Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 25 09:50:35.321063 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.1M, max 15.3M, 13.1M free. Jun 25 09:50:35.321486 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:50:35.321521 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:50:35.333286 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:50:35.557509 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:50:35.819865 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:50:35.900891 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:50:35.983574 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:50:36.051833 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:50:36.156756 osdx ubnt-cfgd[211324]: inactive Jun 25 09:50:36.177580 osdx INFO[211332]: FRR daemons did not change Jun 25 09:50:36.201482 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:50:36.277381 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:50:36.288632 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:50:36.307331 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:50:36.451975 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:50:36.633820 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:50:36.694272 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:50:36.796249 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:50:36.873689 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:50:37.004629 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:50:37.065869 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:50:37.163075 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 25 09:50:37.216186 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:50:37.332749 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:50:37.387155 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:50:37.502604 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:50:37.569494 osdx ubnt-cfgd[211493]: inactive Jun 25 09:50:37.592265 osdx INFO[211501]: FRR daemons did not change Jun 25 09:50:37.605645 osdx ca-certificates[211516]: Updating certificates in /etc/ssl/certs... Jun 25 09:50:38.107858 osdx ubnt-cfgd[212515]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:50:38.116522 osdx ca-certificates[212521]: 1 added, 0 removed; done. Jun 25 09:50:38.119688 osdx ca-certificates[212527]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:50:38.123415 osdx ca-certificates[212529]: done. Jun 25 09:50:38.193925 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:50:38.195164 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:50:38.197109 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:50:38.213770 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:50:38.226508 osdx dnscrypt-proxy[212533]: dnscrypt-proxy 2.0.45 Jun 25 09:50:38.226569 osdx dnscrypt-proxy[212533]: Network connectivity detected Jun 25 09:50:38.226757 osdx dnscrypt-proxy[212533]: Dropping privileges Jun 25 09:50:38.228612 osdx dnscrypt-proxy[212533]: Network connectivity detected Jun 25 09:50:38.228643 osdx dnscrypt-proxy[212533]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:50:38.228647 osdx dnscrypt-proxy[212533]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:50:38.228669 osdx dnscrypt-proxy[212533]: Firefox workaround initialized Jun 25 09:50:38.228673 osdx dnscrypt-proxy[212533]: Loading the set of cloaking rules from [/tmp/tmpukepx2kt] Jun 25 09:50:38.398687 osdx dnscrypt-proxy[212533]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 25 09:50:38.398702 osdx dnscrypt-proxy[212533]: [RD] OK (DoH) - rtt: 110ms Jun 25 09:50:38.398710 osdx dnscrypt-proxy[212533]: Server with the lowest initial latency: RD (rtt: 110ms) Jun 25 09:50:38.398718 osdx dnscrypt-proxy[212533]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:50:43.370687 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:50:45.696096 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 25 09:50:53.304035 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:50:53.308049 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:50:53.308105 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:50:53.313551 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:50:53.521033 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:50:53.753601 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:50:53.831555 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:50:53.912223 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:50:53.980079 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:50:54.078920 osdx ubnt-cfgd[214217]: inactive Jun 25 09:50:54.100625 osdx INFO[214225]: FRR daemons did not change Jun 25 09:50:54.120041 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:50:54.194466 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:50:54.204829 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:50:54.232929 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:50:54.380735 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:50:54.593005 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:50:54.660954 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:50:54.764071 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:50:54.827787 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:50:54.920983 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:50:54.982060 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:50:55.080574 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 25 09:50:55.143949 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:50:55.261898 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:50:55.328571 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:50:55.499634 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:50:55.592551 osdx ubnt-cfgd[214386]: inactive Jun 25 09:50:55.616587 osdx INFO[214394]: FRR daemons did not change Jun 25 09:50:55.629658 osdx ca-certificates[214409]: Updating certificates in /etc/ssl/certs... Jun 25 09:50:56.177052 osdx ubnt-cfgd[215408]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:50:56.184958 osdx ca-certificates[215413]: 1 added, 0 removed; done. Jun 25 09:50:56.188881 osdx ca-certificates[215420]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:50:56.192941 osdx ca-certificates[215422]: done. Jun 25 09:50:56.264391 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:50:56.265568 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:50:56.267725 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:50:56.283621 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:50:56.297137 osdx dnscrypt-proxy[215426]: dnscrypt-proxy 2.0.45 Jun 25 09:50:56.297211 osdx dnscrypt-proxy[215426]: Network connectivity detected Jun 25 09:50:56.297431 osdx dnscrypt-proxy[215426]: Dropping privileges Jun 25 09:50:56.299567 osdx dnscrypt-proxy[215426]: Network connectivity detected Jun 25 09:50:56.299594 osdx dnscrypt-proxy[215426]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:50:56.299598 osdx dnscrypt-proxy[215426]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:50:56.299617 osdx dnscrypt-proxy[215426]: Firefox workaround initialized Jun 25 09:50:56.299621 osdx dnscrypt-proxy[215426]: Loading the set of cloaking rules from [/tmp/tmpl3xi0k9k] Jun 25 09:50:56.474297 osdx dnscrypt-proxy[215426]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 25 09:50:56.474313 osdx dnscrypt-proxy[215426]: [RD] OK (DoH) - rtt: 112ms Jun 25 09:50:56.474328 osdx dnscrypt-proxy[215426]: Server with the lowest initial