO[877941]: FRR daemons did not change
May 19 18:08:05.487386 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:05.487822 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:05.502540 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:06.633028 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:07.136368 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:07.188717 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:07.292075 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:07.342852 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:07.439338 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:07.486811 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:08:07.583124 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 19 18:08:07.632350 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:07.752421 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:07.801426 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:07.910357 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:07.966525 osdx ubnt-cfgd[877995]: inactive
May 19 18:08:07.988055 osdx INFO[878004]: FRR daemons did not change
May 19 18:08:07.998703 osdx ca-certificates[878020]: Updating certificates in /etc/ssl/certs...
May 19 18:08:08.453955 osdx ubnt-cfgd[879032]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:08.461075 osdx ca-certificates[879038]: 1 added, 0 removed; done.
May 19 18:08:08.463717 osdx ca-certificates[879044]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:08.466288 osdx ca-certificates[879046]: done.
May 19 18:08:08.492619 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:08.539992 osdx WARNING[879115]: No supported link modes on interface eth0
May 19 18:08:08.541249 osdx modulelauncher[879115]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:08.541260 osdx modulelauncher[879115]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:08.542436 osdx modulelauncher[879115]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:08.542443 osdx modulelauncher[879115]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:08.645105 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:08.669017 osdx dnscrypt-proxy[879159]: dnscrypt-proxy 2.0.45
May 19 18:08:08.669071 osdx dnscrypt-proxy[879159]: Network connectivity detected
May 19 18:08:08.669241 osdx dnscrypt-proxy[879159]: Dropping privileges
May 19 18:08:08.671423 osdx dnscrypt-proxy[879159]: Network connectivity detected
May 19 18:08:08.671452 osdx dnscrypt-proxy[879159]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:08.671455 osdx dnscrypt-proxy[879159]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:08.671470 osdx dnscrypt-proxy[879159]: Firefox workaround initialized
May 19 18:08:08.671475 osdx dnscrypt-proxy[879159]: Loading the set of cloaking rules from [/tmp/tmpqt_iex6n]
May 19 18:08:08.798595 osdx dnscrypt-proxy[879159]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 19 18:08:08.798610 osdx dnscrypt-proxy[879159]: [RD] OK (DoH) - rtt: 111ms
May 19 18:08:08.798619 osdx dnscrypt-proxy[879159]: Server with the lowest initial latency: RD (rtt: 111ms)
May 19 18:08:08.798622 osdx dnscrypt-proxy[879159]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:08.847730 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:08.848898 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:08.871366 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:09.020932 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

May 19 18:08:09.222842 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:09.224615 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:09.224657 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:09.231597 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:09.458482 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:09.554029 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:08:09.654848 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:08:09.709963 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:09.800625 osdx ubnt-cfgd[879243]: inactive
May 19 18:08:09.819679 osdx dnscrypt-proxy[879159]: Stopped.
May 19 18:08:09.819732 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:08:09.820417 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:08:09.820526 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:09.876955 osdx WARNING[879307]: No supported link modes on interface eth0
May 19 18:08:09.878282 osdx modulelauncher[879307]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:09.878293 osdx modulelauncher[879307]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:09.879491 osdx modulelauncher[879307]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:09.879499 osdx modulelauncher[879307]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:09.900077 osdx ca-certificates[879329]: Clearing symlinks in /etc/ssl/certs...
May 19 18:08:10.150984 osdx ca-certificates[879906]: done.
May 19 18:08:10.154563 osdx ca-certificates[879915]: Updating certificates in /etc/ssl/certs...
May 19 18:08:10.722177 osdx ubnt-cfgd[880773]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:10.729559 osdx ca-certificates[880779]: 142 added, 0 removed; done.
May 19 18:08:10.732170 osdx ca-certificates[880785]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:10.734717 osdx ca-certificates[880787]: done.
