Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

Jun 03 18:13:43.301166 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:13:43.303354 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:13:43.303419 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:13:43.311296 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:13:43.534334 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 03 18:13:43.823447 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:13:43.925441 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:13:44.013845 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:13:44.163125 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:13:44.270995 osdx ubnt-cfgd[899213]: inactive
Jun 03 18:13:44.299259 osdx INFO[899220]: FRR daemons did not change
Jun 03 18:13:44.335361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:13:44.387530 osdx WARNING[899291]: No supported link modes on interface eth0
Jun 03 18:13:44.389540 osdx modulelauncher[899291]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:13:44.389555 osdx modulelauncher[899291]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:13:44.391168 osdx modulelauncher[899291]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:13:44.391180 osdx modulelauncher[899291]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:13:44.615643 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:13:44.616378 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:13:44.653360 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:13:44.815603 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 03 18:13:44.900127 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 03 18:13:45.053626 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:13:45.129907 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:13:45.252086 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:13:45.322838 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:13:45.421047 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:13:45.494405 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:13:45.649284 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 03 18:13:45.759258 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:13:45.874379 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:13:45.986961 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:13:46.063196 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:13:46.168223 osdx ubnt-cfgd[899405]: inactive
Jun 03 18:13:46.191038 osdx INFO[899414]: FRR daemons did not change
Jun 03 18:13:46.204866 osdx ca-certificates[899429]: Updating certificates in /etc/ssl/certs...
Jun 03 18:13:46.741788 osdx ubnt-cfgd[900442]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:13:46.751628 osdx ca-certificates[900448]: 1 added, 0 removed; done.
Jun 03 18:13:46.754633 osdx ca-certificates[900454]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:13:46.757495 osdx ca-certificates[900456]: done.
Jun 03 18:13:46.823696 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:13:46.829897 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:13:46.830333 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:13:46.845334 osdx dnscrypt-proxy[900460]: dnscrypt-proxy 2.0.45
Jun 03 18:13:46.845403 osdx dnscrypt-proxy[900460]: Network connectivity detected
Jun 03 18:13:46.845631 osdx dnscrypt-proxy[900460]: Dropping privileges
Jun 03 18:13:46.846575 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:13:46.848253 osdx dnscrypt-proxy[900460]: Network connectivity detected
Jun 03 18:13:46.848289 osdx dnscrypt-proxy[900460]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:13:46.848294 osdx dnscrypt-proxy[900460]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:13:46.848314 osdx dnscrypt-proxy[900460]: Firefox workaround initialized
Jun 03 18:13:46.848319 osdx dnscrypt-proxy[900460]: Loading the set of cloaking rules from [/tmp/tmplh_foozi]
Jun 03 18:13:46.975605 osdx dnscrypt-proxy[900460]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 03 18:13:46.975630 osdx dnscrypt-proxy[900460]: [RD] OK (DoH) - rtt: 109ms
Jun 03 18:13:46.975639 osdx dnscrypt-proxy[900460]: Server with the lowest initial latency: RD (rtt: 109ms)
Jun 03 18:13:46.975644 osdx dnscrypt-proxy[900460]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:13:47.003642 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

Jun 03 18:13:55.000232 osdx systemd-timedated[895414]: Changed local time to Wed 2026-06-03 18:13:55 UTC
Jun 03 18:13:55.000917 osdx systemd-journald[262779]: Time jumped backwards, rotating.
Jun 03 18:13:55.001811 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'set date 2026-06-03 18:13:55'.
Jun 03 18:13:55.287140 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:13:55.288640 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:13:55.288704 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:13:55.297240 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:13:55.581430 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 03 18:13:55.832132 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:13:55.928994 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:13:56.025151 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:13:56.169859 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:13:56.253394 osdx ubnt-cfgd[902209]: inactive
Jun 03 18:13:56.299737 osdx INFO[902216]: FRR daemons did not change
Jun 03 18:13:56.332661 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:13:56.391292 osdx WARNING[902287]: No supported link modes on interface eth0
Jun 03 18:13:56.393333 osdx modulelauncher[902287]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:13:56.393348 osdx modulelauncher[902287]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:13:56.394763 osdx modulelauncher[902287]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:13:56.394773 osdx modulelauncher[902287]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:13:56.640599 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:13:56.641404 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:13:56.667621 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:13:56.853627 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 03 18:13:56.968571 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 03 18:13:57.159673 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:13:57.235206 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:13:57.335602 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:13:57.409484 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:13:57.501885 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:13:57.566888 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:13:57.717071 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 03 18:13:57.776755 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:13:57.902048 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:13:57.972390 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:13:58.097860 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:13:58.167292 osdx ubnt-cfgd[902401]: inactive
Jun 03 18:13:58.190581 osdx INFO[902410]: FRR daemons did not change
Jun 03 18:13:58.203816 osdx ca-certificates[902426]: Updating certificates in /etc/ssl/certs...
Jun 03 18:13:58.764157 osdx ubnt-cfgd[903438]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:13:58.774734 osdx ca-certificates[903444]: 1 added, 0 removed; done.
Jun 03 18:13:58.777577 osdx ca-certificates[903450]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:13:58.780225 osdx ca-certificates[903452]: done.
Jun 03 18:13:58.853097 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:13:58.861618 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:13:58.862183 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:13:58.879754 osdx dnscrypt-proxy[903456]: dnscrypt-proxy 2.0.45
Jun 03 18:13:58.880283 osdx dnscrypt-proxy[903456]: Network connectivity detected
Jun 03 18:13:58.880938 osdx dnscrypt-proxy[903456]: Dropping privileges
Jun 03 18:13:58.885359 osdx dnscrypt-proxy[903456]: Network connectivity detected
Jun 03 18:13:58.885416 osdx dnscrypt-proxy[903456]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:13:58.885421 osdx dnscrypt-proxy[903456]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:13:58.885460 osdx dnscrypt-proxy[903456]: Firefox workaround initialized
Jun 03 18:13:58.885466 osdx dnscrypt-proxy[903456]: Loading the set of cloaking rules from [/tmp/tmp8uysh54r]
Jun 03 18:13:58.889883 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:13:59.016992 osdx dnscrypt-proxy[903456]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 03 18:13:59.017019 osdx dnscrypt-proxy[903456]: [RD] OK (DoH) - rtt: 112ms
Jun 03 18:13:59.017029 osdx dnscrypt-proxy[903456]: Server with the lowest initial latency: RD (rtt: 112ms)
Jun 03 18:13:59.017033 osdx dnscrypt-proxy[903456]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:13:59.071944 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

Jun 03 18:13:59.341941 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:13:59.344662 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:13:59.344728 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:13:59.355145 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:13:59.625436 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:13:59.693471 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:13:59.882572 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:13:59.979765 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:00.051312 osdx ubnt-cfgd[903510]: inactive
Jun 03 18:14:00.073727 osdx dnscrypt-proxy[903456]: Stopped.