latency: RD (rtt: 112ms) Jun 25 09:50:56.474334 osdx dnscrypt-proxy[215426]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:51:01.429890 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:51:03.517238 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 25 09:51:03.722573 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:51:03.724033 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:03.724080 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:03.733124 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:04.001784 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:04.058795 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:51:04.172254 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:51:04.235697 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:04.398902 osdx ubnt-cfgd[215482]: inactive Jun 25 09:51:04.422601 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:51:04.422604 osdx dnscrypt-proxy[215426]: Stopped. Jun 25 09:51:04.423700 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:51:04.423826 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:04.504611 osdx ca-certificates[215569]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:51:04.771395 osdx ca-certificates[216138]: done. Jun 25 09:51:04.774674 osdx ca-certificates[216147]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:05.194389 osdx ubnt-cfgd[216993]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:05.203756 osdx ca-certificates[216998]: 140 added, 0 removed; done. Jun 25 09:51:05.206644 osdx ca-certificates[217005]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:05.209653 osdx ca-certificates[217007]: done. Jun 25 09:51:05.226417 osdx INFO[217010]: FRR daemons did not change Jun 25 09:51:05.226824 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:05.228641 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:05.246080 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:06.511392 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:06.597485 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:06.665061 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:06.770348 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:06.825572 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:06.937873 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:07.016330 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 25 09:51:07.138899 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:07.226719 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:07.337970 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:07.435002 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:07.535631 osdx ubnt-cfgd[217044]: inactive Jun 25 09:51:07.560412 osdx INFO[217054]: FRR daemons did not change Jun 25 09:51:07.573979 osdx ca-certificates[217070]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:08.078555 osdx ubnt-cfgd[218068]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:08.087701 osdx ca-certificates[218074]: 1 added, 0 removed; done. Jun 25 09:51:08.090649 osdx ca-certificates[218080]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:08.094324 osdx ca-certificates[218082]: done. Jun 25 09:51:08.112038 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:08.288416 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:08.290190 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:08.303623 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:08.315904 osdx dnscrypt-proxy[218192]: dnscrypt-proxy 2.0.45 Jun 25 09:51:08.315958 osdx dnscrypt-proxy[218192]: Network connectivity detected Jun 25 09:51:08.316146 osdx dnscrypt-proxy[218192]: Dropping privileges Jun 25 09:51:08.318044 osdx dnscrypt-proxy[218192]: Network connectivity detected Jun 25 09:51:08.318069 osdx dnscrypt-proxy[218192]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:08.318073 osdx dnscrypt-proxy[218192]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:08.318094 osdx dnscrypt-proxy[218192]: Firefox workaround initialized Jun 25 09:51:08.318098 osdx dnscrypt-proxy[218192]: Loading the set of cloaking rules from [/tmp/tmpa7q1sety] Jun 25 09:51:08.327722 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:08.491921 osdx dnscrypt-proxy[218192]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 25 09:51:08.491942 osdx dnscrypt-proxy[218192]: [RD] OK (DoH) - rtt: 109ms Jun 25 09:51:08.491952 osdx dnscrypt-proxy[218192]: Server with the lowest initial latency: RD (rtt: 109ms) Jun 25 09:51:08.491958 osdx dnscrypt-proxy[218192]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:51:13.484905 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:51:15.572412 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 25 09:51:15.799508 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:51:15.800032 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:15.800067 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:15.810820 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:16.175959 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:16.233991 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:51:16.341287 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:51:16.415201 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:16.516950 osdx ubnt-cfgd[218265]: inactive Jun 25 09:51:16.540305 osdx dnscrypt-proxy[218192]: Stopped. Jun 25 09:51:16.540324 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:51:16.541420 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:51:16.541525 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:16.611403 osdx ca-certificates[218351]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:51:16.856830 osdx ca-certificates[218920]: done. Jun 25 09:51:16.860505 osdx ca-certificates[218930]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:17.276845 osdx ubnt-cfgd[219775]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:17.286773 osdx ca-certificates[219780]: 140 added, 0 removed; done. Jun 25 09:51:17.289570 osdx ca-certificates[219787]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:17.293278 osdx ca-certificates[219789]: done. Jun 25 09:51:17.308099 osdx INFO[219792]: FRR daemons did not change Jun 25 09:51:17.308620 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:17.310917 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:17.327686 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:18.632106 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:18.689747 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:18.790835 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:18.853461 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:18.949433 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:19.066556 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:19.135968 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 25 09:51:19.234544 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:19.331336 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:19.385808 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:19.502503 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:19.573041 osdx ubnt-cfgd[219826]: inactive Jun 25 09:51:19.598691 osdx INFO[219836]: FRR daemons did not change Jun 25 09:51:19.613388 osdx ca-certificates[219852]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:20.134723 osdx ubnt-cfgd[220850]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:20.143248 osdx ca-certificates[220855]: 1 added, 0 removed; done. Jun 25 09:51:20.146576 osdx