Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 24 12:06:22.336794 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:06:22.338241 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:06:22.338301 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:06:22.346905 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:06:22.574178 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:06:22.848184 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:22.923868 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:23.032421 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:23.096080 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:23.189821 osdx ubnt-cfgd[72343]: inactive Mar 24 12:06:23.210879 osdx INFO[72351]: FRR daemons did not change Mar 24 12:06:23.234245 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:06:23.298348 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:23.311591 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:23.331176 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:23.481764 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:06:23.650597 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:23.710645 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:06:23.815712 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:06:23.889047 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:06:23.982683 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:06:24.042164 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:06:24.139337 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 24 12:06:24.228201 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:06:24.310823 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:24.411638 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:24.520711 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:24.588208 osdx ubnt-cfgd[72512]: inactive Mar 24 12:06:24.608957 osdx INFO[72520]: FRR daemons did not change Mar 24 12:06:24.621378 osdx ca-certificates[72536]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:25.158366 osdx ubnt-cfgd[73534]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:25.166229 osdx ca-certificates[73540]: 1 added, 0 removed; done. Mar 24 12:06:25.169165 osdx ca-certificates[73546]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:25.171819 osdx ca-certificates[73548]: done. Mar 24 12:06:25.234594 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:25.235887 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:25.238402 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:25.257094 osdx dnscrypt-proxy[73552]: dnscrypt-proxy 2.0.45 Mar 24 12:06:25.257155 osdx dnscrypt-proxy[73552]: Network connectivity detected Mar 24 12:06:25.257348 osdx dnscrypt-proxy[73552]: Dropping privileges Mar 24 12:06:25.259852 osdx dnscrypt-proxy[73552]: Network connectivity detected Mar 24 12:06:25.259883 osdx dnscrypt-proxy[73552]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:06:25.259887 osdx dnscrypt-proxy[73552]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:06:25.259909 osdx dnscrypt-proxy[73552]: Firefox workaround initialized Mar 24 12:06:25.259913 osdx dnscrypt-proxy[73552]: Loading the set of cloaking rules from [/tmp/tmpyc_taz1h] Mar 24 12:06:25.273603 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:25.307605 osdx dnscrypt-proxy[73552]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 24 12:06:25.307623 osdx dnscrypt-proxy[73552]: [RD] OK (DoH) - rtt: 15ms Mar 24 12:06:25.307633 osdx dnscrypt-proxy[73552]: Server with the lowest initial latency: RD (rtt: 15ms) Mar 24 12:06:25.307639 osdx dnscrypt-proxy[73552]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:06:25.423586 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 24 12:06:31.000171 osdx systemd-timedated[53052]: Changed local time to Tue 2026-03-24 12:06:31 UTC Mar 24 12:06:31.000874 osdx systemd-journald[1674]: Time jumped backwards, rotating. Mar 24 12:06:31.001583 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'set date 2026-03-24 12:06:31'. Mar 24 12:06:31.334241 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 2.6M, max 13.8M, 11.1M free. Mar 24 12:06:31.336867 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:06:31.336922 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:06:31.344843 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:06:31.561689 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:06:31.790655 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:31.867317 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:31.972400 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:32.044441 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:32.181341 osdx ubnt-cfgd[75231]: inactive Mar 24 12:06:32.204480 osdx INFO[75239]: FRR daemons did not change Mar 24 12:06:32.224877 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:06:32.303898 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:32.314716 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:32.342651 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:32.501423 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:06:32.650798 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:32.717356 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:06:32.822066 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:06:32.893104 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:06:32.985391 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:06:33.045929 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:06:33.145042 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 24 12:06:33.198830 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:06:33.312599 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:33.365763 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:33.478799 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:33.544166 osdx ubnt-cfgd[75400]: inactive Mar 24 