Jun 03 18:14:00.073754 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:14:00.074940 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:14:00.075058 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:00.136986 osdx WARNING[903574]: No supported link modes on interface eth0
Jun 03 18:14:00.139175 osdx modulelauncher[903574]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:00.139192 osdx modulelauncher[903574]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:00.140810 osdx modulelauncher[903574]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:00.140821 osdx modulelauncher[903574]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:00.167258 osdx ca-certificates[903596]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:14:00.473233 osdx ca-certificates[904174]: done.
Jun 03 18:14:00.477081 osdx ca-certificates[904182]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:00.963226 osdx ubnt-cfgd[905040]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:00.974373 osdx ca-certificates[905046]: 142 added, 0 removed; done.
Jun 03 18:14:00.978268 osdx ca-certificates[905052]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:00.982076 osdx ca-certificates[905054]: done.
Jun 03 18:14:01.030986 osdx INFO[905066]: FRR daemons did not change
Jun 03 18:14:01.111947 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:01.112477 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:01.138419 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:02.826855 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:02.905052 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:03.001797 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:03.072939 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:03.193718 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:03.302674 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:03.376301 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 03 18:14:03.479912 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:03.621170 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:03.674588 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:03.795156 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:03.860546 osdx ubnt-cfgd[905119]: inactive
Jun 03 18:14:03.897500 osdx INFO[905128]: FRR daemons did not change
Jun 03 18:14:03.919089 osdx ca-certificates[905143]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:04.434842 osdx ubnt-cfgd[906156]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:04.443677 osdx ca-certificates[906161]: 1 added, 0 removed; done.
Jun 03 18:14:04.447656 osdx ca-certificates[906168]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:04.450668 osdx ca-certificates[906170]: done.
Jun 03 18:14:04.480664 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:04.531898 osdx WARNING[906239]: No supported link modes on interface eth0
Jun 03 18:14:04.533498 osdx modulelauncher[906239]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:04.533511 osdx modulelauncher[906239]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:04.534933 osdx modulelauncher[906239]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:04.534943 osdx modulelauncher[906239]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:04.637098 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:04.660932 osdx dnscrypt-proxy[906283]: dnscrypt-proxy 2.0.45
Jun 03 18:14:04.661045 osdx dnscrypt-proxy[906283]: Network connectivity detected
Jun 03 18:14:04.661286 osdx dnscrypt-proxy[906283]: Dropping privileges
Jun 03 18:14:04.664244 osdx dnscrypt-proxy[906283]: Network connectivity detected
Jun 03 18:14:04.664283 osdx dnscrypt-proxy[906283]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:04.664289 osdx dnscrypt-proxy[906283]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:04.664312 osdx dnscrypt-proxy[906283]: Firefox workaround initialized
Jun 03 18:14:04.664318 osdx dnscrypt-proxy[906283]: Loading the set of cloaking rules from [/tmp/tmp_o01sers]
Jun 03 18:14:04.796361 osdx dnscrypt-proxy[906283]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 03 18:14:04.796388 osdx dnscrypt-proxy[906283]: [RD] OK (DoH) - rtt: 114ms
Jun 03 18:14:04.796397 osdx dnscrypt-proxy[906283]: Server with the lowest initial latency: RD (rtt: 114ms)
Jun 03 18:14:04.796401 osdx dnscrypt-proxy[906283]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:14:04.820093 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:04.820648 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:04.837600 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:04.988776 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

Jun 03 18:14:05.203859 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.9M, max 13.8M, 11.9M free.
Jun 03 18:14:05.204646 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:05.204707 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:05.220004 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:05.476181 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:05.532673 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:14:05.713619 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:14:05.803435 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:05.893555 osdx ubnt-cfgd[906370]: inactive
Jun 03 18:14:05.921679 osdx dnscrypt-proxy[906283]: Stopped.
Jun 03 18:14:05.921736 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:14:05.923203 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:14:05.923351 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:05.991971 osdx WARNING[906434]: No supported link modes on interface eth0
Jun 03 18:14:05.993759 osdx modulelauncher[906434]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:05.993774 osdx modulelauncher[906434]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:05.995071 osdx modulelauncher[906434]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:05.995081 osdx modulelauncher[906434]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:06.014228 osdx ca-certificates[906456]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:14:06.352618 osdx ca-certificates[907034]: done.
Jun 03 18:14:06.356992 osdx ca-certificates[907043]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:06.922333 osdx ubnt-cfgd[907900]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:06.933840 osdx ca-certificates[907906]: 142 added, 0 removed; done.
Jun 03 18:14:06.938227 osdx ca-certificates[907912]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:06.942285 osdx ca-certificates[907914]: done.
Jun 03 18:14:06.998303 osdx INFO[907926]: FRR daemons did not change
Jun 03 18:14:07.092256 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:07.092784 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:07.124256 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:08.860324 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:08.939117 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:09.049440 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:09.120458 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:09.214760 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:09.289258 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:09.376086 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 03 18:14:09.441270 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:09.579082 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:09.647259 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:09.813341 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:09.919664 osdx ubnt-cfgd[907979]: inactive
Jun 03 18:14:09.946552 osdx INFO[907988]: FRR daemons did not change
Jun 03 18:14:09.964719 osdx ca-certificates[908004]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:10.615665 osdx ubnt-cfgd[909016]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:10.627046 osdx ca-certificates[909021]: 1 added, 0 removed; done.
Jun 03 18:14:10.630940 osdx ca-certificates[909028]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:10.634786 osdx ca-certificates[909030]: done.