May 19 18:08:10.780843 osdx INFO[880799]: FRR daemons did not change
May 19 18:08:10.871039 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:10.871933 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:10.894699 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:12.075189 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:12.583624 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:12.635555 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:12.736570 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:12.787410 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:12.883570 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:12.931955 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 19 18:08:13.027074 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 19 18:08:13.075939 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:13.195560 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:13.244833 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:13.345371 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:13.404821 osdx ubnt-cfgd[880853]: inactive
May 19 18:08:13.426090 osdx INFO[880862]: FRR daemons did not change
May 19 18:08:13.438539 osdx ca-certificates[880877]: Updating certificates in /etc/ssl/certs...
May 19 18:08:13.931731 osdx ubnt-cfgd[881890]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:13.939626 osdx ca-certificates[881895]: 1 added, 0 removed; done.
May 19 18:08:13.943316 osdx ca-certificates[881902]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:13.947026 osdx ca-certificates[881904]: done.
May 19 18:08:13.988611 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:14.032816 osdx WARNING[881973]: No supported link modes on interface eth0
May 19 18:08:14.034060 osdx modulelauncher[881973]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:14.034071 osdx modulelauncher[881973]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:14.035127 osdx modulelauncher[881973]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:14.035134 osdx modulelauncher[881973]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:14.144991 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:14.164537 osdx dnscrypt-proxy[882017]: dnscrypt-proxy 2.0.45
May 19 18:08:14.164620 osdx dnscrypt-proxy[882017]: Network connectivity detected
May 19 18:08:14.164825 osdx dnscrypt-proxy[882017]: Dropping privileges
May 19 18:08:14.167709 osdx dnscrypt-proxy[882017]: Network connectivity detected
May 19 18:08:14.167740 osdx dnscrypt-proxy[882017]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:14.167744 osdx dnscrypt-proxy[882017]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:14.167759 osdx dnscrypt-proxy[882017]: Firefox workaround initialized
May 19 18:08:14.167763 osdx dnscrypt-proxy[882017]: Loading the set of cloaking rules from [/tmp/tmpv5e__vo3]
May 19 18:08:14.301501 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:14.302382 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:14.308987 osdx dnscrypt-proxy[882017]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:08:14.309014 osdx dnscrypt-proxy[882017]: [RD] OK (DoH) - rtt: 125ms
May 19 18:08:14.309027 osdx dnscrypt-proxy[882017]: Server with the lowest initial latency: RD (rtt: 125ms)
May 19 18:08:14.309035 osdx dnscrypt-proxy[882017]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:14.322458 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:14.467366 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

May 19 18:08:14.667969 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:14.668626 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:14.668668 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:14.677141 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:14.913474 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:15.009077 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:08:15.095098 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:08:15.163391 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:15.255624 osdx ubnt-cfgd[882104]: inactive
May 19 18:08:15.275025 osdx dnscrypt-proxy[882017]: Stopped.
May 19 18:08:15.275046 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:08:15.275846 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:08:15.275947 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:15.326656 osdx WARNING[882168]: No supported link modes on interface eth0
May 19 18:08:15.328012 osdx modulelauncher[882168]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:15.328022 osdx modulelauncher[882168]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:15.329151 osdx modulelauncher[882168]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:15.329157 osdx modulelauncher[882168]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:15.344692 osdx ca-certificates[882190]: Clearing symlinks in /etc/ssl/certs...
May 19 18:08:15.591896 osdx ca-certificates[882767]: done.
May 19 18:08:15.594592 osdx ca-certificates[882777]: Updating certificates in /etc/ssl/certs...
May 19 18:08:15.989991 osdx ubnt-cfgd[883634]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:15.997635 osdx ca-certificates[883640]: 142 added, 0 removed; done.
May 19 18:08:16.000374 osdx ca-certificates[883646]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:16.002980 osdx ca-certificates[883648]: done.