12:06:33.564035 osdx INFO[75408]: FRR daemons did not change Mar 24 12:06:33.575797 osdx ca-certificates[75424]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:34.067692 osdx ubnt-cfgd[76422]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:34.075622 osdx ca-certificates[76428]: 1 added, 0 removed; done. Mar 24 12:06:34.078506 osdx ca-certificates[76434]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:34.081425 osdx ca-certificates[76436]: done. Mar 24 12:06:34.145221 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:34.146471 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:34.148693 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:34.165853 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:34.171823 osdx dnscrypt-proxy[76440]: dnscrypt-proxy 2.0.45 Mar 24 12:06:34.171879 osdx dnscrypt-proxy[76440]: Network connectivity detected Mar 24 12:06:34.172071 osdx dnscrypt-proxy[76440]: Dropping privileges Mar 24 12:06:34.174152 osdx dnscrypt-proxy[76440]: Network connectivity detected Mar 24 12:06:34.174179 osdx dnscrypt-proxy[76440]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:06:34.174184 osdx dnscrypt-proxy[76440]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:06:34.174204 osdx dnscrypt-proxy[76440]: Firefox workaround initialized Mar 24 12:06:34.174208 osdx dnscrypt-proxy[76440]: Loading the set of cloaking rules from [/tmp/tmpmcbpxkuk] Mar 24 12:06:34.211619 osdx dnscrypt-proxy[76440]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 24 12:06:34.211632 osdx dnscrypt-proxy[76440]: [RD] OK (DoH) - rtt: 12ms Mar 24 12:06:34.211639 osdx dnscrypt-proxy[76440]: Server with the lowest initial latency: RD (rtt: 12ms) Mar 24 12:06:34.211643 osdx dnscrypt-proxy[76440]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:06:34.345847 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 24 12:06:34.555402 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:06:34.556864 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:06:34.556924 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:06:34.566390 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:06:34.840830 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:34.898153 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:06:35.012229 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:06:35.071077 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:35.164804 osdx ubnt-cfgd[76490]: inactive Mar 24 12:06:35.185616 osdx dnscrypt-proxy[76440]: Stopped. Mar 24 12:06:35.185636 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:06:35.186328 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:06:35.186429 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:35.254923 osdx ca-certificates[76576]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:06:35.498860 osdx ca-certificates[77146]: done. Mar 24 12:06:35.502595 osdx ca-certificates[77158]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:35.950601 osdx ubnt-cfgd[78000]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:35.960622 osdx ca-certificates[78006]: 140 added, 0 removed; done. Mar 24 12:06:35.965036 osdx ca-certificates[78012]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:35.969027 osdx ca-certificates[78014]: done. Mar 24 12:06:35.989157 osdx INFO[78017]: FRR daemons did not change Mar 24 12:06:35.989416 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:35.991462 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:36.007142 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:37.345547 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:37.402473 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:06:37.501427 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:06:37.562396 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:06:37.670985 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:06:37.762464 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:06:37.825252 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 24 12:06:37.913563 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:06:37.996009 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:38.086912 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:38.156941 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:38.316421 osdx ubnt-cfgd[78051]: inactive Mar 24 12:06:38.343192 osdx INFO[78061]: FRR daemons did not change Mar 24 12:06:38.355116 osdx ca-certificates[78077]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:38.854186 osdx ubnt-cfgd[79075]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:38.861685 osdx ca-certificates[79080]: 1 added, 0 removed; done. Mar 24 12:06:38.864566 osdx ca-certificates[79087]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:38.867625 osdx ca-certificates[79089]: done. Mar 24 12:06:38.888875 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:06:39.017144 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:39.018592 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:39.029687 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:39.039333 osdx dnscrypt-proxy[79199]: dnscrypt-proxy 2.0.45 Mar 24 12:06:39.039392 osdx dnscrypt-proxy[79199]: Network connectivity detected Mar 24 12:06:39.039570 osdx dnscrypt-proxy[79199]: Dropping privileges Mar 24 12:06:39.042299 osdx dnscrypt-proxy[79199]: Network connectivity detected Mar 24 12:06:39.042332 osdx dnscrypt-proxy[79199]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:06:39.042338 osdx dnscrypt-proxy[79199]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:06:39.042363 osdx dnscrypt-proxy[79199]: Firefox workaround initialized Mar 24 12:06:39.042368 osdx dnscrypt-proxy[79199]: Loading the set of cloaking rules from [/tmp/tmpw7dj1mze] Mar 24 12:06:39.059889 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:39.087684 osdx dnscrypt-proxy[79199]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 24 12:06:39.087704 osdx