Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 28 08:50:14.561189 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.1M, max 15.3M, 13.2M free. Jul 28 08:50:14.563770 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:50:14.563854 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:50:14.586498 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:50:15.105755 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:50:15.673549 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:15.836050 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:50:15.966326 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:50:16.127446 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:16.278433 osdx ubnt-cfgd[198498]: inactive Jul 28 08:50:16.320196 osdx INFO[198506]: FRR daemons did not change Jul 28 08:50:16.351464 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:50:16.486155 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:16.506289 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:16.541322 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:16.765341 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:50:17.069597 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:17.261086 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:50:17.414964 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:50:17.608116 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:50:17.782365 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:50:17.972589 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:50:18.146352 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 28 08:50:18.317031 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:50:18.571091 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:50:18.699870 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:50:18.915300 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:19.114146 osdx ubnt-cfgd[198667]: inactive Jul 28 08:50:19.275397 osdx INFO[198675]: FRR daemons did not change Jul 28 08:50:19.299034 osdx ca-certificates[198690]: Updating certificates in /etc/ssl/certs... Jul 28 08:50:20.634876 osdx ubnt-cfgd[199689]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:50:20.652519 osdx ca-certificates[199694]: 1 added, 0 removed; done. Jul 28 08:50:20.659116 osdx ca-certificates[199701]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:50:20.665816 osdx ca-certificates[199703]: done. Jul 28 08:50:20.792333 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:50:20.796914 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:20.801964 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:20.842454 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:20.844342 osdx dnscrypt-proxy[199707]: dnscrypt-proxy 2.0.45 Jul 28 08:50:20.844472 osdx dnscrypt-proxy[199707]: Network connectivity detected Jul 28 08:50:20.844806 osdx dnscrypt-proxy[199707]: Dropping privileges Jul 28 08:50:20.852189 osdx dnscrypt-proxy[199707]: Network connectivity detected Jul 28 08:50:20.852243 osdx dnscrypt-proxy[199707]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:50:20.852251 osdx dnscrypt-proxy[199707]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:50:20.852287 osdx dnscrypt-proxy[199707]: Firefox workaround initialized Jul 28 08:50:20.852345 osdx dnscrypt-proxy[199707]: Loading the set of cloaking rules from [/tmp/tmpyi80c1de] Jul 28 08:50:21.054179 osdx dnscrypt-proxy[199707]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 28 08:50:21.054418 osdx dnscrypt-proxy[199707]: [RD] OK (DoH) - rtt: 118ms Jul 28 08:50:21.054545 osdx dnscrypt-proxy[199707]: Server with the lowest initial latency: RD (rtt: 118ms) Jul 28 08:50:21.054905 osdx dnscrypt-proxy[199707]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:50:21.182872 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 28 08:50:34.662812 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:50:34.666352 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:50:34.666503 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:50:34.700149 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:50:35.190996 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:50:35.699770 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:35.931929 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:50:36.040074 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:50:36.194218 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:36.307118 osdx ubnt-cfgd[201386]: inactive Jul 28 08:50:36.344696 osdx INFO[201394]: FRR daemons did not change Jul 28 08:50:36.553901 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:50:36.679403 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:36.697815 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:36.727434 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:36.940505 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:50:37.214107 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:37.330947 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:50:37.442558 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:50:37.621524 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:50:37.738969 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:50:37.894034 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:50:38.017839 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 28 08:50:38.144718 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:50:38.306371 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:50:38.413768 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:50:38.593631 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:38.764331 osdx ubnt-cfgd[201555]: inactive Jul 28 08:50:38.846766 osdx INFO[201563]: FRR daemons did not change Jul 28 08:50:38.869017 osdx ca-certificates[201578]: Updating certificates in /etc/ssl/certs... Jul 28 08:50:40.090463 osdx ubnt-cfgd[202577]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:50:40.103926 osdx ca-certificates[202582]: 1 added, 0 removed; done. Jul 28 08:50:40.110538 osdx ca-certificates[202589]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:50:40.117744 osdx ca-certificates[202591]: done. Jul 28 08:50:40.274776 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:50:40.288184 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:40.291710 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:40.339690 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:40.342525 osdx dnscrypt-proxy[202595]: dnscrypt-proxy 2.0.45 Jul 28 08:50:40.342634 osdx dnscrypt-proxy[202595]: Network connectivity detected Jul 28 08:50:40.342997 osdx dnscrypt-proxy[202595]: Dropping privileges Jul 28 08:50:40.348772 osdx dnscrypt-proxy[202595]: Network connectivity detected Jul 28 08:50:40.348845 osdx dnscrypt-proxy[202595]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:50:40.348854 osdx dnscrypt-proxy[202595]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:50:40.348917 osdx dnscrypt-proxy[202595]: Firefox workaround initialized Jul 28 08:50:40.349680 osdx dnscrypt-proxy[202595]: Loading the set of cloaking rules from [/tmp/tmpkcseasqj] Jul 28 08:50:40.562458 osdx dnscrypt-proxy[202595]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 28 08:50:40.562496 osdx dnscrypt-proxy[202595]: [RD] OK (DoH) - rtt: 108ms Jul 28 08:50:40.562514 osdx dnscrypt-proxy[202595]: Server with the lowest initial latency: RD (rtt: 108ms) Jul 28 08:50:40.562523 osdx dnscrypt-proxy[202595]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:50:45.572445 osdx