Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Nov 25 10:49:25.274004 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:49:25.276505 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:49:25.276558 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:49:25.284448 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:49:25.489417 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:49:25.719276 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:25.795692 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:49:25.899167 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:49:25.975816 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:26.077231 osdx ubnt-cfgd[141118]: inactive Nov 25 10:49:26.098698 osdx INFO[141126]: FRR daemons did not change Nov 25 10:49:26.120510 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:49:26.197855 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:26.210522 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:26.233152 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:26.382320 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:49:26.547619 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:26.608450 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:49:26.708886 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:49:26.773308 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:49:26.859147 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:49:26.921100 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:49:27.016828 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Nov 25 10:49:27.079585 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:49:27.195126 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:49:27.249297 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:49:27.362951 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:27.427045 osdx ubnt-cfgd[141287]: inactive Nov 25 10:49:27.446622 osdx INFO[141295]: FRR daemons did not change Nov 25 10:49:27.459364 osdx ca-certificates[141311]: Updating certificates in /etc/ssl/certs... Nov 25 10:49:27.949579 osdx ubnt-cfgd[142309]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:49:27.956860 osdx ca-certificates[142314]: 1 added, 0 removed; done. Nov 25 10:49:27.960481 osdx ca-certificates[142321]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:49:27.963306 osdx ca-certificates[142323]: done. Nov 25 10:49:28.057105 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:49:28.058773 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:28.061230 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:28.081132 osdx dnscrypt-proxy[142327]: dnscrypt-proxy 2.0.45 Nov 25 10:49:28.081209 osdx dnscrypt-proxy[142327]: Network connectivity detected Nov 25 10:49:28.081434 osdx dnscrypt-proxy[142327]: Dropping privileges Nov 25 10:49:28.083969 osdx dnscrypt-proxy[142327]: Network connectivity detected Nov 25 10:49:28.083999 osdx dnscrypt-proxy[142327]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:49:28.084003 osdx dnscrypt-proxy[142327]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:49:28.084023 osdx dnscrypt-proxy[142327]: Firefox workaround initialized Nov 25 10:49:28.084027 osdx dnscrypt-proxy[142327]: Loading the set of cloaking rules from [/tmp/tmpa8hu3pb5] Nov 25 10:49:28.102725 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:28.277391 osdx dnscrypt-proxy[142327]: [RD] may be a lying resolver Nov 25 10:49:28.277401 osdx dnscrypt-proxy[142327]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Nov 25 10:49:28.277410 osdx dnscrypt-proxy[142327]: [RD] OK (DoH) - rtt: 121ms Nov 25 10:49:28.277417 osdx dnscrypt-proxy[142327]: Server with the lowest initial latency: RD (rtt: 121ms) Nov 25 10:49:28.277421 osdx dnscrypt-proxy[142327]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:49:33.250902 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:49:35.354365 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Nov 25 10:49:42.311314 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:49:42.314773 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:49:42.314825 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:49:42.321051 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:49:42.521285 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:49:42.737858 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:42.813426 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:49:42.900653 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:49:42.966382 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:43.060389 osdx ubnt-cfgd[144013]: inactive Nov 25 10:49:43.083135 osdx INFO[144021]: FRR daemons did not change Nov 25 10:49:43.102730 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:49:43.171984 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:43.183269 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:43.201113 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:43.346546 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:49:43.581072 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:43.650291 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:49:43.749545 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:49:43.814842 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:49:43.911668 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:49:43.971664 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:49:44.071906 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Nov 25 10:49:44.124230 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:49:44.241735 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:49:44.295391 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:49:44.430285 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:44.497907 osdx ubnt-cfgd[144182]: inactive Nov 25 10:49:44.516135 osdx INFO[144190]: FRR daemons did not change Nov 25 10:49:44.530134 osdx ca-certificates[144206]: Updating certificates in /etc/ssl/certs... Nov 25 10:49:45.022767 osdx ubnt-cfgd[145204]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:49:45.032426 osdx ca-certificates[145209]: 1 added, 0 removed; done. Nov 25 10:49:45.036401 osdx ca-certificates[145216]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:49:45.039309 osdx ca-certificates[145218]: done. Nov 25 10:49:45.111056 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:49:45.112278 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:45.114470 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:45.133410 osdx dnscrypt-proxy[145222]: dnscrypt-proxy 2.0.45 Nov 25 10:49:45.133671 osdx dnscrypt-proxy[145222]: Network connectivity detected Nov 25 10:49:45.133899 osdx dnscrypt-proxy[145222]: Dropping privileges Nov 25 10:49:45.135968 osdx dnscrypt-proxy[145222]: Network connectivity detected Nov 25 10:49:45.135995 osdx dnscrypt-proxy[145222]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:49:45.135999 osdx dnscrypt-proxy[145222]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:49:45.136026 osdx dnscrypt-proxy[145222]: Firefox workaround initialized Nov 25 10:49:45.136031 osdx dnscrypt-proxy[145222]: Loading the set of cloaking rules from [/tmp/tmpci3fvqj5] Nov 25 10:49:45.165225 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:45.488022 osdx dnscrypt-proxy[145222]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Nov 25 10:49:45.488037 osdx dnscrypt-proxy[145222]: [RD] OK (DoH) - rtt: 284ms Nov 25 10:49:45.488045 osdx dnscrypt-proxy[145222]: Server