dnscrypt-proxy[79199]: [RD] OK (DoH) - rtt: 17ms Mar 24 12:06:39.087715 osdx dnscrypt-proxy[79199]: Server with the lowest initial latency: RD (rtt: 17ms) Mar 24 12:06:39.087721 osdx dnscrypt-proxy[79199]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:06:39.234201 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 24 12:06:39.455601 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:06:39.456862 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:06:39.456910 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:06:39.465251 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:06:39.727296 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:39.785466 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:06:39.899150 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:06:39.958288 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:40.043858 osdx ubnt-cfgd[79267]: inactive Mar 24 12:06:40.065342 osdx dnscrypt-proxy[79199]: Stopped. Mar 24 12:06:40.065355 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:06:40.066328 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:06:40.066425 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:40.143401 osdx ca-certificates[79353]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:06:40.485748 osdx ca-certificates[79922]: done. Mar 24 12:06:40.488905 osdx ca-certificates[79932]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:40.926492 osdx ubnt-cfgd[80777]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:40.937322 osdx ca-certificates[80782]: 140 added, 0 removed; done. Mar 24 12:06:40.941172 osdx ca-certificates[80789]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:40.943808 osdx ca-certificates[80791]: done. Mar 24 12:06:40.958711 osdx INFO[80794]: FRR daemons did not change Mar 24 12:06:40.958986 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:40.961165 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:40.983471 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:42.238167 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:42.321065 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:06:42.418798 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:06:42.502454 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:06:42.605866 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:06:42.713075 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:06:42.779491 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 24 12:06:42.887531 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:06:42.985226 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:43.065008 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:43.133178 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:43.228109 osdx ubnt-cfgd[80828]: inactive Mar 24 12:06:43.252288 osdx INFO[80838]: FRR daemons did not change Mar 24 12:06:43.265607 osdx ca-certificates[80853]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:43.769750 osdx ubnt-cfgd[81852]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:43.777402 osdx ca-certificates[81857]: 1 added, 0 removed; done. Mar 24 12:06:43.780219 osdx ca-certificates[81864]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:43.784000 osdx ca-certificates[81866]: done. Mar 24 12:06:43.804872 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:06:43.949162 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:43.950185 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:43.963195 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:43.978568 osdx dnscrypt-proxy[81976]: dnscrypt-proxy 2.0.45 Mar 24 12:06:43.978630 osdx dnscrypt-proxy[81976]: Network connectivity detected Mar 24 12:06:43.978860 osdx dnscrypt-proxy[81976]: Dropping privileges Mar 24 12:06:43.982145 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:43.983327 osdx dnscrypt-proxy[81976]: Network connectivity detected Mar 24 12:06:43.983388 osdx dnscrypt-proxy[81976]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:06:43.983397 osdx dnscrypt-proxy[81976]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:06:43.983441 osdx dnscrypt-proxy[81976]: Firefox workaround initialized Mar 24 12:06:43.983449 osdx dnscrypt-proxy[81976]: Loading the set of cloaking rules from [/tmp/tmpbx0mp1a9] Mar 24 12:06:44.021473 osdx dnscrypt-proxy[81976]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:06:44.021492 osdx dnscrypt-proxy[81976]: [RD] OK (DoH) - rtt: 10ms Mar 24 12:06:44.021502 osdx dnscrypt-proxy[81976]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 24 12:06:44.021508 osdx dnscrypt-proxy[81976]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:06:44.132912 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 24 12:06:51.294960 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:06:51.298769 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:06:51.298844 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:06:51.304628 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:06:51.517372 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:06:51.746217 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:51.822388 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:51.909657 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:51.975120 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:52.072656 osdx ubnt-cfgd[83675]: inactive Mar 24 12:06:52.092887 osdx INFO[83683]: FRR daemons did not change Mar 24 12:06:52.118790 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:06:52.188157 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:52.199000 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:52.215001 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:52.361915 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:06:52.487936 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:06:52.555465 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:06:52.647085 