OSDxCLI[196423]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 28 08:50:47.801363 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 28 08:50:48.276199 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:50:48.277888 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:50:48.277956 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:50:48.294743 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:50:48.824176 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:48.959472 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:50:49.144987 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:50:49.263916 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:49.418237 osdx ubnt-cfgd[202649]: inactive Jul 28 08:50:49.490030 osdx dnscrypt-proxy[202595]: Stopped. Jul 28 08:50:49.490155 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:50:49.491915 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:50:49.492091 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:50:49.613939 osdx ca-certificates[202736]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:50:50.363553 osdx ca-certificates[203305]: done. Jul 28 08:50:50.373714 osdx ca-certificates[203314]: Updating certificates in /etc/ssl/certs... Jul 28 08:50:51.157371 osdx ubnt-cfgd[204160]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:50:51.170873 osdx ca-certificates[204166]: 140 added, 0 removed; done. Jul 28 08:50:51.175454 osdx ca-certificates[204172]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:50:51.181488 osdx ca-certificates[204174]: done. Jul 28 08:50:51.202765 osdx INFO[204177]: FRR daemons did not change Jul 28 08:50:51.203328 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:51.334964 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:51.379089 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:53.582541 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:53.735691 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:50:53.874356 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:50:54.017768 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:50:54.118125 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:50:54.251769 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:50:54.372001 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 28 08:50:54.500223 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:50:54.691428 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:50:54.820518 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:50:54.986798 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:55.127557 osdx ubnt-cfgd[204211]: inactive Jul 28 08:50:55.169147 osdx INFO[204221]: FRR daemons did not change Jul 28 08:50:55.193959 osdx ca-certificates[204236]: Updating certificates in /etc/ssl/certs... Jul 28 08:50:56.572787 osdx ubnt-cfgd[205235]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:50:56.622005 osdx ca-certificates[205240]: 1 added, 0 removed; done. Jul 28 08:50:56.629773 osdx ca-certificates[205247]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:50:56.636514 osdx ca-certificates[205249]: done. Jul 28 08:50:56.698494 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:50:57.063231 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:50:57.072135 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:50:57.107662 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:50:57.165828 osdx dnscrypt-proxy[205359]: dnscrypt-proxy 2.0.45 Jul 28 08:50:57.165944 osdx dnscrypt-proxy[205359]: Network connectivity detected Jul 28 08:50:57.166302 osdx dnscrypt-proxy[205359]: Dropping privileges Jul 28 08:50:57.171989 osdx dnscrypt-proxy[205359]: Network connectivity detected Jul 28 08:50:57.172075 osdx dnscrypt-proxy[205359]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:50:57.172083 osdx dnscrypt-proxy[205359]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:50:57.172132 osdx dnscrypt-proxy[205359]: Firefox workaround initialized Jul 28 08:50:57.172140 osdx dnscrypt-proxy[205359]: Loading the set of cloaking rules from [/tmp/tmpgrp_b_3k] Jul 28 08:50:57.204912 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:50:57.480500 osdx dnscrypt-proxy[205359]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 28 08:50:57.480533 osdx dnscrypt-proxy[205359]: [RD] OK (DoH) - rtt: 170ms Jul 28 08:50:57.480546 osdx dnscrypt-proxy[205359]: Server with the lowest initial latency: RD (rtt: 170ms) Jul 28 08:50:57.480555 osdx dnscrypt-proxy[205359]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:50:57.645548 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 28 08:50:58.262471 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:50:58.265963 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:50:58.266110 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:50:58.309487 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:50:58.988747 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:50:59.129837 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:50:59.352557 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:50:59.526915 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:50:59.756657 osdx ubnt-cfgd[205429]: inactive Jul 28 08:50:59.894875 osdx dnscrypt-proxy[205359]: Stopped. Jul 28 08:50:59.908599 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:50:59.909473 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:50:59.909646 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:51:00.217349 osdx ca-certificates[205515]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:51:01.385553 osdx ca-certificates[206085]: done. Jul 28 08:51:01.414578 osdx ca-certificates[206094]: Updating certificates in /etc/ssl/certs... Jul 28 08:51:02.929715 osdx ubnt-cfgd[206942]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:51:02.975493 osdx ca-certificates[206952]: 140 added, 0 removed; done. Jul 28 08:51:02.986927 osdx ca-certificates[206954]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:51:02.994538 osdx ca-certificates[206956]: done. Jul 28 08:51:03.027071 osdx INFO[206959]: FRR daemons did not change Jul 28 08:51:03.027854 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:51:03.034821 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:51:03.106811 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:51:04.033525 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jul 28 08:51:05.829154 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:51:05.986911 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:51:06.173182 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:51:06.355631 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:51:06.535678 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:51:06.808725 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:51:06.926843 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 28 08:51:07.080128 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:51:07.274341 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:51:07.396513 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:51:07.579776 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:51:07.738822 osdx ubnt-cfgd[206995]: inactive Jul 28 08:51:07.885131 osdx INFO[207005]: FRR daemons did not change Jul 28 08:51:07.914619 osdx ca-certificates[207021]: Updating certificates in /etc/ssl/certs... Jul 28 08:51:09.757646 osdx ubnt-cfgd[208019]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:51:09.783564 osdx ca-certificates[208024]: 1 added, 0 removed; done. Jul 28 08:51:09.783796 osdx