May 19 18:08:16.044742 osdx INFO[883660]: FRR daemons did not change
May 19 18:08:16.139462 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:16.185126 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:16.205253 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:17.341940 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:17.848840 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:17.900439 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:17.999968 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:18.050260 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:18.148416 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:18.196093 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 19 18:08:18.292186 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 19 18:08:18.341369 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:18.459135 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:18.508098 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:18.613068 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:18.671938 osdx ubnt-cfgd[883714]: inactive
May 19 18:08:18.692666 osdx INFO[883723]: FRR daemons did not change
May 19 18:08:18.703803 osdx ca-certificates[883739]: Updating certificates in /etc/ssl/certs...
May 19 18:08:19.171508 osdx ubnt-cfgd[884751]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:19.179674 osdx ca-certificates[884757]: 1 added, 0 removed; done.
May 19 18:08:19.182588 osdx ca-certificates[884763]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:19.185392 osdx ca-certificates[884765]: done.
May 19 18:08:19.212632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:19.261660 osdx WARNING[884834]: No supported link modes on interface eth0
May 19 18:08:19.263049 osdx modulelauncher[884834]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:19.263061 osdx modulelauncher[884834]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:19.264229 osdx modulelauncher[884834]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:19.264238 osdx modulelauncher[884834]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:19.369020 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:19.393154 osdx dnscrypt-proxy[884878]: dnscrypt-proxy 2.0.45
May 19 18:08:19.393223 osdx dnscrypt-proxy[884878]: Network connectivity detected
May 19 18:08:19.393431 osdx dnscrypt-proxy[884878]: Dropping privileges
May 19 18:08:19.395680 osdx dnscrypt-proxy[884878]: Network connectivity detected
May 19 18:08:19.395895 osdx dnscrypt-proxy[884878]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:19.395900 osdx dnscrypt-proxy[884878]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:19.395923 osdx dnscrypt-proxy[884878]: Firefox workaround initialized
May 19 18:08:19.395929 osdx dnscrypt-proxy[884878]: Loading the set of cloaking rules from [/tmp/tmp0a8o88ih]
May 19 18:08:19.523547 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:19.524042 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:19.534858 osdx dnscrypt-proxy[884878]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 19 18:08:19.534876 osdx dnscrypt-proxy[884878]: [RD] OK (DoH) - rtt: 120ms
May 19 18:08:19.534885 osdx dnscrypt-proxy[884878]: Server with the lowest initial latency: RD (rtt: 120ms)
May 19 18:08:19.534889 osdx dnscrypt-proxy[884878]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:19.538840 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:19.683782 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

May 19 18:08:19.887777 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:19.888849 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:19.888888 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:19.897068 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:20.140889 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:20.231847 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:08:20.318020 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:08:20.382508 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:20.470574 osdx ubnt-cfgd[884965]: inactive
May 19 18:08:20.489774 osdx dnscrypt-proxy[884878]: Stopped.
May 19 18:08:20.489968 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:08:20.490844 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:08:20.490948 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:20.541915 osdx WARNING[885029]: No supported link modes on interface eth0
May 19 18:08:20.543208 osdx modulelauncher[885029]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:20.543219 osdx modulelauncher[885029]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:20.544281 osdx modulelauncher[885029]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:20.544287 osdx modulelauncher[885029]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:20.560164 osdx ca-certificates[885051]: Clearing symlinks in /etc/ssl/certs...
May 19 18:08:20.814951 osdx ca-certificates[885628]: done.
May 19 18:08:20.818119 osdx ca-certificates[885637]: Updating certificates in /etc/ssl/certs...
May 19 18:08:21.215778 osdx ubnt-cfgd[886495]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:21.223289 osdx ca-certificates[886501]: 142 added, 0 removed; done.
May 19 18:08:21.225990 osdx ca-certificates[886507]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:21.228646 osdx ca-certificates[886509]: done.