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:06:52.708606 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:06:52.803767 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:06:52.862438 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:06:52.960798 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:06:53.021683 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:06:53.135368 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:06:53.189197 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:06:53.297134 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:06:53.365031 osdx ubnt-cfgd[83844]: inactive Mar 24 12:06:53.383857 osdx INFO[83852]: FRR daemons did not change Mar 24 12:06:53.397450 osdx ca-certificates[83867]: Updating certificates in /etc/ssl/certs... Mar 24 12:06:53.915033 osdx ubnt-cfgd[84866]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:06:53.924073 osdx ca-certificates[84871]: 1 added, 0 removed; done. Mar 24 12:06:53.927032 osdx ca-certificates[84878]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:06:53.929763 osdx ca-certificates[84880]: done. Mar 24 12:06:53.991130 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:06:53.992446 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:06:53.994845 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:06:54.013374 osdx dnscrypt-proxy[84884]: dnscrypt-proxy 2.0.45 Mar 24 12:06:54.013427 osdx dnscrypt-proxy[84884]: Network connectivity detected Mar 24 12:06:54.013603 osdx dnscrypt-proxy[84884]: Dropping privileges Mar 24 12:06:54.015793 osdx dnscrypt-proxy[84884]: Network connectivity detected Mar 24 12:06:54.015958 osdx dnscrypt-proxy[84884]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:06:54.015991 osdx dnscrypt-proxy[84884]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:06:54.016036 osdx dnscrypt-proxy[84884]: Firefox workaround initialized Mar 24 12:06:54.016065 osdx dnscrypt-proxy[84884]: Loading the set of cloaking rules from [/tmp/tmpjgj4sggz] Mar 24 12:06:54.016905 osdx dnscrypt-proxy[84884]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 24 12:06:54.025898 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:06:54.057494 osdx dnscrypt-proxy[84884]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:06:54.057509 osdx dnscrypt-proxy[84884]: [RD] OK (DoH) - rtt: 10ms Mar 24 12:06:54.057517 osdx dnscrypt-proxy[84884]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 24 12:06:54.057521 osdx dnscrypt-proxy[84884]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 24 12:07:01.346375 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 2.2M, max 13.8M, 11.5M free. Mar 24 12:07:01.349739 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:01.349791 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:01.355916 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:01.567851 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:07:01.786500 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:01.866602 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:01.953018 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:02.052048 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:02.110344 osdx ubnt-cfgd[86558]: inactive Mar 24 12:07:02.130241 osdx INFO[86566]: FRR daemons did not change Mar 24 12:07:02.153734 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:02.226018 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:02.237202 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:02.265704 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:02.413464 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:07:02.543018 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:02.603797 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:02.702128 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:02.766814 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:02.859943 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:02.953061 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:03.007453 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:07:03.094994 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:03.164434 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:03.253007 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:03.321138 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:03.422159 osdx ubnt-cfgd[86730]: inactive Mar 24 12:07:03.441137 osdx INFO[86738]: FRR daemons did not change Mar 24 12:07:03.453270 osdx ca-certificates[86754]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:03.957787 osdx ubnt-cfgd[87752]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:03.967964 osdx ca-certificates[87758]: 1 added, 0 removed; done. Mar 24 12:07:03.971671 osdx ca-certificates[87764]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:03.974618 osdx ca-certificates[87766]: done. Mar 24 12:07:04.050078 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:04.051420 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:04.053973 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:04.073844 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:04.079934 osdx dnscrypt-proxy[87770]: dnscrypt-proxy 2.0.45 Mar 24 12:07:04.080009 osdx dnscrypt-proxy[87770]: Network connectivity detected Mar 24 12:07:04.080241 osdx dnscrypt-proxy[87770]: Dropping privileges Mar 24 12:07:04.082863 osdx dnscrypt-proxy[87770]: Network connectivity detected Mar 24 12:07:04.082907 osdx dnscrypt-proxy[87770]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:04.082912 osdx dnscrypt-proxy[87770]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:04.082940 osdx dnscrypt-proxy[87770]: Firefox workaround initialized Mar 24 12:07:04.082944 osdx dnscrypt-proxy[87770]: Loading the set of cloaking rules from [/tmp/tmpuuxmo96y] Mar 24 12:07:04.083845 osdx dnscrypt-proxy[87770]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 24 12:07:04.116790 osdx