ca-certificates[208028]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:51:09.794040 osdx ca-certificates[208031]: done. Jul 28 08:51:09.857913 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:51:10.234754 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:51:10.237334 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:51:10.265084 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:51:10.316959 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:51:10.320859 osdx dnscrypt-proxy[208143]: dnscrypt-proxy 2.0.45 Jul 28 08:51:10.321011 osdx dnscrypt-proxy[208143]: Network connectivity detected Jul 28 08:51:10.321676 osdx dnscrypt-proxy[208143]: Dropping privileges Jul 28 08:51:10.349483 osdx dnscrypt-proxy[208143]: Network connectivity detected Jul 28 08:51:10.349554 osdx dnscrypt-proxy[208143]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:51:10.349566 osdx dnscrypt-proxy[208143]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:51:10.349614 osdx dnscrypt-proxy[208143]: Firefox workaround initialized Jul 28 08:51:10.349628 osdx dnscrypt-proxy[208143]: Loading the set of cloaking rules from [/tmp/tmpwnxh3xk7] Jul 28 08:51:10.793571 osdx dnscrypt-proxy[208143]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:51:10.793607 osdx dnscrypt-proxy[208143]: [RD] OK (DoH) - rtt: 114ms Jul 28 08:51:10.793621 osdx dnscrypt-proxy[208143]: Server with the lowest initial latency: RD (rtt: 114ms) Jul 28 08:51:10.793629 osdx dnscrypt-proxy[208143]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:51:15.631539 osdx OSDxCLI[196423]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 28 08:51:17.876461 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 28 08:51:33.748944 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 08:51:33.752242 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:51:33.752338 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:51:33.775783 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:51:34.345080 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:51:35.043578 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:51:35.349319 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:51:35.529281 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:51:35.733543 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:51:35.912746 osdx ubnt-cfgd[209846]: inactive Jul 28 08:51:35.991817 osdx INFO[209854]: FRR daemons did not change Jul 28 08:51:36.035259 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:51:36.285514 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:51:36.326956 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:51:36.386832 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:51:36.755332 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:51:37.297021 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:51:37.452279 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:51:37.681784 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:51:37.980322 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:51:38.193234 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:51:38.337005 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:51:38.539106 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:51:38.685674 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:51:38.905044 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:51:39.028395 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:51:39.267295 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:51:39.459269 osdx ubnt-cfgd[210015]: inactive Jul 28 08:51:39.633656 osdx INFO[210023]: FRR daemons did not change Jul 28 08:51:39.673956 osdx ca-certificates[210039]: Updating certificates in /etc/ssl/certs... Jul 28 08:51:40.967467 osdx ubnt-cfgd[211037]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:51:40.983931 osdx ca-certificates[211042]: 1 added, 0 removed; done. Jul 28 08:51:40.990624 osdx ca-certificates[211048]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:51:41.002837 osdx ca-certificates[211051]: done. Jul 28 08:51:41.172362 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:51:41.193009 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:51:41.198367 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:51:41.247470 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:51:41.289464 osdx dnscrypt-proxy[211055]: dnscrypt-proxy 2.0.45 Jul 28 08:51:41.289564 osdx dnscrypt-proxy[211055]: Network connectivity detected Jul 28 08:51:41.289876 osdx dnscrypt-proxy[211055]: Dropping privileges Jul 28 08:51:41.302061 osdx dnscrypt-proxy[211055]: Network connectivity detected Jul 28 08:51:41.302207 osdx dnscrypt-proxy[211055]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:51:41.302222 osdx dnscrypt-proxy[211055]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:51:41.302264 osdx dnscrypt-proxy[211055]: Firefox workaround initialized Jul 28 08:51:41.302272 osdx dnscrypt-proxy[211055]: Loading the set of cloaking rules from [/tmp/tmpicidyoru] Jul 28 08:51:41.305854 osdx dnscrypt-proxy[211055]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 28 08:51:55.571023 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.3M, max 15.3M, 13.0M free. Jul 28 08:51:55.572892 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:51:55.572994 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:51:55.594995 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:51:56.074523 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:51:56.634644 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:51:56.894802 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:51:57.058713 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:51:57.222958 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:51:57.450744 osdx ubnt-cfgd[212732]: inactive Jul 28 08:51:57.535731 osdx INFO[212740]: FRR daemons did not change Jul 28 08:51:57.596955 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:51:57.834330 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:51:57.861987 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:51:57.931788 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:51:58.218537 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:51:58.639464 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:51:58.796737 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:51:58.981735 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:51:59.186676 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:51:59.319719 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:51:59.500562 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:51:59.707740 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:51:59.842268 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:52:00.040245 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:00.218692 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:00.431589 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:00.631068 osdx ubnt-cfgd[212901]: inactive Jul 28 08:52:00.756464 osdx INFO[212909]: FRR daemons did not change Jul 28 08:52:00.800140 osdx ca-certificates[212925]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:02.753599 osdx ubnt-cfgd[213923]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:02.780965 osdx ca-certificates[213930]: 1 added, 0 removed; done. Jul 28 08:52:02.787835 osdx ca-certificates[213938]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:02.801132 osdx ca-certificates[213940]: done. Jul 28 08:52:02.949670 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:02.955636 