Jun 03 18:14:10.672665 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:10.727593 osdx WARNING[909099]: No supported link modes on interface eth0
Jun 03 18:14:10.729469 osdx modulelauncher[909099]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:10.729490 osdx modulelauncher[909099]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:10.730821 osdx modulelauncher[909099]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:10.730834 osdx modulelauncher[909099]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:10.853049 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:10.878617 osdx dnscrypt-proxy[909143]: dnscrypt-proxy 2.0.45
Jun 03 18:14:10.878687 osdx dnscrypt-proxy[909143]: Network connectivity detected
Jun 03 18:14:10.878920 osdx dnscrypt-proxy[909143]: Dropping privileges
Jun 03 18:14:10.880944 osdx dnscrypt-proxy[909143]: Network connectivity detected
Jun 03 18:14:10.880982 osdx dnscrypt-proxy[909143]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:10.880986 osdx dnscrypt-proxy[909143]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:10.881003 osdx dnscrypt-proxy[909143]: Firefox workaround initialized
Jun 03 18:14:10.881009 osdx dnscrypt-proxy[909143]: Loading the set of cloaking rules from [/tmp/tmpkv7yqad2]
Jun 03 18:14:11.005863 osdx dnscrypt-proxy[909143]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:14:11.005878 osdx dnscrypt-proxy[909143]: [RD] OK (DoH) - rtt: 107ms
Jun 03 18:14:11.005885 osdx dnscrypt-proxy[909143]: Server with the lowest initial latency: RD (rtt: 107ms)
Jun 03 18:14:11.005889 osdx dnscrypt-proxy[909143]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:14:11.032135 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:11.032695 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:11.061388 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:11.240150 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 03 18:14:20.381340 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 2.2M, max 13.8M, 11.5M free.
Jun 03 18:14:20.384547 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:20.384601 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:20.391680 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:20.667308 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 03 18:14:20.975947 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:21.091058 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:21.227379 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:21.300345 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:21.415314 osdx ubnt-cfgd[910925]: inactive
Jun 03 18:14:21.439550 osdx INFO[910932]: FRR daemons did not change
Jun 03 18:14:21.472548 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:21.520582 osdx WARNING[911003]: No supported link modes on interface eth0
Jun 03 18:14:21.522118 osdx modulelauncher[911003]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:21.522132 osdx modulelauncher[911003]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:21.523251 osdx modulelauncher[911003]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:21.523259 osdx modulelauncher[911003]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:21.727599 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:21.728109 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:21.743634 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:21.901545 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 03 18:14:21.970751 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 03 18:14:22.150751 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:22.214426 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:22.328887 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:22.406632 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:22.518235 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:22.620617 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:22.688546 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:14:22.784016 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:22.880059 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:22.977855 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:23.086780 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:23.177336 osdx ubnt-cfgd[911117]: inactive
Jun 03 18:14:23.200709 osdx INFO[911126]: FRR daemons did not change
Jun 03 18:14:23.215289 osdx ca-certificates[911142]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:23.762960 osdx ubnt-cfgd[912154]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:23.772166 osdx ca-certificates[912160]: 1 added, 0 removed; done.
Jun 03 18:14:23.775886 osdx ca-certificates[912166]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:23.779589 osdx ca-certificates[912168]: done.
Jun 03 18:14:23.861034 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:23.870104 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:23.870640 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:23.883137 osdx dnscrypt-proxy[912172]: dnscrypt-proxy 2.0.45
Jun 03 18:14:23.883197 osdx dnscrypt-proxy[912172]: Network connectivity detected
Jun 03 18:14:23.883392 osdx dnscrypt-proxy[912172]: Dropping privileges
Jun 03 18:14:23.885809 osdx dnscrypt-proxy[912172]: Network connectivity detected
Jun 03 18:14:23.885848 osdx dnscrypt-proxy[912172]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:23.885853 osdx dnscrypt-proxy[912172]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:23.885874 osdx dnscrypt-proxy[912172]: Firefox workaround initialized
Jun 03 18:14:23.885880 osdx dnscrypt-proxy[912172]: Loading the set of cloaking rules from [/tmp/tmpp8pqd5lg]
Jun 03 18:14:23.887182 osdx dnscrypt-proxy[912172]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 03 18:14:23.898506 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:24.011368 osdx dnscrypt-proxy[912172]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:14:24.011391 osdx dnscrypt-proxy[912172]: [RD] OK (DoH) - rtt: 105ms
Jun 03 18:14:24.011402 osdx dnscrypt-proxy[912172]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 03 18:14:24.011407 osdx dnscrypt-proxy[912172]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 03 18:14:32.309219 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:14:32.311754 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:32.311848 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:32.320360 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:32.540188 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 03 18:14:32.801566 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:32.889226 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:32.978612 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:33.080596 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:33.142139 osdx ubnt-cfgd[913918]: inactive
Jun 03 18:14:33.164221 osdx INFO[913925]: FRR daemons did not change
Jun 03 18:14:33.195745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:33.247445 osdx WARNING[913996]: No supported link modes on interface eth0
Jun 03 18:14:33.249494 osdx modulelauncher[913996]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:33.249514 osdx modulelauncher[913996]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:33.251187 osdx modulelauncher[913996]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:33.251198 osdx modulelauncher[913996]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:33.471327 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:33.471872 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:33.487018 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:33.654041 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 03 18:14:33.720990 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 03 18:14:33.895672 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:33.997654 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:34.056199 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:34.160267 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:34.222454 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:34.311745 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:34.386016 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:14:34.507514 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:34.584885 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:34.677037 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:34.758992 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:34.856671 osdx ubnt-cfgd[914110]: inactive
Jun 03 18:14:34.878555 osdx INFO[914119]: FRR daemons did not change
Jun 03 18:14:34.891337 osdx ca-certificates[914135]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:35.457404 osdx ubnt-cfgd[915147]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:35.468855 osdx ca-certificates[915152]: 1 added, 0 removed; done.
Jun 03 18:14:35.472343 osdx ca-certificates[915159]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:35.476231 osdx ca-certificates[915161]: done.