with the lowest initial latency: RD (rtt: 284ms) Nov 25 10:49:45.488049 osdx dnscrypt-proxy[145222]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:49:50.324918 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:49:52.399816 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Nov 25 10:49:52.616726 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:49:52.618730 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:49:52.618789 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:49:52.628820 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:49:52.901477 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:52.991382 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:49:53.071861 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:49:53.175923 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:53.242365 osdx ubnt-cfgd[145277]: inactive Nov 25 10:49:53.269070 osdx dnscrypt-proxy[145222]: Stopped. Nov 25 10:49:53.269087 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:49:53.270117 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:49:53.270254 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:49:53.350432 osdx ca-certificates[145363]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:49:53.628451 osdx ca-certificates[145933]: done. Nov 25 10:49:53.632280 osdx ca-certificates[145940]: Updating certificates in /etc/ssl/certs... Nov 25 10:49:54.055208 osdx ubnt-cfgd[146787]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:49:54.063419 osdx ca-certificates[146792]: 140 added, 0 removed; done. Nov 25 10:49:54.066247 osdx ca-certificates[146799]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:49:54.069317 osdx ca-certificates[146801]: done. Nov 25 10:49:54.083966 osdx INFO[146804]: FRR daemons did not change Nov 25 10:49:54.084413 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:54.086363 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:54.117449 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:55.348058 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:49:55.418874 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:49:55.521767 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:49:55.589775 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:49:55.690828 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:49:55.764440 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:49:55.865980 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Nov 25 10:49:55.922803 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:49:56.054562 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:49:56.111868 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:49:56.224226 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:49:56.292928 osdx ubnt-cfgd[146838]: inactive Nov 25 10:49:56.320453 osdx INFO[146848]: FRR daemons did not change Nov 25 10:49:56.335031 osdx ca-certificates[146863]: Updating certificates in /etc/ssl/certs... Nov 25 10:49:56.876813 osdx ubnt-cfgd[147862]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:49:56.884922 osdx ca-certificates[147867]: 1 added, 0 removed; done. Nov 25 10:49:56.888948 osdx ca-certificates[147874]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:49:56.891743 osdx ca-certificates[147876]: done. Nov 25 10:49:56.910730 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:49:57.063014 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:49:57.064083 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:49:57.078317 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:49:57.087339 osdx dnscrypt-proxy[147986]: dnscrypt-proxy 2.0.45 Nov 25 10:49:57.087407 osdx dnscrypt-proxy[147986]: Network connectivity detected Nov 25 10:49:57.087621 osdx dnscrypt-proxy[147986]: Dropping privileges Nov 25 10:49:57.090279 osdx dnscrypt-proxy[147986]: Network connectivity detected Nov 25 10:49:57.090307 osdx dnscrypt-proxy[147986]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:49:57.090312 osdx dnscrypt-proxy[147986]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:49:57.090338 osdx dnscrypt-proxy[147986]: Firefox workaround initialized Nov 25 10:49:57.090343 osdx dnscrypt-proxy[147986]: Loading the set of cloaking rules from [/tmp/tmpwu_9am_b] Nov 25 10:49:57.100711 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:49:57.357848 osdx dnscrypt-proxy[147986]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Nov 25 10:49:57.357867 osdx dnscrypt-proxy[147986]: [RD] OK (DoH) - rtt: 192ms Nov 25 10:49:57.357877 osdx dnscrypt-proxy[147986]: Server with the lowest initial latency: RD (rtt: 192ms) Nov 25 10:49:57.357886 osdx dnscrypt-proxy[147986]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:50:02.268004 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:50:04.368639 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Nov 25 10:50:04.590239 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:50:04.590717 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:04.590750 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:04.603697 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:04.907052 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:04.968621 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:50:05.092758 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:50:05.159380 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:05.273297 osdx ubnt-cfgd[148061]: inactive Nov 25 10:50:05.292570 osdx dnscrypt-proxy[147986]: Stopped. Nov 25 10:50:05.292595 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:50:05.293480 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:50:05.293579 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:05.370512 osdx ca-certificates[148147]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:50:05.620939 osdx ca-certificates[148716]: done. Nov 25 10:50:05.624181 osdx ca-certificates[148726]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:06.057181 osdx ubnt-cfgd[149571]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:06.065194 osdx ca-certificates[149576]: 140 added, 0 removed; done. Nov 25 10:50:06.068196 osdx ca-certificates[149583]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:06.070932 osdx ca-certificates[149585]: done. Nov 25 10:50:06.092018 osdx INFO[149588]: FRR daemons did not change Nov 25 10:50:06.092497 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:06.094681 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:06.120339 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:07.380822 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:07.442043 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:07.545681 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:07.611885 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:07.731333 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:07.796587 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:07.894511 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Nov 25 10:50:08.008289 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:08.087540 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:08.176926 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:08.326296 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:08.421217 osdx ubnt-cfgd[149622]: inactive Nov 25 10:50:08.449986 osdx INFO[149632]: FRR daemons did not change Nov 25 10:50:08.466030 osdx ca-certificates[149648]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:09.039944 osdx