Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Aug 20 10:15:04.340376 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free.
Aug 20 10:15:04.343771 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:15:04.343845 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:15:04.350226 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:15:04.561165 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'.
Aug 20 10:15:04.796354 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:04.871319 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:04.950118 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:05.024722 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:05.114333 osdx ubnt-cfgd[124587]: inactive
Aug 20 10:15:05.133664 osdx INFO[124595]: FRR daemons did not change
Aug 20 10:15:05.151773 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:15:05.223432 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:05.234703 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:05.258798 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:05.426264 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Aug 20 10:15:05.628135 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:05.690791 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:15:05.792025 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:15:05.856606 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:15:05.966260 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:15:06.090732 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:15:06.161930 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Aug 20 10:15:06.278613 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:15:06.396211 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:06.452247 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:06.619553 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:06.711835 osdx ubnt-cfgd[124756]: inactive
Aug 20 10:15:06.732867 osdx INFO[124764]: FRR daemons did not change
Aug 20 10:15:06.747304 osdx ca-certificates[124780]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:07.258067 osdx ubnt-cfgd[125778]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:07.266056 osdx ca-certificates[125784]: 1 added, 0 removed; done.
Aug 20 10:15:07.269988 osdx ca-certificates[125790]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:07.273791 osdx ca-certificates[125792]: done.
Aug 20 10:15:07.348229 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:07.349952 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:07.352306 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:07.378392 osdx dnscrypt-proxy[125796]: dnscrypt-proxy 2.0.45
Aug 20 10:15:07.378476 osdx dnscrypt-proxy[125796]: Network connectivity detected
Aug 20 10:15:07.378734 osdx dnscrypt-proxy[125796]: Dropping privileges
Aug 20 10:15:07.381086 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:07.381776 osdx dnscrypt-proxy[125796]: Network connectivity detected
Aug 20 10:15:07.381812 osdx dnscrypt-proxy[125796]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:15:07.381817 osdx dnscrypt-proxy[125796]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:15:07.381842 osdx dnscrypt-proxy[125796]: Firefox workaround initialized
Aug 20 10:15:07.381847 osdx dnscrypt-proxy[125796]: Loading the set of cloaking rules from [/tmp/tmpsxjiwzj4]
Aug 20 10:15:07.630637 osdx dnscrypt-proxy[125796]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Aug 20 10:15:07.630652 osdx dnscrypt-proxy[125796]: [RD] OK (DoH) - rtt: 158ms
Aug 20 10:15:07.630660 osdx dnscrypt-proxy[125796]: Server with the lowest initial latency: RD (rtt: 158ms)
Aug 20 10:15:07.630664 osdx dnscrypt-proxy[125796]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:15:12.530850 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:15:14.637134 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Aug 20 10:15:21.308069 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:15:21.310186 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:15:21.310234 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:15:21.318489 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:15:21.542434 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'.
Aug 20 10:15:21.770829 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:21.878136 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:21.959761 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:22.027609 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:22.129773 osdx ubnt-cfgd[127479]: inactive
Aug 20 10:15:22.153136 osdx INFO[127487]: FRR daemons did not change
Aug 20 10:15:22.174193 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:15:22.251727 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:22.264018 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:22.282656 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:22.422263 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Aug 20 10:15:22.594723 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:22.656131 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:15:22.756969 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:15:22.860221 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:15:22.918255 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:15:23.024922 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:15:23.082778 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Aug 20 10:15:23.192631 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:15:23.307571 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:23.362028 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:23.472093 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:23.546898 osdx ubnt-cfgd[127648]: inactive
Aug 20 10:15:23.567951 osdx INFO[127656]: FRR daemons did not change
Aug 20 10:15:23.583499 osdx ca-certificates[127672]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:24.130439 osdx ubnt-cfgd[128670]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:24.138225 osdx ca-certificates[128675]: 1 added, 0 removed; done.
Aug 20 10:15:24.141341 osdx ca-certificates[128682]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:24.144166 osdx ca-certificates[128684]: done.
Aug 20 10:15:24.234544 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:24.235752 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:24.237638 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:24.254201 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:24.268608 osdx dnscrypt-proxy[128688]: dnscrypt-proxy 2.0.45
Aug 20 10:15:24.268683 osdx dnscrypt-proxy[128688]: Network connectivity detected
Aug 20 10:15:24.268911 osdx dnscrypt-proxy[128688]: Dropping privileges
Aug 20 10:15:24.271934 osdx dnscrypt-proxy[128688]: Network connectivity detected
Aug 20 10:15:24.271971 osdx dnscrypt-proxy[128688]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:15:24.271976 osdx dnscrypt-proxy[128688]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:15:24.272003 osdx dnscrypt-proxy[128688]: Firefox workaround initialized
Aug 20 10:15:24.272008 osdx dnscrypt-proxy[128688]: Loading the set of cloaking rules from [/tmp/tmpoh63qh1q]
Aug 20 10:15:24.470998 osdx dnscrypt-proxy[128688]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Aug 20 10:15:24.471015 osdx dnscrypt-proxy[128688]: [RD] OK (DoH) - rtt: 125ms
Aug 20 10:15:24.471023 osdx dnscrypt-proxy[128688]: Server with the lowest initial latency: RD (rtt: 125ms)
Aug 20 10:15:24.471028 osdx dnscrypt-proxy[128688]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:15:29.426772 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:15:31.503166 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Aug 20 10:15:31.727525 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:15:31.730186 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:15:31.730232 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:15:31.736730 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:15:32.051485 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:32.127502 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:15:32.208509 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:15:32.313018 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:32.375821 osdx ubnt-cfgd[128742]: inactive
Aug 20 10:15:32.394136 osdx dnscrypt-proxy[128688]: Stopped.