Jun 03 18:14:35.548215 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:35.556103 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:35.556570 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:35.568960 osdx dnscrypt-proxy[915165]: dnscrypt-proxy 2.0.45
Jun 03 18:14:35.569021 osdx dnscrypt-proxy[915165]: Network connectivity detected
Jun 03 18:14:35.569219 osdx dnscrypt-proxy[915165]: Dropping privileges
Jun 03 18:14:35.571529 osdx dnscrypt-proxy[915165]: Network connectivity detected
Jun 03 18:14:35.571561 osdx dnscrypt-proxy[915165]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:35.571565 osdx dnscrypt-proxy[915165]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:35.571580 osdx dnscrypt-proxy[915165]: Firefox workaround initialized
Jun 03 18:14:35.571584 osdx dnscrypt-proxy[915165]: Loading the set of cloaking rules from [/tmp/tmpbc0d2oqb]
Jun 03 18:14:35.572523 osdx dnscrypt-proxy[915165]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 03 18:14:35.574371 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:35.712349 osdx dnscrypt-proxy[915165]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:14:35.712365 osdx dnscrypt-proxy[915165]: [RD] OK (DoH) - rtt: 117ms
Jun 03 18:14:35.712374 osdx dnscrypt-proxy[915165]: Server with the lowest initial latency: RD (rtt: 117ms)
Jun 03 18:14:35.712380 osdx dnscrypt-proxy[915165]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 03 18:14:35.828065 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:14:35.831771 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:35.831835 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:35.839366 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:36.074316 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:36.136296 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:14:36.240638 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:14:36.297797 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:36.388974 osdx ubnt-cfgd[915216]: inactive
Jun 03 18:14:36.440483 osdx dnscrypt-proxy[915165]: Stopped.
Jun 03 18:14:36.440528 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:14:36.441337 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:14:36.441435 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:36.499727 osdx WARNING[915280]: No supported link modes on interface eth0
Jun 03 18:14:36.501377 osdx modulelauncher[915280]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:36.501392 osdx modulelauncher[915280]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:36.502653 osdx modulelauncher[915280]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:36.502663 osdx modulelauncher[915280]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:36.521525 osdx ca-certificates[915302]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:14:36.828962 osdx ca-certificates[915879]: done.
Jun 03 18:14:36.832699 osdx ca-certificates[915888]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:37.289534 osdx ubnt-cfgd[916746]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:37.298109 osdx ca-certificates[916751]: 142 added, 0 removed; done.
Jun 03 18:14:37.301883 osdx ca-certificates[916758]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:37.305613 osdx ca-certificates[916760]: done.
Jun 03 18:14:37.351929 osdx INFO[916772]: FRR daemons did not change
Jun 03 18:14:37.443335 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:37.476478 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:37.507036 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:38.747899 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:38.816150 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:38.934045 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:39.003356 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:39.094830 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:39.150723 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:39.239523 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 03 18:14:39.303938 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:39.432071 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:39.488823 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:39.600240 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:39.672084 osdx ubnt-cfgd[916825]: inactive
Jun 03 18:14:39.696138 osdx INFO[916834]: FRR daemons did not change
Jun 03 18:14:39.710120 osdx ca-certificates[916850]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:40.236690 osdx ubnt-cfgd[917862]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:40.245100 osdx ca-certificates[917867]: 1 added, 0 removed; done.
Jun 03 18:14:40.248446 osdx ca-certificates[917874]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:40.251291 osdx ca-certificates[917876]: done.
Jun 03 18:14:40.279745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:40.338845 osdx WARNING[917945]: No supported link modes on interface eth0
Jun 03 18:14:40.340965 osdx modulelauncher[917945]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:40.340982 osdx modulelauncher[917945]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:40.342231 osdx modulelauncher[917945]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:40.342242 osdx modulelauncher[917945]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:40.468178 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:40.499096 osdx dnscrypt-proxy[917989]: dnscrypt-proxy 2.0.45
Jun 03 18:14:40.499210 osdx dnscrypt-proxy[917989]: Network connectivity detected
Jun 03 18:14:40.499478 osdx dnscrypt-proxy[917989]: Dropping privileges
Jun 03 18:14:40.501987 osdx dnscrypt-proxy[917989]: Network connectivity detected
Jun 03 18:14:40.502045 osdx dnscrypt-proxy[917989]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:40.502051 osdx dnscrypt-proxy[917989]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:40.502072 osdx dnscrypt-proxy[917989]: Firefox workaround initialized
Jun 03 18:14:40.502078 osdx dnscrypt-proxy[917989]: Loading the set of cloaking rules from [/tmp/tmpnvirav10]
Jun 03 18:14:40.503328 osdx dnscrypt-proxy[917989]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 03 18:14:40.637413 osdx dnscrypt-proxy[917989]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:14:40.637430 osdx dnscrypt-proxy[917989]: [RD] OK (DoH) - rtt: 114ms
Jun 03 18:14:40.637439 osdx dnscrypt-proxy[917989]: Server with the lowest initial latency: RD (rtt: 114ms)
Jun 03 18:14:40.637446 osdx dnscrypt-proxy[917989]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:14:40.647111 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:40.647691 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:40.664432 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 03 18:14:40.945460 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:14:40.947743 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:40.947797 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:40.957348 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:41.203028 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:41.273419 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:14:41.387050 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:14:41.476190 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:41.547577 osdx ubnt-cfgd[918073]: inactive
Jun 03 18:14:41.605385 osdx dnscrypt-proxy[917989]: Stopped.
Jun 03 18:14:41.605487 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:14:41.606385 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:14:41.606492 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:41.670969 osdx WARNING[918137]: No supported link modes on interface eth0
Jun 03 18:14:41.672562 osdx modulelauncher[918137]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:41.672576 osdx modulelauncher[918137]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:41.673757 osdx modulelauncher[918137]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:41.673768 osdx modulelauncher[918137]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:41.691365 osdx ca-certificates[918159]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:14:41.965975 osdx ca-certificates[918736]: done.
Jun 03 18:14:41.969254 osdx ca-certificates[918745]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:42.412343 osdx ubnt-cfgd[919603]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:42.421315 osdx ca-certificates[919609]: 142 added, 0 removed; done.
Jun 03 18:14:42.424178 osdx ca-certificates[919615]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:42.427100 osdx ca-certificates[919617]: done.
Jun 03 18:14:42.472779 osdx INFO[919629]: FRR daemons did not change
Jun 03 18:14:42.643429 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:42.693732 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:42.710846 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:43.927900 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:44.017536 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:44.129229 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:44.191950 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:44.306366 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:44.422490 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:44.497785 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:14:44.614759 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 03 18:14:44.695857 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:44.849827 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:44.908242 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:45.032071 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:45.105962 osdx ubnt-cfgd[919683]: inactive
Jun 03 18:14:45.136072 osdx INFO[919692]: FRR daemons did not change
Jun 03 18:14:45.150573 osdx ca-certificates[919708]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:45.826141 osdx ubnt-cfgd[920720]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:45.836634 osdx ca-certificates[920726]: 1 added, 0 removed; done.
Jun 03 18:14:45.840723 osdx ca-certificates[920732]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:45.844586 osdx ca-certificates[920734]: done.