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:02.964799 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:02.996378 osdx dnscrypt-proxy[213944]: dnscrypt-proxy 2.0.45 Jul 28 08:52:02.996476 osdx dnscrypt-proxy[213944]: Network connectivity detected Jul 28 08:52:02.996779 osdx dnscrypt-proxy[213944]: Dropping privileges Jul 28 08:52:03.000822 osdx dnscrypt-proxy[213944]: Network connectivity detected Jul 28 08:52:03.000904 osdx dnscrypt-proxy[213944]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:52:03.000913 osdx dnscrypt-proxy[213944]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:52:03.000958 osdx dnscrypt-proxy[213944]: Firefox workaround initialized Jul 28 08:52:03.000966 osdx dnscrypt-proxy[213944]: Loading the set of cloaking rules from [/tmp/tmpr4_esd_b] Jul 28 08:52:03.006609 osdx dnscrypt-proxy[213944]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 28 08:52:03.052681 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:03.231059 osdx dnscrypt-proxy[213944]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:52:03.231083 osdx dnscrypt-proxy[213944]: [RD] OK (DoH) - rtt: 111ms Jul 28 08:52:03.231095 osdx dnscrypt-proxy[213944]: Server with the lowest initial latency: RD (rtt: 111ms) Jul 28 08:52:03.231104 osdx dnscrypt-proxy[213944]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 28 08:52:03.520698 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:52:03.521499 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:52:03.521547 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:52:03.554044 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:52:04.143658 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:04.266540 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:52:04.439178 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:52:04.642180 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:04.758068 osdx ubnt-cfgd[213992]: inactive Jul 28 08:52:04.794909 osdx dnscrypt-proxy[213944]: Stopped. Jul 28 08:52:04.795043 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:52:04.796947 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:52:04.797106 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:04.977734 osdx ca-certificates[214077]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:52:05.682313 osdx ca-certificates[214647]: done. Jul 28 08:52:05.687487 osdx ca-certificates[214655]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:06.702477 osdx ubnt-cfgd[215502]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:06.725429 osdx ca-certificates[215507]: 140 added, 0 removed; done. Jul 28 08:52:06.730399 osdx ca-certificates[215511]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:06.734375 osdx ca-certificates[215516]: done. Jul 28 08:52:06.770073 osdx INFO[215519]: FRR daemons did not change Jul 28 08:52:06.774835 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:06.778789 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:06.843210 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:09.178049 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:09.327248 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:52:09.475192 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:52:09.667753 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:52:09.846703 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:52:09.995646 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:52:10.171486 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 28 08:52:10.350763 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:52:10.564202 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:10.691346 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:10.890787 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:11.049251 osdx ubnt-cfgd[215553]: inactive Jul 28 08:52:11.095434 osdx INFO[215563]: FRR daemons did not change Jul 28 08:52:11.123034 osdx ca-certificates[215578]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:12.421905 osdx ubnt-cfgd[216577]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:12.437529 osdx ca-certificates[216582]: 1 added, 0 removed; done. Jul 28 08:52:12.443795 osdx ca-certificates[216589]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:12.452565 osdx ca-certificates[216591]: done. Jul 28 08:52:12.490391 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:52:12.821801 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:12.824758 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:12.854949 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:12.866275 osdx dnscrypt-proxy[216701]: dnscrypt-proxy 2.0.45 Jul 28 08:52:12.867083 osdx dnscrypt-proxy[216701]: Network connectivity detected Jul 28 08:52:12.869546 osdx dnscrypt-proxy[216701]: Dropping privileges Jul 28 08:52:12.874318 osdx dnscrypt-proxy[216701]: Network connectivity detected Jul 28 08:52:12.874376 osdx dnscrypt-proxy[216701]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:52:12.874385 osdx dnscrypt-proxy[216701]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:52:12.874465 osdx dnscrypt-proxy[216701]: Firefox workaround initialized Jul 28 08:52:12.874473 osdx dnscrypt-proxy[216701]: Loading the set of cloaking rules from [/tmp/tmp2imkwdjj] Jul 28 08:52:12.876349 osdx dnscrypt-proxy[216701]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 28 08:52:12.911174 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:13.080529 osdx dnscrypt-proxy[216701]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:52:13.080816 osdx dnscrypt-proxy[216701]: [RD] OK (DoH) - rtt: 114ms Jul 28 08:52:13.081051 osdx dnscrypt-proxy[216701]: Server with the lowest initial latency: RD (rtt: 114ms) Jul 28 08:52:13.081123 osdx dnscrypt-proxy[216701]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jul 28 08:52:13.466349 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.1M, max 15.3M, 13.1M free. Jul 28 08:52:13.470280 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:52:13.470391 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:52:13.490281 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:52:14.110768 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:14.284269 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:52:14.499793 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:52:14.703199 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:14.870042 osdx ubnt-cfgd[216766]: inactive Jul 28 08:52:14.917144 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:52:14.917336 osdx dnscrypt-proxy[216701]: Stopped. Jul 28 08:52:14.919926 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:52:14.920100 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:15.137444 osdx ca-certificates[216859]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:52:16.010307 osdx ca-certificates[217422]: done. Jul 28 08:52:16.022310 osdx ca-certificates[217429]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:17.280985 osdx ubnt-cfgd[218276]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:17.290776 osdx ca-certificates[218283]: 140 added, 0 removed; done. Jul 28 08:52:17.297379 osdx ca-certificates[218285]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:17.304197 osdx ca-certificates[218290]: done. Jul 28 08:52:17.343617 osdx INFO[218293]: FRR daemons did not change Jul 28 08:52:17.344540 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:17.350588 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:17.402844 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:20.258093 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:20.413418 