Aug 20 10:15:32.394199 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:15:32.395217 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:15:32.395322 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:32.466811 osdx ca-certificates[128828]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:15:32.708436 osdx ca-certificates[129398]: done.
Aug 20 10:15:32.713423 osdx ca-certificates[129406]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:33.141660 osdx ubnt-cfgd[130252]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:33.149570 osdx ca-certificates[130258]: 140 added, 0 removed; done.
Aug 20 10:15:33.152386 osdx ca-certificates[130264]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:33.155197 osdx ca-certificates[130266]: done.
Aug 20 10:15:33.172571 osdx INFO[130269]: FRR daemons did not change
Aug 20 10:15:33.173078 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:33.175092 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:33.205972 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:34.462109 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:34.525526 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:15:34.628347 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:15:34.693710 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:15:34.786930 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:15:34.900973 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:15:34.965270 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Aug 20 10:15:35.063745 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:15:35.137813 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:35.256511 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:35.337966 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:35.439645 osdx ubnt-cfgd[130303]: inactive
Aug 20 10:15:35.463569 osdx INFO[130313]: FRR daemons did not change
Aug 20 10:15:35.477443 osdx ca-certificates[130329]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:35.962314 osdx ubnt-cfgd[131327]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:35.970166 osdx ca-certificates[131332]: 1 added, 0 removed; done.
Aug 20 10:15:35.973096 osdx ca-certificates[131339]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:35.975858 osdx ca-certificates[131341]: done.
Aug 20 10:15:36.018196 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:15:36.170526 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:36.171646 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:36.182600 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:36.193364 osdx dnscrypt-proxy[131451]: dnscrypt-proxy 2.0.45
Aug 20 10:15:36.193671 osdx dnscrypt-proxy[131451]: Network connectivity detected
Aug 20 10:15:36.193941 osdx dnscrypt-proxy[131451]: Dropping privileges
Aug 20 10:15:36.196205 osdx dnscrypt-proxy[131451]: Network connectivity detected
Aug 20 10:15:36.196389 osdx dnscrypt-proxy[131451]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:15:36.196421 osdx dnscrypt-proxy[131451]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:15:36.196463 osdx dnscrypt-proxy[131451]: Firefox workaround initialized
Aug 20 10:15:36.196488 osdx dnscrypt-proxy[131451]: Loading the set of cloaking rules from [/tmp/tmp12grn48v]
Aug 20 10:15:36.200020 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:36.394407 osdx dnscrypt-proxy[131451]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Aug 20 10:15:36.394421 osdx dnscrypt-proxy[131451]: [RD] OK (DoH) - rtt: 121ms
Aug 20 10:15:36.394430 osdx dnscrypt-proxy[131451]: Server with the lowest initial latency: RD (rtt: 121ms)
Aug 20 10:15:36.394436 osdx dnscrypt-proxy[131451]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:15:41.360874 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:15:43.444989 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Aug 20 10:15:43.679762 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:15:43.682192 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:15:43.682268 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:15:43.692867 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:15:43.980145 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:44.039187 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:15:44.159222 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:15:44.228407 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:44.316540 osdx ubnt-cfgd[131526]: inactive
Aug 20 10:15:44.335701 osdx dnscrypt-proxy[131451]: Stopped.
Aug 20 10:15:44.335773 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:15:44.336657 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:15:44.336760 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:44.407621 osdx ca-certificates[131612]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:15:44.687837 osdx ca-certificates[132181]: done.
Aug 20 10:15:44.692531 osdx ca-certificates[132191]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:45.121517 osdx ubnt-cfgd[133036]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:45.132065 osdx ca-certificates[133042]: 140 added, 0 removed; done.
Aug 20 10:15:45.134963 osdx ca-certificates[133048]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:45.137839 osdx ca-certificates[133050]: done.
Aug 20 10:15:45.151814 osdx INFO[133053]: FRR daemons did not change
Aug 20 10:15:45.152274 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:45.154141 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:45.170637 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:46.500344 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:15:46.581904 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:15:46.680960 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:15:46.749178 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:15:46.847375 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:15:46.948736 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:15:47.021051 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Aug 20 10:15:47.143140 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:15:47.240450 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:15:47.335504 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:15:47.406651 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:15:47.503413 osdx ubnt-cfgd[133087]: inactive
Aug 20 10:15:47.523889 osdx INFO[133097]: FRR daemons did not change
Aug 20 10:15:47.535617 osdx ca-certificates[133113]: Updating certificates in /etc/ssl/certs...
Aug 20 10:15:48.029848 osdx ubnt-cfgd[134111]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:15:48.039185 osdx ca-certificates[134116]: 1 added, 0 removed; done.
Aug 20 10:15:48.042139 osdx ca-certificates[134123]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:15:48.045019 osdx ca-certificates[134125]: done.