ca-certificates[220862]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:20.149790 osdx ca-certificates[220864]: done. Jun 25 09:51:20.172041 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:20.332376 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:20.333697 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:20.344933 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:20.362652 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:20.364983 osdx dnscrypt-proxy[220974]: dnscrypt-proxy 2.0.45 Jun 25 09:51:20.365061 osdx dnscrypt-proxy[220974]: Network connectivity detected Jun 25 09:51:20.365289 osdx dnscrypt-proxy[220974]: Dropping privileges Jun 25 09:51:20.367978 osdx dnscrypt-proxy[220974]: Network connectivity detected Jun 25 09:51:20.368013 osdx dnscrypt-proxy[220974]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:20.368032 osdx dnscrypt-proxy[220974]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:20.368057 osdx dnscrypt-proxy[220974]: Firefox workaround initialized Jun 25 09:51:20.368062 osdx dnscrypt-proxy[220974]: Loading the set of cloaking rules from [/tmp/tmpw_7wki1x] Jun 25 09:51:20.556087 osdx dnscrypt-proxy[220974]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 25 09:51:20.556102 osdx dnscrypt-proxy[220974]: [RD] OK (DoH) - rtt: 121ms Jun 25 09:51:20.556110 osdx dnscrypt-proxy[220974]: Server with the lowest initial latency: RD (rtt: 121ms) Jun 25 09:51:20.556114 osdx dnscrypt-proxy[220974]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:51:23.031467 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jun 25 09:51:25.517990 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:51:27.590317 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 25 09:51:34.000487 osdx systemd-timedated[222651]: Changed local time to Wed 2025-06-25 09:51:34 UTC Jun 25 09:51:34.002630 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'set date 2025-06-25 09:51:34'. Jun 25 09:51:34.003248 osdx systemd-journald[1763]: Time jumped backwards, rotating. Jun 25 09:51:34.357759 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:51:34.359250 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:34.359308 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:34.368377 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:34.632586 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:51:34.925892 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:35.012676 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:35.102744 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:35.167935 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:35.262041 osdx ubnt-cfgd[222679]: inactive Jun 25 09:51:35.282624 osdx INFO[222687]: FRR daemons did not change Jun 25 09:51:35.303276 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:35.374941 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:35.388062 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:35.411540 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:35.565121 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:51:35.760731 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:35.822832 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:35.931021 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:35.998738 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:36.120981 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:36.189216 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:36.285263 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:51:36.344778 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:36.476445 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:36.569303 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:36.660178 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:36.802092 osdx ubnt-cfgd[222848]: inactive Jun 25 09:51:36.821149 osdx INFO[222856]: FRR daemons did not change Jun 25 09:51:36.832974 osdx ca-certificates[222872]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:37.324653 osdx ubnt-cfgd[223870]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:37.334920 osdx ca-certificates[223876]: 1 added, 0 removed; done. Jun 25 09:51:37.338009 osdx ca-certificates[223882]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:37.340825 osdx ca-certificates[223884]: done. Jun 25 09:51:37.419682 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:37.420929 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:37.423229 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:37.443081 osdx dnscrypt-proxy[223888]: dnscrypt-proxy 2.0.45 Jun 25 09:51:37.443144 osdx dnscrypt-proxy[223888]: Network connectivity detected Jun 25 09:51:37.443348 osdx dnscrypt-proxy[223888]: Dropping privileges Jun 25 09:51:37.445885 osdx dnscrypt-proxy[223888]: Network connectivity detected Jun 25 09:51:37.445919 osdx dnscrypt-proxy[223888]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:37.445924 osdx dnscrypt-proxy[223888]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:37.445948 osdx dnscrypt-proxy[223888]: Firefox workaround initialized Jun 25 09:51:37.445953 osdx dnscrypt-proxy[223888]: Loading the set of cloaking rules from [/tmp/tmps97bwniu] Jun 25 09:51:37.446964 osdx dnscrypt-proxy[223888]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 25 09:51:37.448871 osdx OSDxCLI[146429]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 25 09:51:44.307523 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.1M, max 15.3M, 13.2M free. Jun 25 09:51:44.310815 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:44.310869 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:44.317375 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:44.526630 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:51:44.750941 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:44.827421 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:44.914116 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:44.979455 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:45.075012 osdx ubnt-cfgd[225562]: inactive Jun 25 09:51:45.097120 osdx INFO[225570]: FRR daemons did not change Jun 25 09:51:45.118836 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:45.202780 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:45.213145 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:45.249134 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:45.395589 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:51:45.580522 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:45.664014 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:45.773915 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:45.853388 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:45.962523 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:46.067424 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:46.123794 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:51:46.236962 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:46.314863 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:46.394526 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:46.469648 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:46.560213 osdx ubnt-cfgd[225731]: inactive Jun 25 09:51:46.581564 osdx INFO[225739]: FRR daemons did not change Jun 25 09:51:46.593138 osdx ca-certificates[225754]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:47.113601 osdx ubnt-cfgd[226753]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:47.121817 osdx ca-certificates[226758]: 