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:52:20.605668 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:52:20.842872 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:52:21.044121 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:52:21.215613 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:52:21.373680 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:52:21.546002 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 28 08:52:21.690785 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:52:21.886670 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:22.054943 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:22.318828 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:22.502098 osdx ubnt-cfgd[218330]: inactive Jul 28 08:52:22.580087 osdx INFO[218340]: FRR daemons did not change Jul 28 08:52:22.625371 osdx ca-certificates[218356]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:24.272693 osdx ubnt-cfgd[219354]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:24.307073 osdx ca-certificates[219361]: 1 added, 0 removed; done. Jul 28 08:52:24.318686 osdx ca-certificates[219365]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:24.324704 osdx ca-certificates[219368]: done. Jul 28 08:52:24.376895 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:52:24.681124 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:24.690073 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:24.730408 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:24.744956 osdx dnscrypt-proxy[219478]: dnscrypt-proxy 2.0.45 Jul 28 08:52:24.745051 osdx dnscrypt-proxy[219478]: Network connectivity detected Jul 28 08:52:24.745445 osdx dnscrypt-proxy[219478]: Dropping privileges Jul 28 08:52:24.754052 osdx dnscrypt-proxy[219478]: Network connectivity detected Jul 28 08:52:24.754105 osdx dnscrypt-proxy[219478]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:52:24.754114 osdx dnscrypt-proxy[219478]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:52:24.754171 osdx dnscrypt-proxy[219478]: Firefox workaround initialized Jul 28 08:52:24.754626 osdx dnscrypt-proxy[219478]: Loading the set of cloaking rules from [/tmp/tmpwxftkkn_] Jul 28 08:52:24.756950 osdx dnscrypt-proxy[219478]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jul 28 08:52:24.869921 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:25.002765 osdx dnscrypt-proxy[219478]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:52:25.002795 osdx dnscrypt-proxy[219478]: [RD] OK (DoH) - rtt: 130ms Jul 28 08:52:25.002808 osdx dnscrypt-proxy[219478]: Server with the lowest initial latency: RD (rtt: 130ms) Jul 28 08:52:25.002816 osdx dnscrypt-proxy[219478]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 28 08:52:39.000599 osdx systemd-timedated[221148]: Changed local time to Mon 2025-07-28 08:52:39 UTC Jul 28 08:52:39.007255 osdx systemd-journald[1773]: Time jumped backwards, rotating. Jul 28 08:52:39.013337 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'set date 2025-07-28 08:52:39'. Jul 28 08:52:39.612591 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:52:39.615503 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:52:39.615599 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:52:39.634716 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:52:40.075666 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 08:52:40.609472 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:40.782862 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:40.910579 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:41.040848 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:41.163068 osdx ubnt-cfgd[221176]: inactive Jul 28 08:52:41.198970 osdx INFO[221184]: FRR daemons did not change Jul 28 08:52:41.235168 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:52:41.389901 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:41.414586 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:41.474578 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:41.696821 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 08:52:42.004073 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:42.161743 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:52:42.344588 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:52:42.508557 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:52:42.678407 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:52:42.835785 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:52:42.965759 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:52:43.125381 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 28 08:52:43.240395 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:52:43.445868 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:43.601869 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:43.826351 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:44.007656 osdx ubnt-cfgd[221348]: inactive Jul 28 08:52:44.164159 osdx INFO[221356]: FRR daemons did not change Jul 28 08:52:44.202165 osdx ca-certificates[221372]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:45.838055 osdx ubnt-cfgd[222370]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:45.857609 osdx ca-certificates[222375]: 1 added, 0 removed; done. Jul 28 08:52:45.870326 osdx ca-certificates[222382]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:45.881282 osdx ca-certificates[222384]: done. Jul 28 08:52:46.015957 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:46.020724 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:46.040836 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:46.079482 osdx dnscrypt-proxy[222388]: dnscrypt-proxy 2.0.45 Jul 28 08:52:46.079923 osdx dnscrypt-proxy[222388]: Network connectivity detected Jul 28 08:52:46.080318 osdx dnscrypt-proxy[222388]: Dropping privileges Jul 28 08:52:46.082098 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:46.085876 osdx dnscrypt-proxy[222388]: Network connectivity detected Jul 28 08:52:46.085937 osdx dnscrypt-proxy[222388]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:52:46.085946 osdx dnscrypt-proxy[222388]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:52:46.085994 osdx dnscrypt-proxy[222388]: Firefox workaround initialized Jul 28 08:52:46.086002 osdx dnscrypt-proxy[222388]: Loading the set of cloaking rules from [/tmp/tmpbmlpzkk8] Jul 28 08:52:46.357421 osdx dnscrypt-proxy[222388]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 28 08:52:46.357798 osdx dnscrypt-proxy[222388]: [RD] OK (DoH) - rtt: 113ms Jul 28 08:52:46.357820 osdx dnscrypt-proxy[222388]: Server with the lowest initial latency: RD (rtt: 113ms) Jul 28 08:52:46.357829 osdx dnscrypt-proxy[222388]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:52:46.401981 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 28 08:52:46.858568 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 08:52:46.859907 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:52:46.859983 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:52:46.882083 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:52:47.578757 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:47.755394 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:52:47.926960 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:52:48.091775 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:48.213974 osdx ubnt-cfgd[222437]: inactive Jul 28 08:52:48.252769 osdx dnscrypt-proxy[222388]: Stopped. Jul 28 08:52:48.255318 