Aug 20 10:15:48.062198 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:15:48.202893 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:15:48.204726 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:15:48.218849 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:15:48.226320 osdx dnscrypt-proxy[134235]: dnscrypt-proxy 2.0.45
Aug 20 10:15:48.226380 osdx dnscrypt-proxy[134235]: Network connectivity detected
Aug 20 10:15:48.226565 osdx dnscrypt-proxy[134235]: Dropping privileges
Aug 20 10:15:48.228763 osdx dnscrypt-proxy[134235]: Network connectivity detected
Aug 20 10:15:48.229027 osdx dnscrypt-proxy[134235]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:15:48.229089 osdx dnscrypt-proxy[134235]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:15:48.229160 osdx dnscrypt-proxy[134235]: Firefox workaround initialized
Aug 20 10:15:48.229204 osdx dnscrypt-proxy[134235]: Loading the set of cloaking rules from [/tmp/tmpun64_87p]
Aug 20 10:15:48.243372 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:15:48.422303 osdx dnscrypt-proxy[134235]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Aug 20 10:15:48.422320 osdx dnscrypt-proxy[134235]: [RD] OK (DoH) - rtt: 108ms
Aug 20 10:15:48.422330 osdx dnscrypt-proxy[134235]: Server with the lowest initial latency: RD (rtt: 108ms)
Aug 20 10:15:48.422335 osdx dnscrypt-proxy[134235]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:15:51.031056 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Aug 20 10:15:53.392824 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:15:55.481973 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Aug 20 10:16:02.396794 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:16:02.402068 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:02.402129 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:02.407366 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:02.627004 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'.
Aug 20 10:16:02.972539 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:03.068958 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:03.142609 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:03.275752 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:03.346760 osdx ubnt-cfgd[135944]: inactive
Aug 20 10:16:03.369349 osdx INFO[135952]: FRR daemons did not change
Aug 20 10:16:03.387064 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:03.462274 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:03.475659 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:03.492062 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:03.642281 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Aug 20 10:16:03.826104 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:03.886911 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:03.985547 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:04.081215 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:04.175573 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:04.242555 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:04.340889 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:04.402524 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:04.514181 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:04.567651 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:04.682456 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:04.746454 osdx ubnt-cfgd[136113]: inactive
Aug 20 10:16:04.786448 osdx INFO[136121]: FRR daemons did not change
Aug 20 10:16:04.802296 osdx ca-certificates[136137]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:05.266205 osdx ubnt-cfgd[137135]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:05.274155 osdx ca-certificates[137140]: 1 added, 0 removed; done.
Aug 20 10:16:05.277138 osdx ca-certificates[137147]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:05.281407 osdx ca-certificates[137149]: done.
Aug 20 10:16:05.351345 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:05.352491 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:05.354922 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:05.372654 osdx dnscrypt-proxy[137153]: dnscrypt-proxy 2.0.45
Aug 20 10:16:05.372731 osdx dnscrypt-proxy[137153]: Network connectivity detected
Aug 20 10:16:05.372970 osdx dnscrypt-proxy[137153]: Dropping privileges
Aug 20 10:16:05.375235 osdx dnscrypt-proxy[137153]: Network connectivity detected
Aug 20 10:16:05.375262 osdx dnscrypt-proxy[137153]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:05.375266 osdx dnscrypt-proxy[137153]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:05.375286 osdx dnscrypt-proxy[137153]: Firefox workaround initialized
Aug 20 10:16:05.375290 osdx dnscrypt-proxy[137153]: Loading the set of cloaking rules from [/tmp/tmpxzzh67o1]
Aug 20 10:16:05.376022 osdx dnscrypt-proxy[137153]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Aug 20 10:16:05.382196 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Aug 20 10:16:12.322829 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:16:12.326838 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:12.326890 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:12.333044 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:12.554468 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'.
Aug 20 10:16:12.774749 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:12.851283 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:12.938018 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:13.013632 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:13.109034 osdx ubnt-cfgd[138828]: inactive
Aug 20 10:16:13.131456 osdx INFO[138836]: FRR daemons did not change
Aug 20 10:16:13.154838 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:13.228069 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:13.238811 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:13.256092 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:13.403812 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Aug 20 10:16:13.610163 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:13.673210 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:13.795236 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:13.860020 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:13.996840 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:14.075404 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:14.182382 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:14.289167 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:14.364556 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:14.455991 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:14.530307 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:14.619433 osdx ubnt-cfgd[138997]: inactive
Aug 20 10:16:14.638740 osdx INFO[139005]: FRR daemons did not change
Aug 20 10:16:14.651857 osdx ca-certificates[139020]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:15.163674 osdx ubnt-cfgd[140019]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:15.172119 osdx ca-certificates[140025]: 1 added, 0 removed; done.
Aug 20 10:16:15.176148 osdx ca-certificates[140031]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:15.179886 osdx ca-certificates[140033]: done.
Aug 20 10:16:15.247338 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:15.248935 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:15.251375 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:15.267846 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:15.271431 osdx dnscrypt-proxy[140037]: dnscrypt-proxy 2.0.45
Aug 20 10:16:15.271502 osdx dnscrypt-proxy[140037]: Network connectivity detected
Aug 20 10:16:15.271731 osdx dnscrypt-proxy[140037]: Dropping privileges
Aug 20 10:16:15.274412 osdx dnscrypt-proxy[140037]: Network connectivity detected
Aug 20 10:16:15.274447 osdx dnscrypt-proxy[140037]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:15.274452 osdx dnscrypt-proxy[140037]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:15.274479 osdx dnscrypt-proxy[140037]: Firefox workaround initialized
Aug 20 10:16:15.274485 osdx dnscrypt-proxy[140037]: Loading the set of cloaking rules from [/tmp/tmp4hsp3f2p]
Aug 20 10:16:15.275367 osdx dnscrypt-proxy[140037]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Aug 20 10:16:15.512299 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:16:15.514846 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:15.514914 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:15.523579 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:15.771695 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:15.829301 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:16:15.961727 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:16:16.037320 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:16.151725 osdx ubnt-cfgd[140082]: inactive
Aug 20 10:16:16.170597 osdx dnscrypt-proxy[140037]: Stopped.