May 19 18:08:21.270611 osdx INFO[886521]: FRR daemons did not change
May 19 18:08:21.388112 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:21.422881 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:21.439130 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:22.545463 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:23.071592 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:23.122252 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:23.220232 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:23.271040 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:23.367813 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:23.415537 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 19 18:08:23.512074 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 19 18:08:23.560815 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:23.679454 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:23.728381 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:23.830822 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:23.891286 osdx ubnt-cfgd[886575]: inactive
May 19 18:08:23.912146 osdx INFO[886584]: FRR daemons did not change
May 19 18:08:23.922940 osdx ca-certificates[886600]: Updating certificates in /etc/ssl/certs...
May 19 18:08:24.384404 osdx ubnt-cfgd[887612]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:24.391427 osdx ca-certificates[887618]: 1 added, 0 removed; done.
May 19 18:08:24.394108 osdx ca-certificates[887624]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:24.396655 osdx ca-certificates[887626]: done.
May 19 18:08:24.424614 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:24.467401 osdx WARNING[887695]: No supported link modes on interface eth0
May 19 18:08:24.468726 osdx modulelauncher[887695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:24.468739 osdx modulelauncher[887695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:24.469928 osdx modulelauncher[887695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:24.469938 osdx modulelauncher[887695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:24.592993 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:24.617245 osdx dnscrypt-proxy[887739]: dnscrypt-proxy 2.0.45
May 19 18:08:24.617297 osdx dnscrypt-proxy[887739]: Network connectivity detected
May 19 18:08:24.617462 osdx dnscrypt-proxy[887739]: Dropping privileges
May 19 18:08:24.622557 osdx dnscrypt-proxy[887739]: Network connectivity detected
May 19 18:08:24.622588 osdx dnscrypt-proxy[887739]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:24.622592 osdx dnscrypt-proxy[887739]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:24.622607 osdx dnscrypt-proxy[887739]: Firefox workaround initialized
May 19 18:08:24.622611 osdx dnscrypt-proxy[887739]: Loading the set of cloaking rules from [/tmp/tmpp1joq8ae]
May 19 18:08:24.762803 osdx dnscrypt-proxy[887739]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 19 18:08:24.762817 osdx dnscrypt-proxy[887739]: [RD] OK (DoH) - rtt: 121ms
May 19 18:08:24.762824 osdx dnscrypt-proxy[887739]: Server with the lowest initial latency: RD (rtt: 121ms)
May 19 18:08:24.762828 osdx dnscrypt-proxy[887739]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:24.763506 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:24.763965 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:24.778683 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:24.913014 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

May 19 18:08:25.120867 osdx systemd-journald[505760]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free.
May 19 18:08:25.124614 osdx systemd-journald[505760]: Received client request to rotate journal, rotating.
May 19 18:08:25.124656 osdx systemd-journald[505760]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943.
May 19 18:08:25.129614 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'system journal clear'.
May 19 18:08:25.361782 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:25.413419 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'delete '.
May 19 18:08:25.553020 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 19 18:08:25.617695 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:25.711235 osdx ubnt-cfgd[887825]: inactive
May 19 18:08:25.730211 osdx dnscrypt-proxy[887739]: Stopped.
May 19 18:08:25.730273 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 19 18:08:25.731153 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 19 18:08:25.731262 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:25.785738 osdx WARNING[887889]: No supported link modes on interface eth0
May 19 18:08:25.787018 osdx modulelauncher[887889]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:25.787029 osdx modulelauncher[887889]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:25.788091 osdx modulelauncher[887889]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:25.788098 osdx modulelauncher[887889]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:25.803802 osdx ca-certificates[887911]: Clearing symlinks in /etc/ssl/certs...
May 19 18:08:26.051198 osdx ca-certificates[888488]: done.
May 19 18:08:26.054088 osdx ca-certificates[888498]: Updating certificates in /etc/ssl/certs...
May 19 18:08:26.448932 osdx ubnt-cfgd[889355]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:26.456703 osdx ca-certificates[889360]: 142 added, 0 removed; done.