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:52:48.256287 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:52:48.257054 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:48.555261 osdx ca-certificates[222523]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:52:49.412121 osdx ca-certificates[223092]: done. Jul 28 08:52:49.418192 osdx ca-certificates[223100]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:50.507030 osdx ubnt-cfgd[223947]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:50.527468 osdx ca-certificates[223954]: 140 added, 0 removed; done. Jul 28 08:52:50.534364 osdx ca-certificates[223960]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:50.540256 osdx ca-certificates[223962]: done. Jul 28 08:52:50.571549 osdx INFO[223965]: FRR daemons did not change Jul 28 08:52:50.584908 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:50.588033 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:50.636901 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:53.184327 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:53.433101 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:52:53.567946 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:52:53.779289 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:52:53.953334 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:52:54.136697 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:52:54.298144 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:52:54.454963 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 28 08:52:54.599081 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:52:54.801390 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:52:54.948733 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:52:55.156875 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:55.312759 osdx ubnt-cfgd[224002]: inactive Jul 28 08:52:55.383621 osdx INFO[224012]: FRR daemons did not change Jul 28 08:52:55.408354 osdx ca-certificates[224028]: Updating certificates in /etc/ssl/certs... Jul 28 08:52:56.913321 osdx ubnt-cfgd[225026]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:52:56.940363 osdx ca-certificates[225032]: 1 added, 0 removed; done. Jul 28 08:52:56.940604 osdx ca-certificates[225035]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:52:56.966781 osdx ca-certificates[225040]: done. Jul 28 08:52:57.037807 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:52:57.436144 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:57.446929 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:52:57.470906 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:52:57.499730 osdx dnscrypt-proxy[225150]: dnscrypt-proxy 2.0.45 Jul 28 08:52:57.500225 osdx dnscrypt-proxy[225150]: Network connectivity detected Jul 28 08:52:57.500623 osdx dnscrypt-proxy[225150]: Dropping privileges Jul 28 08:52:57.511805 osdx dnscrypt-proxy[225150]: Network connectivity detected Jul 28 08:52:57.511855 osdx dnscrypt-proxy[225150]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:52:57.511863 osdx dnscrypt-proxy[225150]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:52:57.511905 osdx dnscrypt-proxy[225150]: Firefox workaround initialized Jul 28 08:52:57.511912 osdx dnscrypt-proxy[225150]: Loading the set of cloaking rules from [/tmp/tmpv9os20x0] Jul 28 08:52:57.556784 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:52:57.753763 osdx dnscrypt-proxy[225150]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 28 08:52:57.753799 osdx dnscrypt-proxy[225150]: [RD] OK (DoH) - rtt: 109ms Jul 28 08:52:57.753815 osdx dnscrypt-proxy[225150]: Server with the lowest initial latency: RD (rtt: 109ms) Jul 28 08:52:57.753824 osdx dnscrypt-proxy[225150]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:52:57.835215 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 28 08:52:58.378222 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.1M, max 15.3M, 13.2M free. Jul 28 08:52:58.379987 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:52:58.380058 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:52:58.407304 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:52:58.962639 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:52:59.125544 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:52:59.330244 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:52:59.483356 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:52:59.644746 osdx ubnt-cfgd[225219]: inactive Jul 28 08:52:59.702177 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:52:59.702443 osdx dnscrypt-proxy[225150]: Stopped. Jul 28 08:52:59.704369 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:52:59.704694 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:52:59.878093 osdx ca-certificates[225305]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:53:00.538360 osdx ca-certificates[225874]: done. Jul 28 08:53:00.545164 osdx ca-certificates[225884]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:02.006255 osdx ubnt-cfgd[226732]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:02.058738 osdx ca-certificates[226738]: 140 added, 0 removed; done. Jul 28 08:53:02.068232 osdx ca-certificates[226744]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:02.075299 osdx ca-certificates[226746]: done. Jul 28 08:53:02.107770 osdx INFO[226749]: FRR daemons did not change Jul 28 08:53:02.108197 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:02.112073 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:02.149041 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:04.500309 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:04.636302 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:53:04.806128 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:53:05.017218 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:53:05.140624 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:53:05.296685 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:53:05.473428 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jul 28 08:53:05.647045 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 28 08:53:05.765366 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:53:05.951949 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:53:06.173109 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:53:06.357210 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:06.519684 osdx ubnt-cfgd[226786]: inactive Jul 28 08:53:06.570968 osdx INFO[226796]: FRR daemons did not change Jul 28 08:53:06.601772 osdx ca-certificates[226812]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:07.729843 osdx ubnt-cfgd[227810]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:07.744869 osdx ca-certificates[227815]: 1 added, 0 removed; done. Jul 28 08:53:07.752617 osdx ca-certificates[227822]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:07.757972 osdx ca-certificates[227824]: done. Jul 28 08:53:08.087120 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:53:08.380063 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:08.383252 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:08.412558 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:08.433278 osdx dnscrypt-proxy[227934]: dnscrypt-proxy 2.0.45 Jul 28 08:53:08.433378 osdx dnscrypt-proxy[227934]: Network connectivity detected Jul 28 08:53:08.433666 osdx dnscrypt-proxy[227934]: Dropping privileges Jul 28 08:53:08.437842 osdx dnscrypt-proxy[227934]: Network connectivity detected Jul 28 08:53:08.437929 osdx dnscrypt-proxy[227934]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:53:08.437938 