1 added, 0 removed; done. Jun 25 09:51:47.124844 osdx ca-certificates[226765]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:47.127619 osdx ca-certificates[226767]: done. Jun 25 09:51:47.199169 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:47.200561 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:47.202989 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:47.219742 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:47.222662 osdx dnscrypt-proxy[226771]: dnscrypt-proxy 2.0.45 Jun 25 09:51:47.222732 osdx dnscrypt-proxy[226771]: Network connectivity detected Jun 25 09:51:47.222992 osdx dnscrypt-proxy[226771]: Dropping privileges Jun 25 09:51:47.225445 osdx dnscrypt-proxy[226771]: Network connectivity detected Jun 25 09:51:47.225475 osdx dnscrypt-proxy[226771]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:47.225480 osdx dnscrypt-proxy[226771]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:47.225506 osdx dnscrypt-proxy[226771]: Firefox workaround initialized Jun 25 09:51:47.225512 osdx dnscrypt-proxy[226771]: Loading the set of cloaking rules from [/tmp/tmp6kponbub] Jun 25 09:51:47.226292 osdx dnscrypt-proxy[226771]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 25 09:51:47.445822 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:51:47.446823 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:47.446861 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:47.455214 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:47.709440 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:47.794041 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:51:47.901854 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:51:47.961262 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:48.060012 osdx ubnt-cfgd[226817]: inactive Jun 25 09:51:48.079788 osdx dnscrypt-proxy[226771]: Stopped. Jun 25 09:51:48.079814 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:51:48.080729 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:51:48.080821 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:48.163954 osdx ca-certificates[226903]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:51:48.410256 osdx ca-certificates[227473]: done. Jun 25 09:51:48.413413 osdx ca-certificates[227481]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:48.836509 osdx ubnt-cfgd[228327]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:48.845459 osdx ca-certificates[228333]: 140 added, 0 removed; done. Jun 25 09:51:48.848318 osdx ca-certificates[228339]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:48.851187 osdx ca-certificates[228341]: done. Jun 25 09:51:48.868712 osdx INFO[228344]: FRR daemons did not change Jun 25 09:51:48.869164 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:48.930793 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:48.961109 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:50.140441 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:50.202438 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:50.301292 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:50.366291 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:50.459433 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:50.520230 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:50.632387 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 25 09:51:50.685220 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:50.802667 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:50.856497 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:50.968209 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:51.036825 osdx ubnt-cfgd[228378]: inactive Jun 25 09:51:51.059895 osdx INFO[228388]: FRR daemons did not change Jun 25 09:51:51.072836 osdx ca-certificates[228404]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:51.574959 osdx ubnt-cfgd[229402]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:51.583038 osdx ca-certificates[229408]: 1 added, 0 removed; done. Jun 25 09:51:51.586062 osdx ca-certificates[229414]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:51.588787 osdx ca-certificates[229416]: done. Jun 25 09:51:51.606840 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:51.755097 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:51.756346 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:51.767255 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:51.790634 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:51.795656 osdx dnscrypt-proxy[229526]: dnscrypt-proxy 2.0.45 Jun 25 09:51:51.795721 osdx dnscrypt-proxy[229526]: Network connectivity detected Jun 25 09:51:51.795922 osdx dnscrypt-proxy[229526]: Dropping privileges Jun 25 09:51:51.797841 osdx dnscrypt-proxy[229526]: Network connectivity detected Jun 25 09:51:51.797867 osdx dnscrypt-proxy[229526]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:51.797871 osdx dnscrypt-proxy[229526]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:51.797890 osdx dnscrypt-proxy[229526]: Firefox workaround initialized Jun 25 09:51:51.797894 osdx dnscrypt-proxy[229526]: Loading the set of cloaking rules from [/tmp/tmpmlto_552] Jun 25 09:51:51.798757 osdx dnscrypt-proxy[229526]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 3
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jun 25 09:51:52.046530 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:51:52.046940 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:51:52.046968 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:51:52.058102 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:51:52.333066 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:52.393611 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:51:52.505872 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:51:52.571394 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:52.682318 osdx ubnt-cfgd[229591]: inactive Jun 25 09:51:52.702018 osdx dnscrypt-proxy[229526]: Stopped. Jun 25 09:51:52.702036 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:51:52.703313 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:51:52.703406 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:52.772966 osdx ca-certificates[229678]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:51:53.049221 osdx ca-certificates[230248]: done. Jun 25 09:51:53.053672 osdx ca-certificates[230260]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:53.450738 osdx ubnt-cfgd[231102]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:53.458747 osdx ca-certificates[231107]: 140 added, 0 removed; done. Jun 25 09:51:53.461533 osdx ca-certificates[231114]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:53.464291 osdx ca-certificates[231116]: done. Jun 25 09:51:53.478258 osdx INFO[231119]: FRR daemons did not change Jun 25 09:51:53.478642 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:53.568443 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:53.592694 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:54.853205 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:51:54.912995 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:51:55.015025 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:51:55.081482 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:51:55.207519 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:51:55.267688 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:51:55.364516 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:51:55.422584 