Aug 20 10:16:16.170622 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:16:16.171506 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:16:16.171612 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:16.242264 osdx ca-certificates[140168]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:16:16.544366 osdx ca-certificates[140738]: done.
Aug 20 10:16:16.547181 osdx ca-certificates[140746]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:17.011105 osdx ubnt-cfgd[141592]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:17.020236 osdx ca-certificates[141599]: 140 added, 0 removed; done.
Aug 20 10:16:17.023218 osdx ca-certificates[141604]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:17.025927 osdx ca-certificates[141606]: done.
Aug 20 10:16:17.039568 osdx INFO[141609]: FRR daemons did not change
Aug 20 10:16:17.039802 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:17.041748 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:17.059853 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:18.373679 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:18.436073 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:18.539888 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:18.612357 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:18.711194 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:18.770488 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:18.866687 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Aug 20 10:16:18.927276 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:19.042851 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:19.097463 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:19.209665 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:19.275941 osdx ubnt-cfgd[141643]: inactive
Aug 20 10:16:19.298477 osdx INFO[141653]: FRR daemons did not change
Aug 20 10:16:19.311796 osdx ca-certificates[141669]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:19.875512 osdx ubnt-cfgd[142667]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:19.885808 osdx ca-certificates[142672]: 1 added, 0 removed; done.
Aug 20 10:16:19.890059 osdx ca-certificates[142679]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:19.894191 osdx ca-certificates[142681]: done.
Aug 20 10:16:19.918836 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:20.087269 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:20.088755 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:20.103806 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:20.113951 osdx dnscrypt-proxy[142791]: dnscrypt-proxy 2.0.45
Aug 20 10:16:20.114024 osdx dnscrypt-proxy[142791]: Network connectivity detected
Aug 20 10:16:20.114255 osdx dnscrypt-proxy[142791]: Dropping privileges
Aug 20 10:16:20.116998 osdx dnscrypt-proxy[142791]: Network connectivity detected
Aug 20 10:16:20.117288 osdx dnscrypt-proxy[142791]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:20.117330 osdx dnscrypt-proxy[142791]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:20.117383 osdx dnscrypt-proxy[142791]: Firefox workaround initialized
Aug 20 10:16:20.117429 osdx dnscrypt-proxy[142791]: Loading the set of cloaking rules from [/tmp/tmpwmdqpgut]
Aug 20 10:16:20.118590 osdx dnscrypt-proxy[142791]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Aug 20 10:16:20.145713 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Aug 20 10:16:20.490183 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:16:20.490856 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:20.490898 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:20.503115 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:20.843556 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:20.915262 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:16:21.044189 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:16:21.117575 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:21.230800 osdx ubnt-cfgd[142856]: inactive
Aug 20 10:16:21.251619 osdx dnscrypt-proxy[142791]: Stopped.
Aug 20 10:16:21.251725 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:16:21.252986 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:16:21.253116 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:21.325328 osdx ca-certificates[142942]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:16:21.574710 osdx ca-certificates[143511]: done.
Aug 20 10:16:21.578180 osdx ca-certificates[143520]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:21.978709 osdx ubnt-cfgd[144366]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:21.986363 osdx ca-certificates[144372]: 140 added, 0 removed; done.
Aug 20 10:16:21.989069 osdx ca-certificates[144378]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:21.991779 osdx ca-certificates[144380]: done.
Aug 20 10:16:22.010099 osdx INFO[144383]: FRR daemons did not change
Aug 20 10:16:22.010546 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:22.012356 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:22.032243 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:23.310017 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:23.369920 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:23.473496 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:23.539172 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:23.636814 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:23.696789 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:23.792380 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:23.849927 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Aug 20 10:16:23.945681 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:24.019017 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:24.105132 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:24.202155 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:24.296081 osdx ubnt-cfgd[144420]: inactive
Aug 20 10:16:24.319628 osdx INFO[144430]: FRR daemons did not change
Aug 20 10:16:24.332045 osdx ca-certificates[144446]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:24.842707 osdx ubnt-cfgd[145444]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:24.852144 osdx ca-certificates[145450]: 1 added, 0 removed; done.
Aug 20 10:16:24.854978 osdx ca-certificates[145456]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:24.857858 osdx ca-certificates[145458]: done.
Aug 20 10:16:24.898838 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:25.043191 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:25.044589 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:25.058667 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:25.064487 osdx dnscrypt-proxy[145568]: dnscrypt-proxy 2.0.45
Aug 20 10:16:25.064543 osdx dnscrypt-proxy[145568]: Network connectivity detected
Aug 20 10:16:25.064742 osdx dnscrypt-proxy[145568]: Dropping privileges
Aug 20 10:16:25.066863 osdx dnscrypt-proxy[145568]: Network connectivity detected
Aug 20 10:16:25.066898 osdx dnscrypt-proxy[145568]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:25.066903 osdx dnscrypt-proxy[145568]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:25.066927 osdx dnscrypt-proxy[145568]: Firefox workaround initialized
Aug 20 10:16:25.066932 osdx dnscrypt-proxy[145568]: Loading the set of cloaking rules from [/tmp/tmpev1chm0f]
Aug 20 10:16:25.067671 osdx dnscrypt-proxy[145568]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Aug 20 10:16:25.076440 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Aug 20 10:16:31.000159 osdx systemd-timedated[135914]: Changed local time to Wed 2025-08-20 10:16:31 UTC
Aug 20 10:16:31.001028 osdx systemd-journald[1956]: Time jumped backwards, rotating.