ubnt-cfgd[150646]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:09.048069 osdx ca-certificates[150651]: 1 added, 0 removed; done. Nov 25 10:50:09.051216 osdx ca-certificates[150658]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:09.054535 osdx ca-certificates[150660]: done. Nov 25 10:50:09.074733 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:09.223088 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:09.224856 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:09.236140 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:09.245273 osdx dnscrypt-proxy[150770]: dnscrypt-proxy 2.0.45 Nov 25 10:50:09.245360 osdx dnscrypt-proxy[150770]: Network connectivity detected Nov 25 10:50:09.245608 osdx dnscrypt-proxy[150770]: Dropping privileges Nov 25 10:50:09.247936 osdx dnscrypt-proxy[150770]: Network connectivity detected Nov 25 10:50:09.247970 osdx dnscrypt-proxy[150770]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:09.247976 osdx dnscrypt-proxy[150770]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:09.248004 osdx dnscrypt-proxy[150770]: Firefox workaround initialized Nov 25 10:50:09.248009 osdx dnscrypt-proxy[150770]: Loading the set of cloaking rules from [/tmp/tmpbqbbbgg4] Nov 25 10:50:09.253321 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:09.438675 osdx dnscrypt-proxy[150770]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Nov 25 10:50:09.438690 osdx dnscrypt-proxy[150770]: [RD] OK (DoH) - rtt: 124ms Nov 25 10:50:09.438698 osdx dnscrypt-proxy[150770]: Server with the lowest initial latency: RD (rtt: 124ms) Nov 25 10:50:09.438704 osdx dnscrypt-proxy[150770]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:50:12.030943 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Nov 25 10:50:14.427692 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:50:16.517300 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Nov 25 10:50:23.000367 osdx systemd-timedated[152447]: Changed local time to Tue 2025-11-25 10:50:23 UTC Nov 25 10:50:23.000893 osdx systemd-journald[1857]: Time jumped backwards, rotating. Nov 25 10:50:23.002138 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'set date 2025-11-25 10:50:23'. Nov 25 10:50:23.335764 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 2.0M, max 13.8M, 11.7M free. Nov 25 10:50:23.336798 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:23.336851 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:23.346394 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:23.576005 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:50:23.858549 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:23.935295 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:24.020584 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:24.092223 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:24.211015 osdx ubnt-cfgd[152475]: inactive Nov 25 10:50:24.230549 osdx INFO[152483]: FRR daemons did not change Nov 25 10:50:24.252743 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:24.324887 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:24.338449 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:24.355338 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:24.502215 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:50:24.716129 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:24.782218 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:24.885439 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:24.952263 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:25.056384 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:25.165829 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:25.223373 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:50:25.320178 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:25.391864 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:25.482246 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:25.555702 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:25.648813 osdx ubnt-cfgd[152644]: inactive Nov 25 10:50:25.669481 osdx INFO[152652]: FRR daemons did not change Nov 25 10:50:25.681534 osdx ca-certificates[152668]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:26.195227 osdx ubnt-cfgd[153666]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:26.203635 osdx ca-certificates[153672]: 1 added, 0 removed; done. Nov 25 10:50:26.206724 osdx ca-certificates[153678]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:26.209630 osdx ca-certificates[153680]: done. Nov 25 10:50:26.285057 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:26.286312 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:26.288707 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:26.305212 osdx dnscrypt-proxy[153684]: dnscrypt-proxy 2.0.45 Nov 25 10:50:26.305271 osdx dnscrypt-proxy[153684]: Network connectivity detected Nov 25 10:50:26.305483 osdx dnscrypt-proxy[153684]: Dropping privileges Nov 25 10:50:26.305806 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:26.308232 osdx dnscrypt-proxy[153684]: Network connectivity detected Nov 25 10:50:26.308404 osdx dnscrypt-proxy[153684]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:26.308452 osdx dnscrypt-proxy[153684]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:26.308503 osdx dnscrypt-proxy[153684]: Firefox workaround initialized Nov 25 10:50:26.308541 osdx dnscrypt-proxy[153684]: Loading the set of cloaking rules from [/tmp/tmpwsr0lcag] Nov 25 10:50:26.309573 osdx dnscrypt-proxy[153684]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Nov 25 10:50:33.323244 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:50:33.326055 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:33.326115 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:33.333795 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:33.543870 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:50:33.759185 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:33.834312 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:33.930487 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:33.996505 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:34.094552 osdx ubnt-cfgd[155359]: inactive Nov 25 10:50:34.114784 osdx INFO[155367]: FRR daemons did not change Nov 25 10:50:34.134068 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:34.209974 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:34.220727 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:34.242100 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:34.385702 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:50:34.569002 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:34.630640 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:34.730837 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:34.795573 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:34.891447 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:34.952783 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:35.049908 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:50:35.106786 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:35.227816 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:35.293936 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:35.407511 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:35.472472 osdx ubnt-cfgd[155528]: inactive Nov 25 10:50:35.505313 osdx INFO[155536]: FRR daemons did not change Nov 25 10:50:35.520794 osdx ca-certificates[155552]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:36.054045 