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 25 09:51:55.521377 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:51:55.594790 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:51:55.684431 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:51:55.755545 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:51:55.854266 osdx ubnt-cfgd[231158]: inactive Jun 25 09:51:55.878562 osdx INFO[231168]: FRR daemons did not change Jun 25 09:51:55.893670 osdx ca-certificates[231184]: Updating certificates in /etc/ssl/certs... Jun 25 09:51:56.394393 osdx ubnt-cfgd[232182]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:51:56.402936 osdx ca-certificates[232187]: 1 added, 0 removed; done. Jun 25 09:51:56.406891 osdx ca-certificates[232194]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:51:56.410896 osdx ca-certificates[232196]: done. Jun 25 09:51:56.430831 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:51:56.583452 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:51:56.585436 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:51:56.611900 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:51:56.625331 osdx dnscrypt-proxy[232306]: dnscrypt-proxy 2.0.45 Jun 25 09:51:56.625420 osdx dnscrypt-proxy[232306]: Network connectivity detected Jun 25 09:51:56.625692 osdx dnscrypt-proxy[232306]: Dropping privileges Jun 25 09:51:56.629138 osdx dnscrypt-proxy[232306]: Network connectivity detected Jun 25 09:51:56.629182 osdx dnscrypt-proxy[232306]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:51:56.629189 osdx dnscrypt-proxy[232306]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:51:56.629216 osdx dnscrypt-proxy[232306]: Firefox workaround initialized Jun 25 09:51:56.629222 osdx dnscrypt-proxy[232306]: Loading the set of cloaking rules from [/tmp/tmpa2_4dvmc] Jun 25 09:51:56.630083 osdx dnscrypt-proxy[232306]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 25 09:51:56.655243 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:51:56.804470 osdx dnscrypt-proxy[232306]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 25 09:51:56.804494 osdx dnscrypt-proxy[232306]: [RD] OK (DoH) - rtt: 102ms Jun 25 09:51:56.804504 osdx dnscrypt-proxy[232306]: Server with the lowest initial latency: RD (rtt: 102ms) Jun 25 09:51:56.804509 osdx dnscrypt-proxy[232306]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 25 09:52:03.328033 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:52:03.329079 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:52:03.329121 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:52:03.337199 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:52:03.595085 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system coredump delete all'. Jun 25 09:52:03.835219 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:03.908961 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:03.996335 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:04.061733 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:04.155757 osdx ubnt-cfgd[234004]: inactive Jun 25 09:52:04.175915 osdx INFO[234012]: FRR daemons did not change Jun 25 09:52:04.193085 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:52:04.274690 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:04.288463 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:04.307523 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:04.459520 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 25 09:52:08.306659 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:08.367260 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:52:08.469639 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:52:08.533742 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:52:08.631870 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:52:08.755219 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:52:08.849425 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:52:08.921350 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 25 09:52:09.025325 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:52:09.144166 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:09.212305 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:09.337025 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:09.408546 osdx ubnt-cfgd[234176]: inactive Jun 25 09:52:09.427528 osdx INFO[234184]: FRR daemons did not change Jun 25 09:52:09.439164 osdx ca-certificates[234200]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:09.903156 osdx ubnt-cfgd[235198]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:09.910851 osdx ca-certificates[235204]: 1 added, 0 removed; done. Jun 25 09:52:09.913781 osdx ca-certificates[235210]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:09.916453 osdx ca-certificates[235212]: done. Jun 25 09:52:10.001512 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:10.002629 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:10.005045 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:10.039388 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:10.040158 osdx dnscrypt-proxy[235216]: dnscrypt-proxy 2.0.45 Jun 25 09:52:10.040386 osdx dnscrypt-proxy[235216]: Network connectivity detected Jun 25 09:52:10.040618 osdx dnscrypt-proxy[235216]: Dropping privileges Jun 25 09:52:10.043328 osdx dnscrypt-proxy[235216]: Network connectivity detected Jun 25 09:52:10.043369 osdx dnscrypt-proxy[235216]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:52:10.043375 osdx dnscrypt-proxy[235216]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:52:10.043406 osdx dnscrypt-proxy[235216]: Firefox workaround initialized Jun 25 09:52:10.043412 osdx dnscrypt-proxy[235216]: Loading the set of cloaking rules from [/tmp/tmpldzysmgr] Jun 25 09:52:10.202931 osdx dnscrypt-proxy[235216]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 25 09:52:10.202952 osdx dnscrypt-proxy[235216]: [RD] OK (DoH) - rtt: 103ms Jun 25 09:52:10.202962 osdx dnscrypt-proxy[235216]: Server with the lowest initial latency: RD (rtt: 103ms) Jun 25 09:52:10.202968 osdx dnscrypt-proxy[235216]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:52:15.186482 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:52:17.281934 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 25 09:52:17.488880 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:52:17.489594 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:52:17.489635 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:52:17.505082 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:52:17.953781 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:18.027307 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:52:18.168561 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:52:18.230882 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:18.332119 osdx ubnt-cfgd[235270]: inactive Jun 25 09:52:18.352385 osdx dnscrypt-proxy[235216]: Stopped. Jun 25 09:52:18.352463 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:52:18.353727 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:52:18.353849 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:18.427966 osdx ca-certificates[235356]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:52:18.693417 osdx ca-certificates[235926]: done. Jun 25 09:52:18.697000 osdx ca-certificates[235937]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:19.137745 osdx ubnt-cfgd[236780]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:19.145831 osdx ca-certificates[236785]: 140 added, 0 