Jun 03 18:14:45.883756 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:45.943914 osdx WARNING[920803]: No supported link modes on interface eth0
Jun 03 18:14:45.945997 osdx modulelauncher[920803]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:45.946014 osdx modulelauncher[920803]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:45.947525 osdx modulelauncher[920803]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:45.947536 osdx modulelauncher[920803]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:46.060167 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:46.085402 osdx dnscrypt-proxy[920847]: dnscrypt-proxy 2.0.45
Jun 03 18:14:46.085477 osdx dnscrypt-proxy[920847]: Network connectivity detected
Jun 03 18:14:46.085709 osdx dnscrypt-proxy[920847]: Dropping privileges
Jun 03 18:14:46.087880 osdx dnscrypt-proxy[920847]: Network connectivity detected
Jun 03 18:14:46.087914 osdx dnscrypt-proxy[920847]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:46.087919 osdx dnscrypt-proxy[920847]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:46.087946 osdx dnscrypt-proxy[920847]: Firefox workaround initialized
Jun 03 18:14:46.087951 osdx dnscrypt-proxy[920847]: Loading the set of cloaking rules from [/tmp/tmp7kqvwkjo]
Jun 03 18:14:46.088982 osdx dnscrypt-proxy[920847]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 03 18:14:46.243543 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:46.244173 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:46.266485 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:46.285613 osdx dnscrypt-proxy[920847]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:14:46.285634 osdx dnscrypt-proxy[920847]: [RD] OK (DoH) - rtt: 120ms
Jun 03 18:14:46.285644 osdx dnscrypt-proxy[920847]: Server with the lowest initial latency: RD (rtt: 120ms)
Jun 03 18:14:46.285653 osdx dnscrypt-proxy[920847]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

Jun 03 18:14:54.315985 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:14:54.318497 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:54.318561 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:54.327058 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:54.560096 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 03 18:14:54.835833 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:54.931485 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:55.010985 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:55.106207 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:55.165297 osdx ubnt-cfgd[922624]: inactive
Jun 03 18:14:55.186850 osdx INFO[922631]: FRR daemons did not change
Jun 03 18:14:55.222462 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:14:55.272031 osdx WARNING[922702]: No supported link modes on interface eth0
Jun 03 18:14:55.273734 osdx modulelauncher[922702]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:55.273750 osdx modulelauncher[922702]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:55.274995 osdx modulelauncher[922702]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:55.275005 osdx modulelauncher[922702]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:55.485955 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:55.486525 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:55.514969 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:55.710515 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 03 18:14:55.828562 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 03 18:14:56.016037 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:56.722740 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:14:56.790011 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:14:56.905028 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:14:56.975875 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:14:57.103251 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:14:57.158848 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:14:57.259704 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 03 18:14:57.333105 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:14:57.456422 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:14:57.522874 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:14:57.670687 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:57.745599 osdx ubnt-cfgd[922817]: inactive
Jun 03 18:14:57.771048 osdx INFO[922826]: FRR daemons did not change
Jun 03 18:14:57.783200 osdx ca-certificates[922842]: Updating certificates in /etc/ssl/certs...
Jun 03 18:14:58.351661 osdx ubnt-cfgd[923854]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:14:58.359490 osdx ca-certificates[923860]: 1 added, 0 removed; done.
Jun 03 18:14:58.362247 osdx ca-certificates[923866]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:14:58.364900 osdx ca-certificates[923868]: done.
Jun 03 18:14:58.430851 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:58.438703 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:14:58.439185 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:14:58.454524 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:14:58.460224 osdx dnscrypt-proxy[923872]: dnscrypt-proxy 2.0.45
Jun 03 18:14:58.460286 osdx dnscrypt-proxy[923872]: Network connectivity detected
Jun 03 18:14:58.460492 osdx dnscrypt-proxy[923872]: Dropping privileges
Jun 03 18:14:58.462386 osdx dnscrypt-proxy[923872]: Network connectivity detected
Jun 03 18:14:58.462415 osdx dnscrypt-proxy[923872]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:14:58.462419 osdx dnscrypt-proxy[923872]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:14:58.462457 osdx dnscrypt-proxy[923872]: Firefox workaround initialized
Jun 03 18:14:58.462462 osdx dnscrypt-proxy[923872]: Loading the set of cloaking rules from [/tmp/tmpksltutv1]
Jun 03 18:14:58.592232 osdx dnscrypt-proxy[923872]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 03 18:14:58.592247 osdx dnscrypt-proxy[923872]: [RD] OK (DoH) - rtt: 113ms
Jun 03 18:14:58.592256 osdx dnscrypt-proxy[923872]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 03 18:14:58.592260 osdx dnscrypt-proxy[923872]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:14:58.661969 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

Jun 03 18:14:58.882080 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:14:58.882559 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:14:58.882593 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:14:58.892796 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:14:59.139165 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:14:59.196423 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:14:59.357681 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:14:59.440261 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:14:59.527041 osdx ubnt-cfgd[923927]: inactive
Jun 03 18:14:59.549001 osdx dnscrypt-proxy[923872]: Stopped.
Jun 03 18:14:59.549046 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:14:59.549948 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:14:59.550076 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:14:59.610830 osdx WARNING[923991]: No supported link modes on interface eth0
Jun 03 18:14:59.612355 osdx modulelauncher[923991]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:14:59.612368 osdx modulelauncher[923991]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:14:59.613589 osdx modulelauncher[923991]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:14:59.613598 osdx modulelauncher[923991]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:14:59.631401 osdx ca-certificates[924013]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:14:59.949790 osdx ca-certificates[924591]: done.
Jun 03 18:14:59.953090 osdx ca-certificates[924599]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:00.491620 osdx ubnt-cfgd[925457]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:00.500239 osdx ca-certificates[925462]: 142 added, 0 removed; done.
Jun 03 18:15:00.504736 osdx ca-certificates[925469]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:00.508675 osdx ca-certificates[925471]: done.
Jun 03 18:15:00.565488 osdx INFO[925483]: FRR daemons did not change
Jun 03 18:15:00.682786 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:00.683354 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:00.702133 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:02.219767 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:03.004596 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:15:03.077693 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:15:03.185146 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:15:03.282081 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:15:03.377772 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:15:03.441859 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:15:03.539409 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 03 18:15:03.603502 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:15:03.780891 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:15:03.848342 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:15:03.987829 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:04.060215 osdx ubnt-cfgd[925537]: inactive
Jun 03 18:15:04.086688 osdx INFO[925546]: FRR daemons did not change
Jun 03 18:15:04.100188 osdx ca-certificates[925562]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:04.685952 osdx ubnt-cfgd[926574]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:04.694948 osdx ca-certificates[926579]: 1 added, 0 removed; done.