osdx dnscrypt-proxy[227934]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:53:08.438005 osdx dnscrypt-proxy[227934]: Firefox workaround initialized Jul 28 08:53:08.438014 osdx dnscrypt-proxy[227934]: Loading the set of cloaking rules from [/tmp/tmpptwc76rz] Jul 28 08:53:08.453257 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:08.709817 osdx dnscrypt-proxy[227934]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:53:08.709850 osdx dnscrypt-proxy[227934]: [RD] OK (DoH) - rtt: 156ms Jul 28 08:53:08.709867 osdx dnscrypt-proxy[227934]: Server with the lowest initial latency: RD (rtt: 156ms) Jul 28 08:53:08.709876 osdx dnscrypt-proxy[227934]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:53:09.033971 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jul 28 08:53:13.672808 osdx OSDxCLI[196423]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 28 08:53:15.890750 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jul 28 08:53:16.401703 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:53:16.407992 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:53:16.408054 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:53:16.441929 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:53:17.135004 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:17.249332 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:53:17.413892 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:53:17.576781 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:17.773483 osdx ubnt-cfgd[228009]: inactive Jul 28 08:53:17.823824 osdx dnscrypt-proxy[227934]: Stopped. Jul 28 08:53:17.823957 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:53:17.833206 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:53:17.833393 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:18.046853 osdx ca-certificates[228095]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:53:18.807613 osdx ca-certificates[228664]: done. Jul 28 08:53:18.815458 osdx ca-certificates[228672]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:20.043222 osdx ubnt-cfgd[229519]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:20.058793 osdx ca-certificates[229524]: 140 added, 0 removed; done. Jul 28 08:53:20.076511 osdx ca-certificates[229528]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:20.092963 osdx ca-certificates[229533]: done. Jul 28 08:53:20.161535 osdx INFO[229536]: FRR daemons did not change Jul 28 08:53:20.170705 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:20.175797 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:20.225385 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:23.218735 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:23.373783 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:53:23.542233 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:53:23.696742 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:53:23.873547 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:53:24.016461 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:53:24.196793 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 28 08:53:24.381287 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jul 28 08:53:24.515776 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:53:24.683361 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:53:24.812905 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:53:24.953297 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:25.114709 osdx ubnt-cfgd[229575]: inactive Jul 28 08:53:25.165345 osdx INFO[229585]: FRR daemons did not change Jul 28 08:53:25.189579 osdx ca-certificates[229600]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:26.646407 osdx ubnt-cfgd[230599]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:26.664891 osdx ca-certificates[230606]: 1 added, 0 removed; done. Jul 28 08:53:26.684977 osdx ca-certificates[230611]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:26.695974 osdx ca-certificates[230613]: done. Jul 28 08:53:26.779884 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:53:27.253277 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:27.270073 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:27.357997 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:27.375332 osdx dnscrypt-proxy[230723]: dnscrypt-proxy 2.0.45 Jul 28 08:53:27.375426 osdx dnscrypt-proxy[230723]: Network connectivity detected Jul 28 08:53:27.375736 osdx dnscrypt-proxy[230723]: Dropping privileges Jul 28 08:53:27.382505 osdx dnscrypt-proxy[230723]: Network connectivity detected Jul 28 08:53:27.382558 osdx dnscrypt-proxy[230723]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:53:27.382566 osdx dnscrypt-proxy[230723]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:53:27.382605 osdx dnscrypt-proxy[230723]: Firefox workaround initialized Jul 28 08:53:27.382612 osdx dnscrypt-proxy[230723]: Loading the set of cloaking rules from [/tmp/tmpaolep8zu] Jul 28 08:53:27.445035 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:27.614890 osdx dnscrypt-proxy[230723]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jul 28 08:53:27.614920 osdx dnscrypt-proxy[230723]: [RD] OK (DoH) - rtt: 110ms Jul 28 08:53:27.614933 osdx dnscrypt-proxy[230723]: Server with the lowest initial latency: RD (rtt: 110ms) Jul 28 08:53:27.614942 osdx dnscrypt-proxy[230723]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:53:27.749606 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jul 28 08:53:28.172415 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 08:53:28.178351 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:53:28.178456 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:53:28.201707 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:53:28.732457 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:28.834225 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:53:28.982102 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:53:29.162512 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:29.341689 osdx ubnt-cfgd[230791]: inactive Jul 28 08:53:29.397553 osdx dnscrypt-proxy[230723]: Stopped. Jul 28 08:53:29.398427 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:53:29.400460 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:53:29.400780 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:29.564940 osdx ca-certificates[230877]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:53:30.417342 osdx ca-certificates[231446]: done. Jul 28 08:53:30.426749 osdx ca-certificates[231451]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:31.512254 osdx ubnt-cfgd[232301]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:31.528430 osdx ca-certificates[232306]: 140 added, 0 removed; done. Jul 28 08:53:31.534280 osdx ca-certificates[232313]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:31.540756 osdx ca-certificates[232315]: done. Jul 28 08:53:31.570687 osdx INFO[232318]: FRR daemons did not change Jul 28 08:53:31.571134 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:31.574981 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:31.609005 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:33.779851 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:33.897886 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:53:34.065719 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:53:34.220059 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:53:34.386217 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:53:34.554007 