removed; done. Jun 25 09:52:19.149193 osdx ca-certificates[236792]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:19.152919 osdx ca-certificates[236794]: done. Jun 25 09:52:19.173586 osdx INFO[236797]: FRR daemons did not change Jun 25 09:52:19.174063 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:19.200565 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:19.217123 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:20.548418 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:20.622527 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:52:20.722549 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:52:20.790869 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:52:20.888159 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:52:20.994269 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:52:21.048118 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:52:21.151967 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 25 09:52:21.205829 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:52:21.331882 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:21.395467 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:21.514887 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:21.580155 osdx ubnt-cfgd[236834]: inactive Jun 25 09:52:21.605619 osdx INFO[236844]: FRR daemons did not change Jun 25 09:52:21.618740 osdx ca-certificates[236860]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:22.103484 osdx ubnt-cfgd[237858]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:22.110950 osdx ca-certificates[237863]: 1 added, 0 removed; done. Jun 25 09:52:22.113804 osdx ca-certificates[237870]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:22.116646 osdx ca-certificates[237872]: done. Jun 25 09:52:22.137084 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:52:22.285413 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:22.286433 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:22.301969 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:22.311062 osdx dnscrypt-proxy[237982]: dnscrypt-proxy 2.0.45 Jun 25 09:52:22.311121 osdx dnscrypt-proxy[237982]: Network connectivity detected Jun 25 09:52:22.311316 osdx dnscrypt-proxy[237982]: Dropping privileges Jun 25 09:52:22.313633 osdx dnscrypt-proxy[237982]: Network connectivity detected Jun 25 09:52:22.313669 osdx dnscrypt-proxy[237982]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:52:22.313674 osdx dnscrypt-proxy[237982]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:52:22.313693 osdx dnscrypt-proxy[237982]: Firefox workaround initialized Jun 25 09:52:22.313697 osdx dnscrypt-proxy[237982]: Loading the set of cloaking rules from [/tmp/tmp6pvwpoh6] Jun 25 09:52:22.333296 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:22.493323 osdx dnscrypt-proxy[237982]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 25 09:52:22.493344 osdx dnscrypt-proxy[237982]: [RD] OK (DoH) - rtt: 121ms Jun 25 09:52:22.493354 osdx dnscrypt-proxy[237982]: Server with the lowest initial latency: RD (rtt: 121ms) Jun 25 09:52:22.493360 osdx dnscrypt-proxy[237982]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:52:27.479366 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:52:29.573285 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 25 09:52:29.780188 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 3.8M, max 15.3M, 11.5M free. Jun 25 09:52:29.781082 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:52:29.781119 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:52:29.791917 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:52:30.053154 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:30.143146 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:52:30.221091 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:52:30.331187 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:30.402153 osdx ubnt-cfgd[238055]: inactive Jun 25 09:52:30.427449 osdx dnscrypt-proxy[237982]: Stopped. Jun 25 09:52:30.427494 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:52:30.428640 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:52:30.428736 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:30.504485 osdx ca-certificates[238141]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:52:30.796440 osdx ca-certificates[238710]: done. Jun 25 09:52:30.800925 osdx ca-certificates[238719]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:31.254875 osdx ubnt-cfgd[239565]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:31.266822 osdx ca-certificates[239571]: 140 added, 0 removed; done. Jun 25 09:52:31.269881 osdx ca-certificates[239577]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:31.272659 osdx ca-certificates[239579]: done. Jun 25 09:52:31.287174 osdx INFO[239582]: FRR daemons did not change Jun 25 09:52:31.287409 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:31.289820 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:31.324548 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:32.573460 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:32.641806 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:52:32.757783 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:52:32.838572 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:52:32.950999 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:52:33.030666 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jun 25 09:52:33.068834 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:52:33.130352 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 25 09:52:33.236668 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 25 09:52:33.291299 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:52:33.412574 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:33.495775 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:33.576364 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:33.673573 osdx ubnt-cfgd[239621]: inactive Jun 25 09:52:33.698414 osdx INFO[239631]: FRR daemons did not change Jun 25 09:52:33.710677 osdx ca-certificates[239647]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:34.211669 osdx ubnt-cfgd[240645]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:34.221677 osdx ca-certificates[240650]: 1 added, 0 removed; done. Jun 25 09:52:34.225335 osdx ca-certificates[240657]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:34.228933 osdx ca-certificates[240659]: done. Jun 25 09:52:34.257087 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:52:34.421425 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:34.422683 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:34.434243 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:34.448695 osdx dnscrypt-proxy[240769]: dnscrypt-proxy 2.0.45 Jun 25 09:52:34.448770 osdx dnscrypt-proxy[240769]: Network connectivity detected Jun 25 09:52:34.449521 osdx dnscrypt-proxy[240769]: Dropping privileges Jun 25 09:52:34.450567 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:34.453253 osdx dnscrypt-proxy[240769]: Network connectivity detected Jun 25 09:52:34.453281 osdx dnscrypt-proxy[240769]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:52:34.453285 osdx dnscrypt-proxy[240769]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:52:34.453303 osdx dnscrypt-proxy[240769]: Firefox workaround initialized Jun 25 09:52:34.453307 osdx dnscrypt-proxy[240769]: Loading the set of cloaking rules from [/tmp/tmp0ac2c3tv] Jun 25 09:52:34.634446 osdx dnscrypt-proxy[240769]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 25 09:52:34.634461 osdx dnscrypt-proxy[240769]: [RD] OK (DoH) - rtt: 121ms Jun 25 09:52:34.634471 osdx dnscrypt-proxy[240769]: Server with the lowest initial latency: RD (rtt: 121ms) Jun 25 09:52:34.634476 osdx dnscrypt-proxy[240769]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:52:39.612774 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:52:41.696336 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49199Show output