osdx ubnt-cfgd[156550]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:36.063593 osdx ca-certificates[156555]: 1 added, 0 removed; done. Nov 25 10:50:36.066709 osdx ca-certificates[156562]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:36.070316 osdx ca-certificates[156564]: done. Nov 25 10:50:36.138620 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:36.140282 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:36.144038 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:36.161522 osdx dnscrypt-proxy[156568]: dnscrypt-proxy 2.0.45 Nov 25 10:50:36.161582 osdx dnscrypt-proxy[156568]: Network connectivity detected Nov 25 10:50:36.161784 osdx dnscrypt-proxy[156568]: Dropping privileges Nov 25 10:50:36.163988 osdx dnscrypt-proxy[156568]: Network connectivity detected Nov 25 10:50:36.164022 osdx dnscrypt-proxy[156568]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:36.164026 osdx dnscrypt-proxy[156568]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:36.164054 osdx dnscrypt-proxy[156568]: Firefox workaround initialized Nov 25 10:50:36.164059 osdx dnscrypt-proxy[156568]: Loading the set of cloaking rules from [/tmp/tmpmfvbhk0o] Nov 25 10:50:36.165001 osdx dnscrypt-proxy[156568]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Nov 25 10:50:36.172471 osdx OSDxCLI[17193]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Nov 25 10:50:36.504815 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:50:36.506109 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:36.506195 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:36.517708 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:36.779623 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:36.836636 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:50:36.956519 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:50:37.022189 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:37.120951 osdx ubnt-cfgd[156613]: inactive Nov 25 10:50:37.159965 osdx dnscrypt-proxy[156568]: Stopped. Nov 25 10:50:37.160058 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:50:37.160963 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:50:37.161097 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:37.244027 osdx ca-certificates[156699]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:50:37.512029 osdx ca-certificates[157268]: done. Nov 25 10:50:37.515757 osdx ca-certificates[157278]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:37.922180 osdx ubnt-cfgd[158123]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:37.929899 osdx ca-certificates[158128]: 140 added, 0 removed; done. Nov 25 10:50:37.932728 osdx ca-certificates[158135]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:37.935413 osdx ca-certificates[158137]: done. Nov 25 10:50:37.949376 osdx INFO[158140]: FRR daemons did not change Nov 25 10:50:37.949743 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:37.951515 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:37.976187 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:39.276721 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:39.334777 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:39.437931 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:39.513548 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:39.619156 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:39.708844 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:39.817956 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Nov 25 10:50:39.894532 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:40.022307 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:40.085859 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:40.199894 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:40.275869 osdx ubnt-cfgd[158174]: inactive Nov 25 10:50:40.302905 osdx INFO[158184]: FRR daemons did not change Nov 25 10:50:40.316167 osdx ca-certificates[158200]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:40.805029 osdx ubnt-cfgd[159198]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:40.813599 osdx ca-certificates[159204]: 1 added, 0 removed; done. Nov 25 10:50:40.817404 osdx ca-certificates[159210]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:40.821357 osdx ca-certificates[159212]: done. Nov 25 10:50:40.842069 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:40.998535 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:40.999981 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:41.011270 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:41.021696 osdx dnscrypt-proxy[159322]: dnscrypt-proxy 2.0.45 Nov 25 10:50:41.021938 osdx dnscrypt-proxy[159322]: Network connectivity detected Nov 25 10:50:41.022150 osdx dnscrypt-proxy[159322]: Dropping privileges Nov 25 10:50:41.024202 osdx dnscrypt-proxy[159322]: Network connectivity detected Nov 25 10:50:41.024232 osdx dnscrypt-proxy[159322]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:41.024237 osdx dnscrypt-proxy[159322]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:41.024263 osdx dnscrypt-proxy[159322]: Firefox workaround initialized Nov 25 10:50:41.024267 osdx dnscrypt-proxy[159322]: Loading the set of cloaking rules from [/tmp/tmplasd2buv] Nov 25 10:50:41.025104 osdx dnscrypt-proxy[159322]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Nov 25 10:50:41.042022 osdx OSDxCLI[17193]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Nov 25 10:50:41.304418 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:50:41.306056 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:41.306104 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:41.313879 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:41.592531 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:41.663615 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:50:41.790068 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:50:41.895829 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:41.971482 osdx ubnt-cfgd[159386]: inactive Nov 25 10:50:41.992642 osdx dnscrypt-proxy[159322]: Stopped. Nov 25 10:50:41.992725 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:50:41.993397 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:50:41.993522 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:42.068429 osdx ca-certificates[159472]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:50:42.336526 osdx ca-certificates[160041]: done. Nov 25 10:50:42.340134 osdx ca-certificates[160054]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:42.770522 osdx ubnt-cfgd[160896]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:42.780438 osdx ca-certificates[160902]: 140 added, 0 removed; done. Nov 25 10:50:42.783461 osdx ca-certificates[160908]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:42.786566 osdx ca-certificates[160910]: done. Nov 25 10:50:42.805201 osdx INFO[160913]: FRR daemons did not change Nov 25 10:50:42.805500 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:42.807363 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:42.823993 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:44.102609 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:44.173438 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:44.265378 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:44.335109 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:44.432177 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:44.499695 