Aug 20 10:16:31.001551 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'set date 2025-08-20 10:16:31'.
Aug 20 10:16:31.290728 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.9M, max 15.3M, 12.3M free.
Aug 20 10:16:31.292905 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:31.292968 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:31.301454 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:31.517813 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system coredump delete all'.
Aug 20 10:16:31.739231 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:31.821134 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:31.902779 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:31.972234 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:32.094030 osdx ubnt-cfgd[147263]: inactive
Aug 20 10:16:32.117104 osdx INFO[147271]: FRR daemons did not change
Aug 20 10:16:32.136914 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:32.215258 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:32.226277 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:32.253328 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:32.414702 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Aug 20 10:16:32.632981 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:32.699195 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:32.830672 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:32.905024 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:33.003245 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:33.072565 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:33.208456 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:33.309248 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Aug 20 10:16:33.419871 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:33.534191 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:33.587917 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:33.724143 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:33.796937 osdx ubnt-cfgd[147435]: inactive
Aug 20 10:16:33.819528 osdx INFO[147443]: FRR daemons did not change
Aug 20 10:16:33.833524 osdx ca-certificates[147458]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:34.338660 osdx ubnt-cfgd[148457]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:34.345999 osdx ca-certificates[148463]: 1 added, 0 removed; done.
Aug 20 10:16:34.348963 osdx ca-certificates[148469]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:34.352810 osdx ca-certificates[148471]: done.
Aug 20 10:16:34.417494 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:34.419087 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:34.421165 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:34.438899 osdx dnscrypt-proxy[148475]: dnscrypt-proxy 2.0.45
Aug 20 10:16:34.438971 osdx dnscrypt-proxy[148475]: Network connectivity detected
Aug 20 10:16:34.439202 osdx dnscrypt-proxy[148475]: Dropping privileges
Aug 20 10:16:34.441827 osdx dnscrypt-proxy[148475]: Network connectivity detected
Aug 20 10:16:34.441854 osdx dnscrypt-proxy[148475]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:34.441858 osdx dnscrypt-proxy[148475]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:34.441877 osdx dnscrypt-proxy[148475]: Firefox workaround initialized
Aug 20 10:16:34.441881 osdx dnscrypt-proxy[148475]: Loading the set of cloaking rules from [/tmp/tmpe5hjlado]
Aug 20 10:16:34.460322 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:34.671708 osdx dnscrypt-proxy[148475]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Aug 20 10:16:34.671721 osdx dnscrypt-proxy[148475]: [RD] OK (DoH) - rtt: 133ms
Aug 20 10:16:34.671733 osdx dnscrypt-proxy[148475]: Server with the lowest initial latency: RD (rtt: 133ms)
Aug 20 10:16:34.671739 osdx dnscrypt-proxy[148475]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:16:39.628556 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:16:41.751775 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Aug 20 10:16:41.964026 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.2M free.
Aug 20 10:16:41.964916 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:41.964961 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:41.976568 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:42.252548 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:42.321914 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:16:42.426436 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:16:42.499603 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:42.646922 osdx ubnt-cfgd[148529]: inactive
Aug 20 10:16:42.667355 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:16:42.667388 osdx dnscrypt-proxy[148475]: Stopped.
Aug 20 10:16:42.668242 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:16:42.668337 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:42.738144 osdx ca-certificates[148616]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:16:43.000001 osdx ca-certificates[149185]: done.
Aug 20 10:16:43.003723 osdx ca-certificates[149193]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:43.406749 osdx ubnt-cfgd[150040]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:43.414469 osdx ca-certificates[150046]: 140 added, 0 removed; done.
Aug 20 10:16:43.418255 osdx ca-certificates[150052]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:43.421227 osdx ca-certificates[150054]: done.
Aug 20 10:16:43.437783 osdx INFO[150057]: FRR daemons did not change
Aug 20 10:16:43.438206 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:43.440362 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:43.462836 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:44.758938 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:44.821388 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:44.921287 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:44.987546 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:45.084802 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:45.146111 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:45.249621 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:45.309565 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Aug 20 10:16:45.408510 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:45.537075 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:45.592209 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:45.708512 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:45.782769 osdx ubnt-cfgd[150094]: inactive
Aug 20 10:16:45.805425 osdx INFO[150104]: FRR daemons did not change
Aug 20 10:16:45.817004 osdx ca-certificates[150120]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:46.286346 osdx ubnt-cfgd[151118]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:46.294378 osdx ca-certificates[151123]: 1 added, 0 removed; done.
Aug 20 10:16:46.297421 osdx ca-certificates[151130]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:46.300187 osdx ca-certificates[151132]: done.