Jun 25 09:52:41.904359 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:52:41.905090 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:52:41.905125 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:52:41.914748 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:52:42.160319 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:42.220039 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:52:42.327783 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:52:42.391212 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:42.485403 osdx ubnt-cfgd[240841]: inactive Jun 25 09:52:42.506061 osdx dnscrypt-proxy[240769]: Stopped. Jun 25 09:52:42.506073 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:52:42.507061 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:52:42.507160 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:42.583598 osdx ca-certificates[240926]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:52:42.859185 osdx ca-certificates[241497]: done. Jun 25 09:52:42.862013 osdx ca-certificates[241505]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:43.268331 osdx ubnt-cfgd[242351]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:43.276153 osdx ca-certificates[242356]: 140 added, 0 removed; done. Jun 25 09:52:43.278953 osdx ca-certificates[242363]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:43.281708 osdx ca-certificates[242365]: done. Jun 25 09:52:43.298657 osdx INFO[242368]: FRR daemons did not change Jun 25 09:52:43.298874 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:43.301113 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:43.317246 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:44.533398 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:44.595650 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:52:44.698236 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:52:44.767350 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:52:44.851836 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:52:44.913549 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:52:45.004696 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 25 09:52:45.065778 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 25 09:52:45.158177 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:52:45.232330 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:45.307854 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:45.429202 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:45.495876 osdx ubnt-cfgd[242405]: inactive Jun 25 09:52:45.519221 osdx INFO[242415]: FRR daemons did not change Jun 25 09:52:45.533320 osdx ca-certificates[242431]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:45.997878 osdx ubnt-cfgd[243429]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:46.005297 osdx ca-certificates[243434]: 1 added, 0 removed; done. Jun 25 09:52:46.008009 osdx ca-certificates[243441]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:46.010735 osdx ca-certificates[243443]: done. Jun 25 09:52:46.029088 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:52:46.177463 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:46.178868 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:46.195335 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:46.218487 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:46.220343 osdx dnscrypt-proxy[243553]: dnscrypt-proxy 2.0.45 Jun 25 09:52:46.220415 osdx dnscrypt-proxy[243553]: Network connectivity detected Jun 25 09:52:46.220637 osdx dnscrypt-proxy[243553]: Dropping privileges Jun 25 09:52:46.223234 osdx dnscrypt-proxy[243553]: Network connectivity detected Jun 25 09:52:46.223263 osdx dnscrypt-proxy[243553]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:52:46.223267 osdx dnscrypt-proxy[243553]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:52:46.223287 osdx dnscrypt-proxy[243553]: Firefox workaround initialized Jun 25 09:52:46.223291 osdx dnscrypt-proxy[243553]: Loading the set of cloaking rules from [/tmp/tmpxr6eljzd] Jun 25 09:52:46.382263 osdx dnscrypt-proxy[243553]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 25 09:52:46.382279 osdx dnscrypt-proxy[243553]: [RD] OK (DoH) - rtt: 96ms Jun 25 09:52:46.382288 osdx dnscrypt-proxy[243553]: Server with the lowest initial latency: RD (rtt: 96ms) Jun 25 09:52:46.382294 osdx dnscrypt-proxy[243553]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:52:51.367595 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:52:53.451597 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 49200Show output
Jun 25 09:52:53.738321 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:52:53.741079 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:52:53.741140 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:52:53.748553 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:52:54.033341 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:54.095549 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:52:54.257646 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:52:54.355137 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:54.423750 osdx ubnt-cfgd[243625]: inactive Jun 25 09:52:54.447550 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:52:54.447555 osdx dnscrypt-proxy[243553]: Stopped. Jun 25 09:52:54.448991 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:52:54.449171 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:54.527145 osdx ca-certificates[243711]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:52:54.806729 osdx ca-certificates[244281]: done. Jun 25 09:52:54.810054 osdx ca-certificates[244290]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:55.288306 osdx ubnt-cfgd[245135]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:55.297483 osdx ca-certificates[245140]: 140 added, 0 removed; done. Jun 25 09:52:55.301179 osdx ca-certificates[245147]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:55.304913 osdx ca-certificates[245149]: done. Jun 25 09:52:55.322802 osdx INFO[245152]: FRR daemons did not change Jun 25 09:52:55.323104 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:55.326259 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:55.355434 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:56.729317 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:52:56.807467 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:52:56.918777 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:52:56.999905 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:52:57.127389 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:52:57.252081 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:52:57.368562 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 25 09:52:57.434502 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 25 09:52:57.568644 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:52:57.662782 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:52:57.764539 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:52:57.862286 