dnscrypt-proxy[87770]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:07:04.116809 osdx dnscrypt-proxy[87770]: [RD] OK (DoH) - rtt: 10ms Mar 24 12:07:04.116819 osdx dnscrypt-proxy[87770]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 24 12:07:04.116825 osdx dnscrypt-proxy[87770]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 24 12:07:04.317049 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:04.317733 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:04.317764 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:04.328048 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:04.583915 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:04.641459 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:04.751423 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:04.811237 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:04.912364 osdx ubnt-cfgd[87816]: inactive Mar 24 12:07:04.931864 osdx dnscrypt-proxy[87770]: Stopped. Mar 24 12:07:04.931901 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:04.932519 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:04.932613 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:05.002871 osdx ca-certificates[87902]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:05.260200 osdx ca-certificates[88471]: done. Mar 24 12:07:05.263972 osdx ca-certificates[88481]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:05.703367 osdx ubnt-cfgd[89326]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:05.714608 osdx ca-certificates[89332]: 140 added, 0 removed; done. Mar 24 12:07:05.717754 osdx ca-certificates[89338]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:05.720849 osdx ca-certificates[89340]: done. Mar 24 12:07:05.736404 osdx INFO[89343]: FRR daemons did not change Mar 24 12:07:05.736675 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:05.739100 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:05.756772 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:06.974571 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:07.038754 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:07.130849 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:07.198936 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:07.300174 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:07.607773 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:07.665992 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 24 12:07:07.774478 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:07.852858 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:07.932819 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:08.000960 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:08.101385 osdx ubnt-cfgd[89377]: inactive Mar 24 12:07:08.125374 osdx INFO[89387]: FRR daemons did not change Mar 24 12:07:08.140109 osdx ca-certificates[89403]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:08.654078 osdx ubnt-cfgd[90401]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:08.664231 osdx ca-certificates[90407]: 1 added, 0 removed; done. Mar 24 12:07:08.667545 osdx ca-certificates[90413]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:08.671394 osdx ca-certificates[90415]: done. Mar 24 12:07:08.689753 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:08.846098 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:08.847436 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:08.862281 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:08.877857 osdx dnscrypt-proxy[90525]: dnscrypt-proxy 2.0.45 Mar 24 12:07:08.877935 osdx dnscrypt-proxy[90525]: Network connectivity detected Mar 24 12:07:08.878176 osdx dnscrypt-proxy[90525]: Dropping privileges Mar 24 12:07:08.881049 osdx dnscrypt-proxy[90525]: Network connectivity detected Mar 24 12:07:08.881297 osdx dnscrypt-proxy[90525]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:08.881353 osdx dnscrypt-proxy[90525]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:08.881420 osdx dnscrypt-proxy[90525]: Firefox workaround initialized Mar 24 12:07:08.881471 osdx dnscrypt-proxy[90525]: Loading the set of cloaking rules from [/tmp/tmpwdm9_7t0] Mar 24 12:07:08.882556 osdx dnscrypt-proxy[90525]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 24 12:07:08.891137 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:08.933390 osdx dnscrypt-proxy[90525]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:07:08.933403 osdx dnscrypt-proxy[90525]: [RD] OK (DoH) - rtt: 12ms Mar 24 12:07:08.933453 osdx dnscrypt-proxy[90525]: Server with the lowest initial latency: RD (rtt: 12ms) Mar 24 12:07:08.933459 osdx dnscrypt-proxy[90525]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 24 12:07:09.136307 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:09.137742 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:09.137799 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:09.146567 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:09.515012 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:09.588376 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:09.737067 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:09.846981 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:09.929044 osdx ubnt-cfgd[90590]: inactive Mar 24 12:07:09.955290 osdx dnscrypt-proxy[90525]: Stopped. Mar 24 12:07:09.955349 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:09.956288 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:09.956417 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:10.042325 osdx ca-certificates[90676]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:10.323212 osdx ca-certificates[91245]: done. Mar 24 12:07:10.327269 osdx ca-certificates[91254]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:10.828540 osdx ubnt-cfgd[92100]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:10.838635 osdx ca-certificates[92105]: 140 added, 0 removed; done. Mar 24 12:07:10.842261 osdx