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:44.597495 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:50:44.657660 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Nov 25 10:50:44.759064 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:44.834540 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:44.909138 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:45.025781 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:45.087997 osdx ubnt-cfgd[160950]: inactive Nov 25 10:50:45.114160 osdx INFO[160960]: FRR daemons did not change Nov 25 10:50:45.128549 osdx ca-certificates[160976]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:45.662446 osdx ubnt-cfgd[161974]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:45.671127 osdx ca-certificates[161980]: 1 added, 0 removed; done. Nov 25 10:50:45.673981 osdx ca-certificates[161986]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:45.676941 osdx ca-certificates[161988]: done. Nov 25 10:50:45.698063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:45.854399 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:45.855484 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:45.870128 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:45.879627 osdx dnscrypt-proxy[162098]: dnscrypt-proxy 2.0.45 Nov 25 10:50:45.879908 osdx dnscrypt-proxy[162098]: Network connectivity detected Nov 25 10:50:45.880158 osdx dnscrypt-proxy[162098]: Dropping privileges Nov 25 10:50:45.882262 osdx dnscrypt-proxy[162098]: Network connectivity detected Nov 25 10:50:45.882294 osdx dnscrypt-proxy[162098]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:45.882299 osdx dnscrypt-proxy[162098]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:45.882323 osdx dnscrypt-proxy[162098]: Firefox workaround initialized Nov 25 10:50:45.882328 osdx dnscrypt-proxy[162098]: Loading the set of cloaking rules from [/tmp/tmpxjowza1w] Nov 25 10:50:45.883162 osdx dnscrypt-proxy[162098]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Nov 25 10:50:45.891654 osdx OSDxCLI[17193]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Nov 25 10:50:52.000206 osdx systemd-timedated[152447]: Changed local time to Tue 2025-11-25 10:50:52 UTC Nov 25 10:50:52.002338 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'set date 2025-11-25 10:50:52'. Nov 25 10:50:52.002745 osdx systemd-journald[1857]: Time jumped backwards, rotating. Nov 25 10:50:52.375365 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:50:52.378739 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:50:52.378794 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:50:52.388358 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:50:52.621551 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system coredump delete all'. Nov 25 10:50:52.850735 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:52.936160 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:53.035738 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:53.102449 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:53.210936 osdx ubnt-cfgd[163793]: inactive Nov 25 10:50:53.237143 osdx INFO[163801]: FRR daemons did not change Nov 25 10:50:53.262749 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:50:53.344293 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:53.359113 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:53.376749 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:53.551240 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Nov 25 10:50:53.754814 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:50:53.842642 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:50:53.933641 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:50:54.004574 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:50:54.097426 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:50:54.159988 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:50:54.267398 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:50:54.345646 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Nov 25 10:50:54.416031 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:50:54.525160 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:50:54.583246 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:50:54.691960 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:50:54.756509 osdx ubnt-cfgd[163965]: inactive Nov 25 10:50:54.776198 osdx INFO[163973]: FRR daemons did not change Nov 25 10:50:54.788146 osdx ca-certificates[163989]: Updating certificates in /etc/ssl/certs... Nov 25 10:50:55.308195 osdx ubnt-cfgd[164987]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:50:55.316079 osdx ca-certificates[164992]: 1 added, 0 removed; done. Nov 25 10:50:55.318875 osdx ca-certificates[164999]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:50:55.321685 osdx ca-certificates[165001]: done. Nov 25 10:50:55.391024 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:50:55.392269 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:50:55.394232 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:50:55.410934 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:50:55.419777 osdx dnscrypt-proxy[165005]: dnscrypt-proxy 2.0.45 Nov 25 10:50:55.419845 osdx dnscrypt-proxy[165005]: Network connectivity detected Nov 25 10:50:55.420061 osdx dnscrypt-proxy[165005]: Dropping privileges Nov 25 10:50:55.422087 osdx dnscrypt-proxy[165005]: Network connectivity detected Nov 25 10:50:55.422114 osdx dnscrypt-proxy[165005]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:50:55.422119 osdx dnscrypt-proxy[165005]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:50:55.422137 osdx dnscrypt-proxy[165005]: Firefox workaround initialized Nov 25 10:50:55.422141 osdx dnscrypt-proxy[165005]: Loading the set of cloaking rules from [/tmp/tmprizizy1a] Nov 25 10:50:55.600866 osdx dnscrypt-proxy[165005]: [RD] may be a lying resolver Nov 25 10:50:55.600875 osdx dnscrypt-proxy[165005]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Nov 25 10:50:55.600890 osdx dnscrypt-proxy[165005]: [RD] OK (DoH) - rtt: 115ms Nov 25 10:50:55.600898 osdx dnscrypt-proxy[165005]: Server with the lowest initial latency: RD (rtt: 115ms) Nov 25 10:50:55.600903 osdx dnscrypt-proxy[165005]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:51:00.568701 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:51:02.661136 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Nov 25 10:51:02.884068 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:51:02.886733 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:51:02.886781 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:51:02.895702 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:51:03.204245 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:03.263556 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:51:03.379095 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:51:03.493396 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:03.590983 osdx ubnt-cfgd[165064]: inactive Nov 25 10:51:03.612741 osdx dnscrypt-proxy[165005]: Stopped. Nov 25 10:51:03.612810 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:51:03.613758 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:51:03.613879 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:03.689256 osdx ca-certificates[165150]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:51:03.950634 osdx ca-certificates[165719]: done. Nov 25 10:51:03.954488 osdx