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:52:57.955699 osdx ubnt-cfgd[245189]: inactive Jun 25 09:52:57.981999 osdx INFO[245199]: FRR daemons did not change Jun 25 09:52:57.997540 osdx ca-certificates[245215]: Updating certificates in /etc/ssl/certs... Jun 25 09:52:58.521976 osdx ubnt-cfgd[246213]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:52:58.530188 osdx ca-certificates[246219]: 1 added, 0 removed; done. Jun 25 09:52:58.533184 osdx ca-certificates[246225]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:52:58.536160 osdx ca-certificates[246227]: done. Jun 25 09:52:58.557086 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:52:58.709447 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:52:58.710622 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:52:58.724276 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:52:58.735529 osdx dnscrypt-proxy[246337]: dnscrypt-proxy 2.0.45 Jun 25 09:52:58.735596 osdx dnscrypt-proxy[246337]: Network connectivity detected Jun 25 09:52:58.735814 osdx dnscrypt-proxy[246337]: Dropping privileges Jun 25 09:52:58.738306 osdx dnscrypt-proxy[246337]: Network connectivity detected Jun 25 09:52:58.738338 osdx dnscrypt-proxy[246337]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:52:58.738344 osdx dnscrypt-proxy[246337]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:52:58.738369 osdx dnscrypt-proxy[246337]: Firefox workaround initialized Jun 25 09:52:58.738374 osdx dnscrypt-proxy[246337]: Loading the set of cloaking rules from [/tmp/tmpckzi1egz] Jun 25 09:52:58.750406 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:52:58.909839 osdx dnscrypt-proxy[246337]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 25 09:52:58.909853 osdx dnscrypt-proxy[246337]: [RD] OK (DoH) - rtt: 110ms Jun 25 09:52:58.909862 osdx dnscrypt-proxy[246337]: Server with the lowest initial latency: RD (rtt: 110ms) Jun 25 09:52:58.909866 osdx dnscrypt-proxy[246337]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:53:03.916485 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:53:06.018973 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0
:
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A
at DUT0
and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat
at DUT0
and check if output contains the following tokens:
Cipher suite: 52392Show output
Jun 25 09:53:06.295486 osdx systemd-journald[1763]: Runtime Journal (/run/log/journal/68a40460747548beabf18e9bf53e3a28) is 2.0M, max 15.3M, 13.3M free. Jun 25 09:53:06.297077 osdx systemd-journald[1763]: Received client request to rotate journal, rotating. Jun 25 09:53:06.297124 osdx systemd-journald[1763]: Vacuuming done, freed 0B of archived journals from /run/log/journal/68a40460747548beabf18e9bf53e3a28. Jun 25 09:53:06.305118 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'system journal clear'. Jun 25 09:53:06.777588 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:53:06.837793 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'delete '. Jun 25 09:53:06.951226 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 25 09:53:07.020906 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:53:07.119865 osdx ubnt-cfgd[246413]: inactive Jun 25 09:53:07.141291 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jun 25 09:53:07.141351 osdx dnscrypt-proxy[246337]: Stopped. Jun 25 09:53:07.142842 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jun 25 09:53:07.142941 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:53:07.217695 osdx ca-certificates[246499]: Clearing symlinks in /etc/ssl/certs... Jun 25 09:53:07.495324 osdx ca-certificates[247068]: done. Jun 25 09:53:07.498295 osdx ca-certificates[247077]: Updating certificates in /etc/ssl/certs... Jun 25 09:53:07.962806 osdx ubnt-cfgd[247923]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:53:07.973373 osdx ca-certificates[247928]: 140 added, 0 removed; done. Jun 25 09:53:07.977172 osdx ca-certificates[247935]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:53:07.979993 osdx ca-certificates[247937]: done. Jun 25 09:53:07.997322 osdx INFO[247940]: FRR daemons did not change Jun 25 09:53:07.997751 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:53:08.031987 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:53:08.061717 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:53:09.379828 osdx OSDxCLI[146429]: User 'admin' entered the configuration menu. Jun 25 09:53:09.443710 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 25 09:53:09.542884 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 25 09:53:09.610040 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 25 09:53:09.703268 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 25 09:53:09.764447 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'. Jun 25 09:53:09.862944 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 25 09:53:09.920369 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 25 09:53:10.014693 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 25 09:53:10.096245 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 25 09:53:10.186061 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 25 09:53:10.264928 osdx OSDxCLI[146429]: User 'admin' added a new cfg line: 'show working'. Jun 25 09:53:10.359328 osdx ubnt-cfgd[247977]: inactive Jun 25 09:53:10.380946 osdx INFO[247987]: FRR daemons did not change Jun 25 09:53:10.394971 osdx ca-certificates[248003]: Updating certificates in /etc/ssl/certs... Jun 25 09:53:10.881019 osdx ubnt-cfgd[249001]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jun 25 09:53:10.889493 osdx ca-certificates[249007]: 1 added, 0 removed; done. Jun 25 09:53:10.892386 osdx ca-certificates[249013]: Running hooks in /etc/ca-certificates/update.d... Jun 25 09:53:10.895304 osdx ca-certificates[249015]: done. Jun 25 09:53:10.917094 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 25 09:53:11.049436 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jun 25 09:53:11.050586 osdx cfgd[1463]: [146429]Completed change to active configuration Jun 25 09:53:11.066534 osdx OSDxCLI[146429]: User 'admin' committed the configuration. Jun 25 09:53:11.078375 osdx dnscrypt-proxy[249125]: dnscrypt-proxy 2.0.45 Jun 25 09:53:11.078448 osdx dnscrypt-proxy[249125]: Network connectivity detected Jun 25 09:53:11.078669 osdx dnscrypt-proxy[249125]: Dropping privileges Jun 25 09:53:11.081004 osdx dnscrypt-proxy[249125]: Network connectivity detected Jun 25 09:53:11.081182 osdx dnscrypt-proxy[249125]: Now listening to 127.0.0.1:53 [UDP] Jun 25 09:53:11.081216 osdx dnscrypt-proxy[249125]: Now listening to 127.0.0.1:53 [TCP] Jun 25 09:53:11.081259 osdx dnscrypt-proxy[249125]: Firefox workaround initialized Jun 25 09:53:11.081288 osdx dnscrypt-proxy[249125]: Loading the set of cloaking rules from [/tmp/tmpkmli46s2] Jun 25 09:53:11.090887 osdx OSDxCLI[146429]: User 'admin' left the configuration menu. Jun 25 09:53:11.267822 osdx dnscrypt-proxy[249125]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 25 09:53:11.267841 osdx dnscrypt-proxy[249125]: [RD] OK (DoH) - rtt: 116ms Jun 25 09:53:11.267854 osdx dnscrypt-proxy[249125]: Server with the lowest initial latency: RD (rtt: 116ms) Jun 25 09:53:11.267861 osdx dnscrypt-proxy[249125]: dnscrypt-proxy is ready - live servers: 1 Jun 25 09:53:16.240387 osdx OSDxCLI[146429]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jun 25 09:53:18.342776 osdx OSDxCLI[146429]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.