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:53:34.712996 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 28 08:53:34.878446 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jul 28 08:53:35.046085 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:53:35.199056 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:53:35.319591 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:53:35.461070 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:35.624713 osdx ubnt-cfgd[232355]: inactive Jul 28 08:53:35.729253 osdx INFO[232365]: FRR daemons did not change Jul 28 08:53:35.756969 osdx ca-certificates[232382]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:36.991020 osdx ubnt-cfgd[233379]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:37.043237 osdx ca-certificates[233386]: 1 added, 0 removed; done. Jul 28 08:53:37.053853 osdx ca-certificates[233391]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:37.063663 osdx ca-certificates[233393]: done. Jul 28 08:53:37.107216 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:53:37.536371 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:37.546145 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:37.568240 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:37.587738 osdx dnscrypt-proxy[233503]: dnscrypt-proxy 2.0.45 Jul 28 08:53:37.588105 osdx dnscrypt-proxy[233503]: Network connectivity detected Jul 28 08:53:37.589921 osdx dnscrypt-proxy[233503]: Dropping privileges Jul 28 08:53:37.599263 osdx dnscrypt-proxy[233503]: Network connectivity detected Jul 28 08:53:37.599307 osdx dnscrypt-proxy[233503]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:53:37.599313 osdx dnscrypt-proxy[233503]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:53:37.599346 osdx dnscrypt-proxy[233503]: Firefox workaround initialized Jul 28 08:53:37.599351 osdx dnscrypt-proxy[233503]: Loading the set of cloaking rules from [/tmp/tmp628j8jf_] Jul 28 08:53:37.620754 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:37.829608 osdx dnscrypt-proxy[233503]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jul 28 08:53:37.829640 osdx dnscrypt-proxy[233503]: [RD] OK (DoH) - rtt: 121ms Jul 28 08:53:37.829660 osdx dnscrypt-proxy[233503]: Server with the lowest initial latency: RD (rtt: 121ms) Jul 28 08:53:37.829669 osdx dnscrypt-proxy[233503]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:53:37.846007 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jul 28 08:53:38.297565 osdx systemd-journald[1773]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 08:53:38.299172 osdx systemd-journald[1773]: Received client request to rotate journal, rotating. Jul 28 08:53:38.299240 osdx systemd-journald[1773]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 08:53:38.313631 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'system journal clear'. Jul 28 08:53:38.919660 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:39.083674 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'delete '. Jul 28 08:53:39.280711 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jul 28 08:53:39.448151 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:39.602508 osdx ubnt-cfgd[233572]: inactive Jul 28 08:53:39.649895 osdx dnscrypt-proxy[233503]: Stopped. Jul 28 08:53:39.650015 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jul 28 08:53:39.651688 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jul 28 08:53:39.651894 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:39.803787 osdx ca-certificates[233659]: Clearing symlinks in /etc/ssl/certs... Jul 28 08:53:40.369713 osdx ca-certificates[234228]: done. Jul 28 08:53:40.383791 osdx ca-certificates[234236]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:41.527330 osdx ubnt-cfgd[235082]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:41.565130 osdx ca-certificates[235088]: 140 added, 0 removed; done. Jul 28 08:53:41.565363 osdx ca-certificates[235090]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:41.590708 osdx ca-certificates[235096]: done. Jul 28 08:53:41.669192 osdx INFO[235099]: FRR daemons did not change Jul 28 08:53:41.670018 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:41.675606 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:41.742394 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:44.161886 osdx OSDxCLI[196423]: User 'admin' entered the configuration menu. Jul 28 08:53:44.356217 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jul 28 08:53:44.483116 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jul 28 08:53:44.726735 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jul 28 08:53:44.895915 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jul 28 08:53:45.060033 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a276ec6f016f07a2d927114530d93b01a6cd79114899028c0cea34c7e3237d1'. Jul 28 08:53:45.220251 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jul 28 08:53:45.434066 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jul 28 08:53:45.633701 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jul 28 08:53:45.778641 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jul 28 08:53:45.979731 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jul 28 08:53:46.177106 osdx OSDxCLI[196423]: User 'admin' added a new cfg line: 'show working'. Jul 28 08:53:46.406481 osdx ubnt-cfgd[235136]: inactive Jul 28 08:53:46.480466 osdx INFO[235146]: FRR daemons did not change Jul 28 08:53:46.503879 osdx ca-certificates[235161]: Updating certificates in /etc/ssl/certs... Jul 28 08:53:48.099724 osdx ubnt-cfgd[236160]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jul 28 08:53:48.127442 osdx ca-certificates[236165]: 1 added, 0 removed; done. Jul 28 08:53:48.136893 osdx ca-certificates[236172]: Running hooks in /etc/ca-certificates/update.d... Jul 28 08:53:48.142278 osdx ca-certificates[236174]: done. Jul 28 08:53:48.251163 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 08:53:48.624141 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jul 28 08:53:48.628735 osdx cfgd[1473]: [196423]Completed change to active configuration Jul 28 08:53:48.649262 osdx OSDxCLI[196423]: User 'admin' committed the configuration. Jul 28 08:53:48.678275 osdx dnscrypt-proxy[236284]: dnscrypt-proxy 2.0.45 Jul 28 08:53:48.678383 osdx dnscrypt-proxy[236284]: Network connectivity detected Jul 28 08:53:48.679352 osdx dnscrypt-proxy[236284]: Dropping privileges Jul 28 08:53:48.693338 osdx dnscrypt-proxy[236284]: Network connectivity detected Jul 28 08:53:48.693396 osdx dnscrypt-proxy[236284]: Now listening to 127.0.0.1:53 [UDP] Jul 28 08:53:48.693405 osdx dnscrypt-proxy[236284]: Now listening to 127.0.0.1:53 [TCP] Jul 28 08:53:48.693445 osdx dnscrypt-proxy[236284]: Firefox workaround initialized Jul 28 08:53:48.693453 osdx dnscrypt-proxy[236284]: Loading the set of cloaking rules from [/tmp/tmpkp_tp3q9] Jul 28 08:53:48.732417 osdx OSDxCLI[196423]: User 'admin' left the configuration menu. Jul 28 08:53:49.157343 osdx dnscrypt-proxy[236284]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jul 28 08:53:49.157365 osdx dnscrypt-proxy[236284]: [RD] OK (DoH) - rtt: 128ms Jul 28 08:53:49.157379 osdx dnscrypt-proxy[236284]: Server with the lowest initial latency: RD (rtt: 128ms) Jul 28 08:53:49.157388 osdx dnscrypt-proxy[236284]: dnscrypt-proxy is ready - live servers: 1 Jul 28 08:53:54.080574 osdx OSDxCLI[196423]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jul 28 08:53:56.277759 osdx OSDxCLI[196423]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.