Aug 20 10:16:46.348911 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:46.513169 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:46.514278 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:46.525583 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:46.539227 osdx dnscrypt-proxy[151242]: dnscrypt-proxy 2.0.45
Aug 20 10:16:46.539309 osdx dnscrypt-proxy[151242]: Network connectivity detected
Aug 20 10:16:46.539543 osdx dnscrypt-proxy[151242]: Dropping privileges
Aug 20 10:16:46.542449 osdx dnscrypt-proxy[151242]: Network connectivity detected
Aug 20 10:16:46.542495 osdx dnscrypt-proxy[151242]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:46.542500 osdx dnscrypt-proxy[151242]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:46.542526 osdx dnscrypt-proxy[151242]: Firefox workaround initialized
Aug 20 10:16:46.542531 osdx dnscrypt-proxy[151242]: Loading the set of cloaking rules from [/tmp/tmpxlq_jabf]
Aug 20 10:16:46.546279 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:46.788412 osdx dnscrypt-proxy[151242]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Aug 20 10:16:46.788431 osdx dnscrypt-proxy[151242]: [RD] OK (DoH) - rtt: 149ms
Aug 20 10:16:46.788440 osdx dnscrypt-proxy[151242]: Server with the lowest initial latency: RD (rtt: 149ms)
Aug 20 10:16:46.788446 osdx dnscrypt-proxy[151242]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:16:51.695668 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:16:53.789201 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Aug 20 10:16:54.008541 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.1M, max 15.3M, 13.2M free.
Aug 20 10:16:54.008985 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:54.009018 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:54.017946 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:54.305388 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:54.364924 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:16:54.467748 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:16:54.530998 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:54.638300 osdx ubnt-cfgd[151315]: inactive
Aug 20 10:16:54.658784 osdx dnscrypt-proxy[151242]: Stopped.
Aug 20 10:16:54.658804 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:16:54.659823 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:16:54.659929 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:54.732786 osdx ca-certificates[151401]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:16:55.004673 osdx ca-certificates[151970]: done.
Aug 20 10:16:55.007727 osdx ca-certificates[151979]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:55.452293 osdx ubnt-cfgd[152825]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:55.460402 osdx ca-certificates[152830]: 140 added, 0 removed; done.
Aug 20 10:16:55.463294 osdx ca-certificates[152837]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:55.467117 osdx ca-certificates[152839]: done.
Aug 20 10:16:55.481269 osdx INFO[152842]: FRR daemons did not change
Aug 20 10:16:55.481481 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:55.483321 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:55.499816 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:56.908779 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:56.987050 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:16:57.099387 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:16:57.179070 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:16:57.292673 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:16:57.394380 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:16:57.467262 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Aug 20 10:16:57.583226 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Aug 20 10:16:57.640451 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:16:57.757956 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:16:57.815183 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:16:57.938874 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:58.020915 osdx ubnt-cfgd[152879]: inactive
Aug 20 10:16:58.044747 osdx INFO[152889]: FRR daemons did not change
Aug 20 10:16:58.058708 osdx ca-certificates[152905]: Updating certificates in /etc/ssl/certs...
Aug 20 10:16:58.593102 osdx ubnt-cfgd[153903]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:16:58.603011 osdx ca-certificates[153908]: 1 added, 0 removed; done.
Aug 20 10:16:58.607265 osdx ca-certificates[153915]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:16:58.610922 osdx ca-certificates[153917]: done.
Aug 20 10:16:58.632919 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:16:58.797333 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:16:58.798698 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:16:58.813154 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:16:58.828795 osdx dnscrypt-proxy[154027]: dnscrypt-proxy 2.0.45
Aug 20 10:16:58.828876 osdx dnscrypt-proxy[154027]: Network connectivity detected
Aug 20 10:16:58.829111 osdx dnscrypt-proxy[154027]: Dropping privileges
Aug 20 10:16:58.831774 osdx dnscrypt-proxy[154027]: Network connectivity detected
Aug 20 10:16:58.832035 osdx dnscrypt-proxy[154027]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:16:58.832084 osdx dnscrypt-proxy[154027]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:16:58.832149 osdx dnscrypt-proxy[154027]: Firefox workaround initialized
Aug 20 10:16:58.832194 osdx dnscrypt-proxy[154027]: Loading the set of cloaking rules from [/tmp/tmpbz_ui66c]
Aug 20 10:16:58.841033 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:16:59.010370 osdx dnscrypt-proxy[154027]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Aug 20 10:16:59.010525 osdx dnscrypt-proxy[154027]: [RD] OK (DoH) - rtt: 105ms
Aug 20 10:16:59.010563 osdx dnscrypt-proxy[154027]: Server with the lowest initial latency: RD (rtt: 105ms)
Aug 20 10:16:59.010591 osdx dnscrypt-proxy[154027]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:16:59.047499 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Aug 20 10:16:59.346440 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:16:59.348902 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:16:59.348956 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:16:59.359811 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:16:59.612263 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:16:59.677334 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:16:59.827049 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:16:59.891124 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:16:59.984378 osdx ubnt-cfgd[154096]: inactive
Aug 20 10:17:00.008948 osdx dnscrypt-proxy[154027]: Stopped.
Aug 20 10:17:00.009035 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:17:00.009965 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:17:00.010094 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:00.081616 osdx ca-certificates[154182]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:17:00.368290 osdx ca-certificates[154750]: done.
Aug 20 10:17:00.371945 osdx ca-certificates[154761]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:00.794228 osdx ubnt-cfgd[155611]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:00.803242 osdx ca-certificates[155617]: 140 added, 0 removed; done.