May 19 18:08:26.459383 osdx ca-certificates[889367]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:26.461939 osdx ca-certificates[889369]: done.
May 19 18:08:26.504415 osdx INFO[889381]: FRR daemons did not change
May 19 18:08:26.599292 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:26.658509 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:26.672784 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:27.773908 osdx OSDxCLI[673163]: User 'admin' entered the configuration menu.
May 19 18:08:28.276229 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 19 18:08:28.328128 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 19 18:08:28.433922 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 19 18:08:28.485109 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 19 18:08:28.582822 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3fa6a7cd749d822eac8d17037f1600eb6339d7b285a5edb3613f8a2148729baa'.
May 19 18:08:28.632579 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 19 18:08:28.729080 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 19 18:08:28.779472 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 19 18:08:28.900081 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 19 18:08:28.949586 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 19 18:08:29.056645 osdx OSDxCLI[673163]: User 'admin' added a new cfg line: 'show working'.
May 19 18:08:29.115701 osdx ubnt-cfgd[889435]: inactive
May 19 18:08:29.136980 osdx INFO[889444]: FRR daemons did not change
May 19 18:08:29.148365 osdx ca-certificates[889460]: Updating certificates in /etc/ssl/certs...
May 19 18:08:29.623409 osdx ubnt-cfgd[890472]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 19 18:08:29.630425 osdx ca-certificates[890478]: 1 added, 0 removed; done.
May 19 18:08:29.633075 osdx ca-certificates[890484]: Running hooks in /etc/ca-certificates/update.d...
May 19 18:08:29.635594 osdx ca-certificates[890486]: done.
May 19 18:08:29.664618 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 19 18:08:29.709552 osdx WARNING[890555]: No supported link modes on interface eth0
May 19 18:08:29.710844 osdx modulelauncher[890555]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 19 18:08:29.710854 osdx modulelauncher[890555]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 19 18:08:29.711927 osdx modulelauncher[890555]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
May 19 18:08:29.711937 osdx modulelauncher[890555]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
May 19 18:08:29.804832 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 19 18:08:29.825768 osdx dnscrypt-proxy[890599]: dnscrypt-proxy 2.0.45
May 19 18:08:29.825830 osdx dnscrypt-proxy[890599]: Network connectivity detected
May 19 18:08:29.826000 osdx dnscrypt-proxy[890599]: Dropping privileges
May 19 18:08:29.827810 osdx dnscrypt-proxy[890599]: Network connectivity detected
May 19 18:08:29.827837 osdx dnscrypt-proxy[890599]: Now listening to 127.0.0.1:53 [UDP]
May 19 18:08:29.827840 osdx dnscrypt-proxy[890599]: Now listening to 127.0.0.1:53 [TCP]
May 19 18:08:29.827853 osdx dnscrypt-proxy[890599]: Firefox workaround initialized
May 19 18:08:29.827858 osdx dnscrypt-proxy[890599]: Loading the set of cloaking rules from [/tmp/tmpulj0u7p8]
May 19 18:08:29.961211 osdx dnscrypt-proxy[890599]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 19 18:08:29.961225 osdx dnscrypt-proxy[890599]: [RD] OK (DoH) - rtt: 119ms
May 19 18:08:29.961233 osdx dnscrypt-proxy[890599]: Server with the lowest initial latency: RD (rtt: 119ms)
May 19 18:08:29.961236 osdx dnscrypt-proxy[890599]: dnscrypt-proxy is ready - live servers: 1
May 19 18:08:30.003574 osdx cfgd[1918]: [673163]Completed change to active configuration
May 19 18:08:30.004731 osdx OSDxCLI[673163]: User 'admin' committed the configuration.
May 19 18:08:30.030588 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
May 19 18:08:30.035696 osdx OSDxCLI[673163]: User 'admin' left the configuration menu.
May 19 18:08:30.185582 osdx OSDxCLI[673163]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---