ca-certificates[165728]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:04.393032 osdx ubnt-cfgd[166574]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:04.404456 osdx ca-certificates[166579]: 140 added, 0 removed; done. Nov 25 10:51:04.407757 osdx ca-certificates[166586]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:04.410585 osdx ca-certificates[166588]: done. Nov 25 10:51:04.425577 osdx INFO[166591]: FRR daemons did not change Nov 25 10:51:04.425809 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:04.427855 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:04.450071 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:05.833813 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:05.905768 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:51:06.007732 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:51:06.100884 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:51:06.183219 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:51:06.299819 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:51:06.376777 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:51:06.443185 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Nov 25 10:51:06.541474 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:51:06.670966 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:51:06.724744 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:51:06.840406 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:06.902767 osdx ubnt-cfgd[166628]: inactive Nov 25 10:51:06.928868 osdx INFO[166638]: FRR daemons did not change Nov 25 10:51:06.943107 osdx ca-certificates[166653]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:07.436592 osdx ubnt-cfgd[167652]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:07.443843 osdx ca-certificates[167657]: 1 added, 0 removed; done. Nov 25 10:51:07.446562 osdx ca-certificates[167664]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:07.449264 osdx ca-certificates[167666]: done. Nov 25 10:51:07.470738 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:51:07.615009 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:07.615983 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:07.627253 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:07.642113 osdx dnscrypt-proxy[167776]: dnscrypt-proxy 2.0.45 Nov 25 10:51:07.642167 osdx dnscrypt-proxy[167776]: Network connectivity detected Nov 25 10:51:07.642365 osdx dnscrypt-proxy[167776]: Dropping privileges Nov 25 10:51:07.644381 osdx dnscrypt-proxy[167776]: Network connectivity detected Nov 25 10:51:07.644408 osdx dnscrypt-proxy[167776]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:51:07.644412 osdx dnscrypt-proxy[167776]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:51:07.644436 osdx dnscrypt-proxy[167776]: Firefox workaround initialized Nov 25 10:51:07.644440 osdx dnscrypt-proxy[167776]: Loading the set of cloaking rules from [/tmp/tmpq18zvz3i] Nov 25 10:51:07.651159 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:07.849334 osdx dnscrypt-proxy[167776]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Nov 25 10:51:07.849349 osdx dnscrypt-proxy[167776]: [RD] OK (DoH) - rtt: 131ms Nov 25 10:51:07.849355 osdx dnscrypt-proxy[167776]: Server with the lowest initial latency: RD (rtt: 131ms) Nov 25 10:51:07.849360 osdx dnscrypt-proxy[167776]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:51:12.817517 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:51:14.903933 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Nov 25 10:51:15.150493 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:51:15.150929 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:51:15.150961 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:51:15.160987 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:51:15.470046 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:15.541309 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:51:15.661149 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:51:15.726983 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:15.831414 osdx ubnt-cfgd[167849]: inactive Nov 25 10:51:15.858067 osdx dnscrypt-proxy[167776]: Stopped. Nov 25 10:51:15.858136 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:51:15.859076 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:51:15.859217 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:15.947527 osdx ca-certificates[167935]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:51:16.253600 osdx ca-certificates[168504]: done. Nov 25 10:51:16.258473 osdx ca-certificates[168512]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:16.694295 osdx ubnt-cfgd[169359]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:16.703181 osdx ca-certificates[169365]: 140 added, 0 removed; done. Nov 25 10:51:16.706044 osdx ca-certificates[169371]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:16.708796 osdx ca-certificates[169373]: done. Nov 25 10:51:16.725092 osdx INFO[169376]: FRR daemons did not change Nov 25 10:51:16.725530 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:16.765450 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:16.799684 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:18.268869 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:18.352145 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:51:18.470191 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:51:18.548834 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:51:18.656424 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:51:18.776124 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:51:18.832076 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Nov 25 10:51:18.931727 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Nov 25 10:51:18.985439 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:51:19.095246 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:51:19.158305 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:51:19.277750 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:19.343336 osdx ubnt-cfgd[169413]: inactive Nov 25 10:51:19.365013 osdx INFO[169423]: FRR daemons did not change Nov 25 10:51:19.376267 osdx ca-certificates[169439]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:19.896052 osdx ubnt-cfgd[170437]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:19.903419 osdx ca-certificates[170442]: 1 added, 0 removed; done. Nov 25 10:51:19.906271 osdx ca-certificates[170449]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:19.909112 osdx ca-certificates[170451]: done. Nov 25 10:51:19.942753 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:51:20.087080 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:20.088325 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:20.099745 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:20.110370 osdx dnscrypt-proxy[170561]: dnscrypt-proxy 2.0.45 Nov 25 10:51:20.110439 osdx dnscrypt-proxy[170561]: Network connectivity detected Nov 25 10:51:20.110662 osdx dnscrypt-proxy[170561]: Dropping privileges Nov 25 10:51:20.112816 osdx dnscrypt-proxy[170561]: Network connectivity detected Nov 25 10:51:20.112843 osdx dnscrypt-proxy[170561]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:51:20.112848 osdx dnscrypt-proxy[170561]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:51:20.112868 osdx dnscrypt-proxy[170561]: Firefox workaround initialized Nov 25 10:51:20.112872 osdx dnscrypt-proxy[170561]: Loading the set of cloaking rules from [/tmp/tmpog7ppftf] Nov 25 10:51:20.119946 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:20.313307 osdx dnscrypt-proxy[170561]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Nov 25 10:51:20.313330 osdx dnscrypt-proxy[170561]: [RD] OK (DoH) - rtt: 121ms Nov 25 10:51:20.313341 osdx dnscrypt-proxy[170561]: Server with the lowest initial latency: RD (rtt: 121ms) Nov 25 10:51:20.313348 osdx dnscrypt-proxy[170561]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:51:22.030798 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Nov 25 10:51:25.276594 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:51:27.376680 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Nov 25 10:51:27.685742 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:51:27.686746 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:51:27.686791 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:51:27.696678 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:51:27.970734 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:28.030573 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:51:28.152932 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:51:28.228727 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:28.325577 osdx ubnt-cfgd[170636]: inactive Nov 25 10:51:28.349869 osdx dnscrypt-proxy[170561]: Stopped. Nov 25 10:51:28.349871 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:51:28.351277 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:51:28.351374 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:28.434425 osdx ca-certificates[170722]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:51:28.701964 osdx ca-certificates[171291]: done. Nov 25 10:51:28.708310 osdx ca-certificates[171299]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:29.142356 osdx ubnt-cfgd[172146]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:29.150055 osdx ca-certificates[172151]: 140 added, 0 removed; done. Nov 25 10:51:29.153880 osdx ca-certificates[172158]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:29.156910 osdx ca-certificates[172160]: done. Nov 25 10:51:29.175114 osdx INFO[172163]: FRR daemons did not change Nov 25 10:51:29.175403 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:29.254743 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:29.288428 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:30.604930 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:30.666135 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:51:30.766188 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:51:30.832509 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:51:30.929685 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:51:30.990001 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:51:31.086480 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Nov 25 10:51:31.146124 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Nov 25 10:51:31.242509 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:51:31.361049 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:51:31.416239 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:51:31.528165 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:31.594785 osdx ubnt-cfgd[172201]: inactive Nov 25 10:51:31.621065 osdx INFO[172211]: FRR daemons did not change Nov 25 10:51:31.633753 osdx ca-certificates[172227]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:32.147708 osdx ubnt-cfgd[173225]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:32.155831 osdx ca-certificates[173231]: 1 added, 0 removed; done. Nov 25 10:51:32.159842 osdx ca-certificates[173237]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:32.162986 osdx ca-certificates[173239]: done. Nov 25 10:51:32.186751 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:51:32.351088 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:32.352385 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:32.363394 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:32.378143 osdx dnscrypt-proxy[173349]: dnscrypt-proxy 2.0.45 Nov 25 10:51:32.378223 osdx dnscrypt-proxy[173349]: Network connectivity detected Nov 25 10:51:32.378487 osdx dnscrypt-proxy[173349]: Dropping privileges Nov 25 10:51:32.381046 osdx dnscrypt-proxy[173349]: Network connectivity detected Nov 25 10:51:32.381083 osdx dnscrypt-proxy[173349]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:51:32.381088 osdx dnscrypt-proxy[173349]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:51:32.381120 osdx dnscrypt-proxy[173349]: Firefox workaround initialized Nov 25 10:51:32.381126 osdx dnscrypt-proxy[173349]: Loading the set of cloaking rules from [/tmp/tmp7ppkhdi2] Nov 25 10:51:32.394790 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:32.600099 osdx dnscrypt-proxy[173349]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Nov 25 10:51:32.600112 osdx dnscrypt-proxy[173349]: [RD] OK (DoH) - rtt: 129ms Nov 25 10:51:32.600120 osdx dnscrypt-proxy[173349]: Server with the lowest initial latency: RD (rtt: 129ms) Nov 25 10:51:32.600124 osdx dnscrypt-proxy[173349]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:51:37.565960 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:51:39.662022 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Nov 25 10:51:39.881274 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:51:39.882732 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:51:39.882777 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:51:39.890621 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:51:40.217068 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:40.319081 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:51:40.394134 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:51:40.496454 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:40.559571 osdx ubnt-cfgd[173421]: inactive Nov 25 10:51:40.581161 osdx dnscrypt-proxy[173349]: Stopped. Nov 25 10:51:40.581174 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:51:40.582204 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:51:40.582336 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:40.662063 osdx ca-certificates[173507]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:51:40.928324 osdx ca-certificates[174076]: done. Nov 25 10:51:40.931558 osdx ca-certificates[174084]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:41.365884 osdx ubnt-cfgd[174931]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:41.377271 osdx ca-certificates[174937]: 140 added, 0 removed; done. Nov 25 10:51:41.381030 osdx ca-certificates[174943]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:41.384641 osdx ca-certificates[174945]: done. Nov 25 10:51:41.402946 osdx INFO[174948]: FRR daemons did not change Nov 25 10:51:41.403234 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:41.405551 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:41.432012 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:42.728472 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:42.791594 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:51:42.895840 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:51:42.982744 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:51:43.048667 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:51:43.166521 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:51:43.225105 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Nov 25 10:51:43.324765 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Nov 