Aug 20 10:17:00.806667 osdx ca-certificates[155623]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:00.810639 osdx ca-certificates[155625]: done.
Aug 20 10:17:00.825585 osdx INFO[155628]: FRR daemons did not change
Aug 20 10:17:00.825844 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:00.827906 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:00.868484 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:01.030774 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Aug 20 10:17:02.198184 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:17:02.267690 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:17:02.366321 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:17:02.441801 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:17:02.545184 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:17:02.689671 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:17:02.809971 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Aug 20 10:17:02.923128 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Aug 20 10:17:02.983317 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:17:03.088972 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:17:03.150106 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:17:03.272320 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:17:03.350885 osdx ubnt-cfgd[155667]: inactive
Aug 20 10:17:03.375543 osdx INFO[155677]: FRR daemons did not change
Aug 20 10:17:03.388395 osdx ca-certificates[155693]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:03.966227 osdx ubnt-cfgd[156691]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:03.975765 osdx ca-certificates[156697]: 1 added, 0 removed; done.
Aug 20 10:17:03.978709 osdx ca-certificates[156703]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:03.981496 osdx ca-certificates[156705]: done.
Aug 20 10:17:04.000917 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:17:04.149156 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:04.150407 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:04.161609 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:04.177041 osdx dnscrypt-proxy[156815]: dnscrypt-proxy 2.0.45
Aug 20 10:17:04.177100 osdx dnscrypt-proxy[156815]: Network connectivity detected
Aug 20 10:17:04.177273 osdx dnscrypt-proxy[156815]: Dropping privileges
Aug 20 10:17:04.179012 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:04.179879 osdx dnscrypt-proxy[156815]: Network connectivity detected
Aug 20 10:17:04.180051 osdx dnscrypt-proxy[156815]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:17:04.180085 osdx dnscrypt-proxy[156815]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:17:04.180130 osdx dnscrypt-proxy[156815]: Firefox workaround initialized
Aug 20 10:17:04.180154 osdx dnscrypt-proxy[156815]: Loading the set of cloaking rules from [/tmp/tmp96hos8h7]
Aug 20 10:17:04.405533 osdx dnscrypt-proxy[156815]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Aug 20 10:17:04.405550 osdx dnscrypt-proxy[156815]: [RD] OK (DoH) - rtt: 145ms
Aug 20 10:17:04.405558 osdx dnscrypt-proxy[156815]: Server with the lowest initial latency: RD (rtt: 145ms)
Aug 20 10:17:04.405562 osdx dnscrypt-proxy[156815]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:17:09.340427 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:17:11.429316 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Aug 20 10:17:11.648574 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:17:11.648998 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:17:11.649028 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:17:11.659475 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:17:11.976194 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:17:12.033861 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:17:12.148067 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:17:12.242355 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:17:12.342076 osdx ubnt-cfgd[156889]: inactive
Aug 20 10:17:12.360303 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:17:12.360315 osdx dnscrypt-proxy[156815]: Stopped.
Aug 20 10:17:12.361660 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:17:12.361769 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:12.445169 osdx ca-certificates[156976]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:17:12.709104 osdx ca-certificates[157546]: done.
Aug 20 10:17:12.712102 osdx ca-certificates[157558]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:13.126524 osdx ubnt-cfgd[158400]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:13.134267 osdx ca-certificates[158406]: 140 added, 0 removed; done.
Aug 20 10:17:13.137092 osdx ca-certificates[158412]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:13.139883 osdx ca-certificates[158414]: done.
Aug 20 10:17:13.153976 osdx INFO[158417]: FRR daemons did not change
Aug 20 10:17:13.154190 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:13.156141 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:13.175329 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:14.369217 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:17:14.429229 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:17:14.529026 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:17:14.594464 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:17:14.692642 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:17:14.797982 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:17:14.853357 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Aug 20 10:17:14.952544 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Aug 20 10:17:15.005847 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:17:15.119088 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:17:15.172730 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:17:15.295958 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:17:15.360065 osdx ubnt-cfgd[158455]: inactive
Aug 20 10:17:15.385027 osdx INFO[158465]: FRR daemons did not change
Aug 20 10:17:15.398543 osdx ca-certificates[158481]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:15.840248 osdx ubnt-cfgd[159479]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:15.847810 osdx ca-certificates[159484]: 1 added, 0 removed; done.
Aug 20 10:17:15.850619 osdx ca-certificates[159491]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:15.853434 osdx ca-certificates[159493]: done.
Aug 20 10:17:15.872928 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:17:16.005178 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:16.006484 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:16.033619 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:16.059133 osdx dnscrypt-proxy[159603]: dnscrypt-proxy 2.0.45
Aug 20 10:17:16.059205 osdx dnscrypt-proxy[159603]: Network connectivity detected
Aug 20 10:17:16.059402 osdx dnscrypt-proxy[159603]: Dropping privileges
Aug 20 10:17:16.061432 osdx dnscrypt-proxy[159603]: Network connectivity detected
Aug 20 10:17:16.061462 osdx dnscrypt-proxy[159603]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:17:16.061466 osdx dnscrypt-proxy[159603]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:17:16.061492 osdx dnscrypt-proxy[159603]: Firefox workaround initialized
Aug 20 10:17:16.061497 osdx dnscrypt-proxy[159603]: Loading the set of cloaking rules from [/tmp/tmpisr87ft3]
Aug 20 10:17:16.071268 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:16.247631 osdx dnscrypt-proxy[159603]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Aug 20 10:17:16.247648 osdx dnscrypt-proxy[159603]: [RD] OK (DoH) - rtt: 114ms
Aug 20 10:17:16.247655 osdx dnscrypt-proxy[159603]: Server with the lowest initial latency: RD (rtt: 114ms)
Aug 20 10:17:16.247660 osdx dnscrypt-proxy[159603]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:17:21.224978 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:17:23.313176 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Aug 20 10:17:23.550648 osdx systemd-journald[1956]: Runtime Journal (/run/log/journal/5531ee11c77d43acb462311bc7f53dec) is 2.0M, max 15.3M, 13.3M free.