Jun 03 18:15:04.698233 osdx ca-certificates[926586]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:04.702161 osdx ca-certificates[926588]: done.
Jun 03 18:15:04.738466 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:15:04.792412 osdx WARNING[926657]: No supported link modes on interface eth0
Jun 03 18:15:04.794296 osdx modulelauncher[926657]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:04.794309 osdx modulelauncher[926657]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:04.795744 osdx modulelauncher[926657]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:04.795752 osdx modulelauncher[926657]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:04.898811 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:04.923972 osdx dnscrypt-proxy[926701]: dnscrypt-proxy 2.0.45
Jun 03 18:15:04.924096 osdx dnscrypt-proxy[926701]: Network connectivity detected
Jun 03 18:15:04.924349 osdx dnscrypt-proxy[926701]: Dropping privileges
Jun 03 18:15:04.928227 osdx dnscrypt-proxy[926701]: Network connectivity detected
Jun 03 18:15:04.928265 osdx dnscrypt-proxy[926701]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:15:04.928271 osdx dnscrypt-proxy[926701]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:15:04.928293 osdx dnscrypt-proxy[926701]: Firefox workaround initialized
Jun 03 18:15:04.928299 osdx dnscrypt-proxy[926701]: Loading the set of cloaking rules from [/tmp/tmpnsy6ro3x]
Jun 03 18:15:05.073124 osdx dnscrypt-proxy[926701]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 03 18:15:05.073148 osdx dnscrypt-proxy[926701]: [RD] OK (DoH) - rtt: 117ms
Jun 03 18:15:05.073157 osdx dnscrypt-proxy[926701]: Server with the lowest initial latency: RD (rtt: 117ms)
Jun 03 18:15:05.073162 osdx dnscrypt-proxy[926701]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:15:05.106115 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:05.106739 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:05.125834 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:05.314216 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

Jun 03 18:15:05.553060 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:15:05.554452 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:15:05.554520 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:15:05.566548 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:15:05.837161 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:05.904314 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:15:06.061798 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:15:06.128798 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:06.223405 osdx ubnt-cfgd[926788]: inactive
Jun 03 18:15:06.246239 osdx dnscrypt-proxy[926701]: Stopped.
Jun 03 18:15:06.246336 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:15:06.247654 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:15:06.247788 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:06.311623 osdx WARNING[926852]: No supported link modes on interface eth0
Jun 03 18:15:06.313203 osdx modulelauncher[926852]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:06.313218 osdx modulelauncher[926852]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:06.314309 osdx modulelauncher[926852]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:06.314318 osdx modulelauncher[926852]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:06.330924 osdx ca-certificates[926874]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:15:06.632105 osdx ca-certificates[927452]: done.
Jun 03 18:15:06.635084 osdx ca-certificates[927461]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:07.093800 osdx ubnt-cfgd[928318]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:07.102831 osdx ca-certificates[928324]: 142 added, 0 removed; done.
Jun 03 18:15:07.105733 osdx ca-certificates[928330]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:07.108650 osdx ca-certificates[928332]: done.
Jun 03 18:15:07.153466 osdx INFO[928344]: FRR daemons did not change
Jun 03 18:15:07.294158 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:07.294788 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:07.330095 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:08.758080 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:09.399805 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:15:09.479901 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:15:09.580418 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:15:09.643202 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:15:09.762447 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:15:09.816944 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 03 18:15:09.926072 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 03 18:15:09.984750 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:15:10.121330 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:15:10.177346 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:15:10.306191 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:10.387426 osdx ubnt-cfgd[928398]: inactive
Jun 03 18:15:10.420963 osdx INFO[928407]: FRR daemons did not change
Jun 03 18:15:10.438289 osdx ca-certificates[928422]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:11.125121 osdx ubnt-cfgd[929435]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:11.133546 osdx ca-certificates[929440]: 1 added, 0 removed; done.
Jun 03 18:15:11.136856 osdx ca-certificates[929447]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:11.139909 osdx ca-certificates[929449]: done.
Jun 03 18:15:11.170460 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:15:11.224054 osdx WARNING[929518]: No supported link modes on interface eth0
Jun 03 18:15:11.225975 osdx modulelauncher[929518]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:11.225991 osdx modulelauncher[929518]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:11.227481 osdx modulelauncher[929518]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:11.227490 osdx modulelauncher[929518]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:11.326904 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:11.348046 osdx dnscrypt-proxy[929562]: dnscrypt-proxy 2.0.45
Jun 03 18:15:11.348127 osdx dnscrypt-proxy[929562]: Network connectivity detected
Jun 03 18:15:11.348359 osdx dnscrypt-proxy[929562]: Dropping privileges
Jun 03 18:15:11.351147 osdx dnscrypt-proxy[929562]: Network connectivity detected
Jun 03 18:15:11.351183 osdx dnscrypt-proxy[929562]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:15:11.351188 osdx dnscrypt-proxy[929562]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:15:11.351208 osdx dnscrypt-proxy[929562]: Firefox workaround initialized
Jun 03 18:15:11.351213 osdx dnscrypt-proxy[929562]: Loading the set of cloaking rules from [/tmp/tmp4099q70s]
Jun 03 18:15:11.481436 osdx dnscrypt-proxy[929562]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:15:11.481449 osdx dnscrypt-proxy[929562]: [RD] OK (DoH) - rtt: 113ms
Jun 03 18:15:11.481455 osdx dnscrypt-proxy[929562]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 03 18:15:11.481459 osdx dnscrypt-proxy[929562]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:15:11.502011 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:11.525202 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:11.550774 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:11.690480 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49199

Show output

Jun 03 18:15:11.931698 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:15:11.934455 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:15:11.934535 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:15:11.942754 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:15:12.288697 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:12.345978 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:15:12.472521 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:15:12.620088 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:12.685836 osdx ubnt-cfgd[929649]: inactive
Jun 03 18:15:12.708483 osdx dnscrypt-proxy[929562]: Stopped.