25 10:51:43.382972 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:51:43.512835 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:51:43.583101 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:51:43.694950 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:43.762089 osdx ubnt-cfgd[174985]: inactive Nov 25 10:51:43.784662 osdx INFO[174995]: FRR daemons did not change Nov 25 10:51:43.798410 osdx ca-certificates[175010]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:44.273712 osdx ubnt-cfgd[176009]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:44.281989 osdx ca-certificates[176014]: 1 added, 0 removed; done. Nov 25 10:51:44.284872 osdx ca-certificates[176021]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:44.287657 osdx ca-certificates[176023]: done. Nov 25 10:51:44.306803 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:51:44.462996 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:44.464354 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:44.475334 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:44.492871 osdx dnscrypt-proxy[176133]: dnscrypt-proxy 2.0.45 Nov 25 10:51:44.492941 osdx dnscrypt-proxy[176133]: Network connectivity detected Nov 25 10:51:44.493180 osdx dnscrypt-proxy[176133]: Dropping privileges Nov 25 10:51:44.494250 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:44.496105 osdx dnscrypt-proxy[176133]: Network connectivity detected Nov 25 10:51:44.496140 osdx dnscrypt-proxy[176133]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:51:44.496145 osdx dnscrypt-proxy[176133]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:51:44.496172 osdx dnscrypt-proxy[176133]: Firefox workaround initialized Nov 25 10:51:44.496177 osdx dnscrypt-proxy[176133]: Loading the set of cloaking rules from [/tmp/tmpvssxdomh] Nov 25 10:51:44.695293 osdx dnscrypt-proxy[176133]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Nov 25 10:51:44.695317 osdx dnscrypt-proxy[176133]: [RD] OK (DoH) - rtt: 103ms Nov 25 10:51:44.695327 osdx dnscrypt-proxy[176133]: Server with the lowest initial latency: RD (rtt: 103ms) Nov 25 10:51:44.695332 osdx dnscrypt-proxy[176133]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:51:49.659712 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:51:51.744775 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Nov 25 10:51:51.962968 osdx systemd-journald[1857]: Runtime Journal (/run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32) is 1.8M, max 13.8M, 11.9M free. Nov 25 10:51:51.966734 osdx systemd-journald[1857]: Received client request to rotate journal, rotating. Nov 25 10:51:51.966782 osdx systemd-journald[1857]: Vacuuming done, freed 0B of archived journals from /run/log/journal/3dabd6c33b8e497d9fdbc41689ab0c32. Nov 25 10:51:51.973401 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'system journal clear'. Nov 25 10:51:52.232148 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:52.340763 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'delete '. Nov 25 10:51:52.412486 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Nov 25 10:51:52.504742 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:52.563737 osdx ubnt-cfgd[176206]: inactive Nov 25 10:51:52.583488 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Nov 25 10:51:52.583495 osdx dnscrypt-proxy[176133]: Stopped. Nov 25 10:51:52.584722 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Nov 25 10:51:52.584832 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:52.664531 osdx ca-certificates[176292]: Clearing symlinks in /etc/ssl/certs... Nov 25 10:51:52.930310 osdx ca-certificates[176862]: done. Nov 25 10:51:52.933505 osdx ca-certificates[176870]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:53.357322 osdx ubnt-cfgd[177716]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:53.368110 osdx ca-certificates[177722]: 140 added, 0 removed; done. Nov 25 10:51:53.371534 osdx ca-certificates[177728]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:53.374292 osdx ca-certificates[177730]: done. Nov 25 10:51:53.390678 osdx INFO[177733]: FRR daemons did not change Nov 25 10:51:53.391131 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:53.392914 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:53.409985 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:54.643245 osdx OSDxCLI[17193]: User 'admin' entered the configuration menu. Nov 25 10:51:54.724462 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Nov 25 10:51:54.832462 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Nov 25 10:51:54.898419 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Nov 25 10:51:55.004501 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Nov 25 10:51:55.108511 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Nov 25 10:51:55.208307 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Nov 25 10:51:55.267890 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Nov 25 10:51:55.363951 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 25 10:51:55.440636 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Nov 25 10:51:55.522517 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 25 10:51:55.597734 osdx OSDxCLI[17193]: User 'admin' added a new cfg line: 'show working'. Nov 25 10:51:55.710145 osdx ubnt-cfgd[177770]: inactive Nov 25 10:51:55.731756 osdx INFO[177780]: FRR daemons did not change Nov 25 10:51:55.744189 osdx ca-certificates[177796]: Updating certificates in /etc/ssl/certs... Nov 25 10:51:56.234658 osdx ubnt-cfgd[178794]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Nov 25 10:51:56.243399 osdx ca-certificates[178799]: 1 added, 0 removed; done. Nov 25 10:51:56.247392 osdx ca-certificates[178806]: Running hooks in /etc/ca-certificates/update.d... Nov 25 10:51:56.250153 osdx ca-certificates[178808]: done. Nov 25 10:51:56.274736 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 25 10:51:56.431166 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Nov 25 10:51:56.432703 osdx cfgd[1655]: [17193]Completed change to active configuration Nov 25 10:51:56.446169 osdx OSDxCLI[17193]: User 'admin' committed the configuration. Nov 25 10:51:56.456391 osdx dnscrypt-proxy[178918]: dnscrypt-proxy 2.0.45 Nov 25 10:51:56.456451 osdx dnscrypt-proxy[178918]: Network connectivity detected Nov 25 10:51:56.456626 osdx dnscrypt-proxy[178918]: Dropping privileges Nov 25 10:51:56.458892 osdx dnscrypt-proxy[178918]: Network connectivity detected Nov 25 10:51:56.459134 osdx dnscrypt-proxy[178918]: Now listening to 127.0.0.1:53 [UDP] Nov 25 10:51:56.459176 osdx dnscrypt-proxy[178918]: Now listening to 127.0.0.1:53 [TCP] Nov 25 10:51:56.459236 osdx dnscrypt-proxy[178918]: Firefox workaround initialized Nov 25 10:51:56.459271 osdx dnscrypt-proxy[178918]: Loading the set of cloaking rules from [/tmp/tmpohim3851] Nov 25 10:51:56.464446 osdx OSDxCLI[17193]: User 'admin' left the configuration menu. Nov 25 10:51:56.656702 osdx dnscrypt-proxy[178918]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Nov 25 10:51:56.656717 osdx dnscrypt-proxy[178918]: [RD] OK (DoH) - rtt: 118ms Nov 25 10:51:56.656733 osdx dnscrypt-proxy[178918]: Server with the lowest initial latency: RD (rtt: 118ms) Nov 25 10:51:56.656738 osdx dnscrypt-proxy[178918]: dnscrypt-proxy is ready - live servers: 1 Nov 25 10:52:01.605101 osdx OSDxCLI[17193]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Nov 25 10:52:03.700829 osdx OSDxCLI[17193]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.