Aug 20 10:17:23.552915 osdx systemd-journald[1956]: Received client request to rotate journal, rotating.
Aug 20 10:17:23.552965 osdx systemd-journald[1956]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5531ee11c77d43acb462311bc7f53dec.
Aug 20 10:17:23.561533 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'system journal clear'.
Aug 20 10:17:23.821082 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:17:23.878858 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'delete '.
Aug 20 10:17:23.995138 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Aug 20 10:17:24.061486 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:17:24.153766 osdx ubnt-cfgd[159676]: inactive
Aug 20 10:17:24.173924 osdx dnscrypt-proxy[159603]: Stopped.
Aug 20 10:17:24.173967 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Aug 20 10:17:24.174943 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Aug 20 10:17:24.175045 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:24.249666 osdx ca-certificates[159762]: Clearing symlinks in /etc/ssl/certs...
Aug 20 10:17:24.513590 osdx ca-certificates[160331]: done.
Aug 20 10:17:24.516572 osdx ca-certificates[160341]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:24.974585 osdx ubnt-cfgd[161186]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:24.984748 osdx ca-certificates[161191]: 140 added, 0 removed; done.
Aug 20 10:17:24.987475 osdx ca-certificates[161198]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:24.991146 osdx ca-certificates[161200]: done.
Aug 20 10:17:25.007502 osdx INFO[161203]: FRR daemons did not change
Aug 20 10:17:25.007819 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:25.010233 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:25.030397 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:26.241319 osdx OSDxCLI[2227]: User 'admin' entered the configuration menu.
Aug 20 10:17:26.303318 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Aug 20 10:17:26.404600 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Aug 20 10:17:26.473497 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Aug 20 10:17:26.584520 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Aug 20 10:17:26.692046 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'.
Aug 20 10:17:26.772796 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Aug 20 10:17:26.882619 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Aug 20 10:17:26.953392 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Aug 20 10:17:27.030077 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Aug 20 10:17:27.133474 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Aug 20 10:17:27.221331 osdx OSDxCLI[2227]: User 'admin' added a new cfg line: 'show working'.
Aug 20 10:17:27.315617 osdx ubnt-cfgd[161240]: inactive
Aug 20 10:17:27.339128 osdx INFO[161250]: FRR daemons did not change
Aug 20 10:17:27.353752 osdx ca-certificates[161266]: Updating certificates in /etc/ssl/certs...
Aug 20 10:17:27.876641 osdx ubnt-cfgd[162264]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Aug 20 10:17:27.884446 osdx ca-certificates[162270]: 1 added, 0 removed; done.
Aug 20 10:17:27.887299 osdx ca-certificates[162276]: Running hooks in /etc/ca-certificates/update.d...
Aug 20 10:17:27.890310 osdx ca-certificates[162278]: done.
Aug 20 10:17:27.908913 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Aug 20 10:17:28.069464 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Aug 20 10:17:28.070967 osdx cfgd[1656]: [2227]Completed change to active configuration
Aug 20 10:17:28.085246 osdx OSDxCLI[2227]: User 'admin' committed the configuration.
Aug 20 10:17:28.096556 osdx dnscrypt-proxy[162388]: dnscrypt-proxy 2.0.45
Aug 20 10:17:28.096622 osdx dnscrypt-proxy[162388]: Network connectivity detected
Aug 20 10:17:28.096820 osdx dnscrypt-proxy[162388]: Dropping privileges
Aug 20 10:17:28.098882 osdx dnscrypt-proxy[162388]: Network connectivity detected
Aug 20 10:17:28.099070 osdx dnscrypt-proxy[162388]: Now listening to 127.0.0.1:53 [UDP]
Aug 20 10:17:28.099111 osdx dnscrypt-proxy[162388]: Now listening to 127.0.0.1:53 [TCP]
Aug 20 10:17:28.099155 osdx dnscrypt-proxy[162388]: Firefox workaround initialized
Aug 20 10:17:28.099191 osdx dnscrypt-proxy[162388]: Loading the set of cloaking rules from [/tmp/tmp6ku16jqa]
Aug 20 10:17:28.101593 osdx OSDxCLI[2227]: User 'admin' left the configuration menu.
Aug 20 10:17:28.311720 osdx dnscrypt-proxy[162388]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Aug 20 10:17:28.311740 osdx dnscrypt-proxy[162388]: [RD] OK (DoH) - rtt: 133ms
Aug 20 10:17:28.311748 osdx dnscrypt-proxy[162388]: Server with the lowest initial latency: RD (rtt: 133ms)
Aug 20 10:17:28.311752 osdx dnscrypt-proxy[162388]: dnscrypt-proxy is ready - live servers: 1
Aug 20 10:17:33.249634 osdx OSDxCLI[2227]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Aug 20 10:17:35.328239 osdx OSDxCLI[2227]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---