Jun 03 18:15:12.708514 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:15:12.709602 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:15:12.709717 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:12.769723 osdx WARNING[929713]: No supported link modes on interface eth0
Jun 03 18:15:12.771432 osdx modulelauncher[929713]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:12.771454 osdx modulelauncher[929713]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:12.772694 osdx modulelauncher[929713]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:12.772705 osdx modulelauncher[929713]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:12.791411 osdx ca-certificates[929735]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:15:13.163144 osdx ca-certificates[930312]: done.
Jun 03 18:15:13.166056 osdx ca-certificates[930321]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:13.658620 osdx ubnt-cfgd[931179]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:13.666874 osdx ca-certificates[931184]: 142 added, 0 removed; done.
Jun 03 18:15:13.669670 osdx ca-certificates[931191]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:13.673164 osdx ca-certificates[931193]: done.
Jun 03 18:15:13.725064 osdx INFO[931205]: FRR daemons did not change
Jun 03 18:15:13.826081 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:13.826596 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:13.842630 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:15.083600 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:15.677754 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:15:15.732287 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:15:15.837016 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:15:15.891689 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:15:15.992176 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:15:16.046906 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 03 18:15:16.145314 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 03 18:15:16.195568 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:15:16.339571 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:15:16.395261 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:15:16.501858 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:16.573214 osdx ubnt-cfgd[931259]: inactive
Jun 03 18:15:16.597297 osdx INFO[931268]: FRR daemons did not change
Jun 03 18:15:16.611033 osdx ca-certificates[931284]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:17.180043 osdx ubnt-cfgd[932296]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:17.189159 osdx ca-certificates[932301]: 1 added, 0 removed; done.
Jun 03 18:15:17.192197 osdx ca-certificates[932308]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:17.195090 osdx ca-certificates[932310]: done.
Jun 03 18:15:17.226445 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:15:17.282621 osdx WARNING[932379]: No supported link modes on interface eth0
Jun 03 18:15:17.284615 osdx modulelauncher[932379]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:17.284632 osdx modulelauncher[932379]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:17.286125 osdx modulelauncher[932379]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:17.286134 osdx modulelauncher[932379]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:17.386745 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:17.411258 osdx dnscrypt-proxy[932423]: dnscrypt-proxy 2.0.45
Jun 03 18:15:17.411324 osdx dnscrypt-proxy[932423]: Network connectivity detected
Jun 03 18:15:17.411530 osdx dnscrypt-proxy[932423]: Dropping privileges
Jun 03 18:15:17.416848 osdx dnscrypt-proxy[932423]: Network connectivity detected
Jun 03 18:15:17.417104 osdx dnscrypt-proxy[932423]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:15:17.417148 osdx dnscrypt-proxy[932423]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:15:17.417199 osdx dnscrypt-proxy[932423]: Firefox workaround initialized
Jun 03 18:15:17.417234 osdx dnscrypt-proxy[932423]: Loading the set of cloaking rules from [/tmp/tmpzosi0zr5]
Jun 03 18:15:17.536249 osdx dnscrypt-proxy[932423]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 03 18:15:17.536262 osdx dnscrypt-proxy[932423]: [RD] OK (DoH) - rtt: 101ms
Jun 03 18:15:17.536270 osdx dnscrypt-proxy[932423]: Server with the lowest initial latency: RD (rtt: 101ms)
Jun 03 18:15:17.536274 osdx dnscrypt-proxy[932423]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:15:17.562010 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:17.562595 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:17.589146 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:17.755726 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 49200

Show output

Jun 03 18:15:17.999974 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:15:18.002467 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:15:18.002567 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:15:18.011272 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:15:18.335044 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:18.412576 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:15:18.566574 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:15:18.629661 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:18.741752 osdx ubnt-cfgd[932511]: inactive
Jun 03 18:15:18.772090 osdx dnscrypt-proxy[932423]: Stopped.
Jun 03 18:15:18.772285 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:15:18.773405 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:15:18.773539 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:18.838793 osdx WARNING[932575]: No supported link modes on interface eth0
Jun 03 18:15:18.840773 osdx modulelauncher[932575]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:18.840789 osdx modulelauncher[932575]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:18.842127 osdx modulelauncher[932575]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:18.842136 osdx modulelauncher[932575]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:18.863779 osdx ca-certificates[932597]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:15:19.209045 osdx ca-certificates[933174]: done.
Jun 03 18:15:19.212808 osdx ca-certificates[933183]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:19.748024 osdx ubnt-cfgd[934041]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:19.759417 osdx ca-certificates[934046]: 142 added, 0 removed; done.
Jun 03 18:15:19.762699 osdx ca-certificates[934053]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:19.766554 osdx ca-certificates[934055]: done.
Jun 03 18:15:19.820045 osdx INFO[934067]: FRR daemons did not change
Jun 03 18:15:19.962218 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:19.962753 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:19.979039 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:21.523861 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:22.362158 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:15:22.422244 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:15:22.588593 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:15:22.668211 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:15:22.830278 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:15:22.939884 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 03 18:15:23.042580 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 03 18:15:23.104400 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:15:23.237635 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:15:23.291604 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:15:23.399891 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:23.465279 osdx ubnt-cfgd[934122]: inactive
Jun 03 18:15:23.492049 osdx INFO[934131]: FRR daemons did not change
Jun 03 18:15:23.506456 osdx ca-certificates[934147]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:24.030737 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Jun 03 18:15:24.065250 osdx ubnt-cfgd[935159]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:24.073268 osdx ca-certificates[935167]: 1 added, 0 removed; done.
Jun 03 18:15:24.076113 osdx ca-certificates[935173]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:24.079714 osdx ca-certificates[935175]: done.
Jun 03 18:15:24.114462 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:15:24.162264 osdx WARNING[935244]: No supported link modes on interface eth0
Jun 03 18:15:24.163879 osdx modulelauncher[935244]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:24.163892 osdx modulelauncher[935244]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:24.165148 osdx modulelauncher[935244]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:24.165157 osdx modulelauncher[935244]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:24.274834 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:24.305499 osdx dnscrypt-proxy[935288]: dnscrypt-proxy 2.0.45
Jun 03 18:15:24.305573 osdx dnscrypt-proxy[935288]: Network connectivity detected
Jun 03 18:15:24.305797 osdx dnscrypt-proxy[935288]: Dropping privileges
Jun 03 18:15:24.308149 osdx dnscrypt-proxy[935288]: Network connectivity detected
Jun 03 18:15:24.308179 osdx dnscrypt-proxy[935288]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:15:24.308185 osdx dnscrypt-proxy[935288]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:15:24.308205 osdx dnscrypt-proxy[935288]: Firefox workaround initialized
Jun 03 18:15:24.308210 osdx dnscrypt-proxy[935288]: Loading the set of cloaking rules from [/tmp/tmpery4mwd6]
Jun 03 18:15:24.453773 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:24.454319 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:24.471725 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:24.496354 osdx dnscrypt-proxy[935288]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 03 18:15:24.496374 osdx dnscrypt-proxy[935288]: [RD] OK (DoH) - rtt: 118ms
Jun 03 18:15:24.496382 osdx dnscrypt-proxy[935288]: Server with the lowest initial latency: RD (rtt: 118ms)
Jun 03 18:15:24.496386 osdx dnscrypt-proxy[935288]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:15:24.630264 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run the command show host lookup teldat.com type A on DUT0 and check whether the output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run the command system journal show | cat on DUT0 and check whether the output contains the following tokens:

Cipher suite: 52392

Show output

Jun 03 18:15:24.843615 osdx systemd-journald[262779]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free.
Jun 03 18:15:24.846455 osdx systemd-journald[262779]: Received client request to rotate journal, rotating.
Jun 03 18:15:24.846534 osdx systemd-journald[262779]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000.
Jun 03 18:15:24.856215 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'system journal clear'.
Jun 03 18:15:25.148833 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:25.218888 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'delete '.
Jun 03 18:15:25.364973 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 03 18:15:25.435644 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:25.534519 osdx ubnt-cfgd[935375]: inactive
Jun 03 18:15:25.561770 osdx dnscrypt-proxy[935288]: Stopped.
Jun 03 18:15:25.561808 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 03 18:15:25.563227 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 03 18:15:25.563401 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:25.635655 osdx WARNING[935439]: No supported link modes on interface eth0
Jun 03 18:15:25.637876 osdx modulelauncher[935439]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:25.637898 osdx modulelauncher[935439]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:25.639309 osdx modulelauncher[935439]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:25.639320 osdx modulelauncher[935439]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:25.658070 osdx ca-certificates[935461]: Clearing symlinks in /etc/ssl/certs...
Jun 03 18:15:25.989513 osdx ca-certificates[936039]: done.
Jun 03 18:15:25.992726 osdx ca-certificates[936048]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:26.524763 osdx ubnt-cfgd[936905]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:26.534338 osdx ca-certificates[936911]: 142 added, 0 removed; done.
Jun 03 18:15:26.538106 osdx ca-certificates[936917]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:26.541832 osdx ca-certificates[936919]: done.
Jun 03 18:15:26.595801 osdx INFO[936931]: FRR daemons did not change
Jun 03 18:15:26.698553 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:26.699122 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:26.723277 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:28.077507 osdx OSDxCLI[893656]: User 'admin' entered the configuration menu.
Jun 03 18:15:28.782811 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 03 18:15:28.849682 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 03 18:15:28.961796 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 03 18:15:29.020883 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 03 18:15:29.135773 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 981fe98eb7a219769fd87dc4007c1189e24536fae0b43e352b1e9401008d0c2b'.
Jun 03 18:15:29.198943 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 03 18:15:29.309334 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 03 18:15:29.359850 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 03 18:15:29.485502 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 03 18:15:29.565892 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 03 18:15:29.692587 osdx OSDxCLI[893656]: User 'admin' added a new cfg line: 'show working'.
Jun 03 18:15:29.770723 osdx ubnt-cfgd[936985]: inactive
Jun 03 18:15:29.803774 osdx INFO[936994]: FRR daemons did not change
Jun 03 18:15:29.823243 osdx ca-certificates[937010]: Updating certificates in /etc/ssl/certs...
Jun 03 18:15:30.506671 osdx ubnt-cfgd[938022]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 03 18:15:30.518566 osdx ca-certificates[938028]: 1 added, 0 removed; done.
Jun 03 18:15:30.522359 osdx ca-certificates[938034]: Running hooks in /etc/ca-certificates/update.d...
Jun 03 18:15:30.526387 osdx ca-certificates[938036]: done.
Jun 03 18:15:30.562484 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 03 18:15:30.614985 osdx WARNING[938105]: No supported link modes on interface eth0
Jun 03 18:15:30.616778 osdx modulelauncher[938105]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 03 18:15:30.616796 osdx modulelauncher[938105]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 03 18:15:30.618028 osdx modulelauncher[938105]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jun 03 18:15:30.618039 osdx modulelauncher[938105]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jun 03 18:15:30.730936 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 03 18:15:30.756168 osdx dnscrypt-proxy[938149]: dnscrypt-proxy 2.0.45
Jun 03 18:15:30.756251 osdx dnscrypt-proxy[938149]: Network connectivity detected
Jun 03 18:15:30.756508 osdx dnscrypt-proxy[938149]: Dropping privileges
Jun 03 18:15:30.759780 osdx dnscrypt-proxy[938149]: Network connectivity detected
Jun 03 18:15:30.759817 osdx dnscrypt-proxy[938149]: Now listening to 127.0.0.1:53 [UDP]
Jun 03 18:15:30.759837 osdx dnscrypt-proxy[938149]: Now listening to 127.0.0.1:53 [TCP]
Jun 03 18:15:30.759854 osdx dnscrypt-proxy[938149]: Firefox workaround initialized
Jun 03 18:15:30.759859 osdx dnscrypt-proxy[938149]: Loading the set of cloaking rules from [/tmp/tmp5sltx9q4]
Jun 03 18:15:30.896686 osdx dnscrypt-proxy[938149]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 03 18:15:30.896703 osdx dnscrypt-proxy[938149]: [RD] OK (DoH) - rtt: 116ms
Jun 03 18:15:30.896712 osdx dnscrypt-proxy[938149]: Server with the lowest initial latency: RD (rtt: 116ms)
Jun 03 18:15:30.896716 osdx dnscrypt-proxy[938149]: dnscrypt-proxy is ready - live servers: 1
Jun 03 18:15:30.934339 osdx cfgd[1899]: [893656]Completed change to active configuration
Jun 03 18:15:30.934863 osdx OSDxCLI[893656]: User 'admin' committed the configuration.
Jun 03 18:15:30.950376 osdx OSDxCLI[893656]: User 'admin' left the configuration menu.
Jun 03 18:15:31.109347 osdx OSDxCLI[893656]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---