ca-certificates[92112]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:10.846036 osdx ca-certificates[92114]: done. Mar 24 12:07:10.863262 osdx INFO[92117]: FRR daemons did not change Mar 24 12:07:10.863729 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:10.889737 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:10.926945 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:12.184898 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:12.245592 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:12.349112 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:12.421390 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:12.547843 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:12.613579 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:12.731331 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:07:12.799485 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 24 12:07:12.920213 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:13.014641 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:13.145744 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:13.223277 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:13.329706 osdx ubnt-cfgd[92154]: inactive Mar 24 12:07:13.352180 osdx INFO[92164]: FRR daemons did not change Mar 24 12:07:13.366151 osdx ca-certificates[92180]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:13.857691 osdx ubnt-cfgd[93178]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:13.865072 osdx ca-certificates[93183]: 1 added, 0 removed; done. Mar 24 12:07:13.867928 osdx ca-certificates[93190]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:13.870779 osdx ca-certificates[93192]: done. Mar 24 12:07:13.889730 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:14.014006 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:14.015095 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:14.027005 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:14.044364 osdx dnscrypt-proxy[93302]: dnscrypt-proxy 2.0.45 Mar 24 12:07:14.044436 osdx dnscrypt-proxy[93302]: Network connectivity detected Mar 24 12:07:14.044669 osdx dnscrypt-proxy[93302]: Dropping privileges Mar 24 12:07:14.047303 osdx dnscrypt-proxy[93302]: Network connectivity detected Mar 24 12:07:14.047339 osdx dnscrypt-proxy[93302]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:14.047344 osdx dnscrypt-proxy[93302]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:14.047368 osdx dnscrypt-proxy[93302]: Firefox workaround initialized Mar 24 12:07:14.047373 osdx dnscrypt-proxy[93302]: Loading the set of cloaking rules from [/tmp/tmp4qv1mm7o] Mar 24 12:07:14.048149 osdx dnscrypt-proxy[93302]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 24 12:07:14.064764 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:14.095470 osdx dnscrypt-proxy[93302]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:07:14.095484 osdx dnscrypt-proxy[93302]: [RD] OK (DoH) - rtt: 11ms Mar 24 12:07:14.095493 osdx dnscrypt-proxy[93302]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:07:14.095498 osdx dnscrypt-proxy[93302]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 24 12:07:21.307020 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:21.307603 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:21.307644 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:21.316524 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:21.530395 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 12:07:21.752335 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:21.829925 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:21.942362 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:22.004876 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:22.101486 osdx ubnt-cfgd[94997]: inactive Mar 24 12:07:22.122982 osdx INFO[95005]: FRR daemons did not change Mar 24 12:07:22.143139 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:22.223428 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:22.234577 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:22.250936 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:22.420582 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 12:07:22.561014 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:22.622278 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:22.727277 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:22.793802 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:22.889631 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:22.949063 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:23.089082 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:07:23.151450 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 24 12:07:23.257909 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:23.370344 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:23.434400 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:23.562269 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:23.639796 osdx ubnt-cfgd[95169]: inactive Mar 24 12:07:23.661592 osdx INFO[95177]: FRR daemons did not change Mar 24 12:07:23.674714 osdx ca-certificates[95192]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:24.195979 osdx ubnt-cfgd[96191]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:24.204004 osdx ca-certificates[96197]: 1 added, 0 removed; done. Mar 24 12:07:24.207874 osdx ca-certificates[96203]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:24.210998 osdx ca-certificates[96205]: done. Mar 24 12:07:24.291662 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:24.293161 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:24.295456 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:24.318278 osdx dnscrypt-proxy[96209]: dnscrypt-proxy 2.0.45 Mar 24 12:07:24.318344 osdx dnscrypt-proxy[96209]: Network connectivity detected Mar 24 12:07:24.318557 osdx dnscrypt-proxy[96209]: Dropping privileges Mar 24 12:07:24.321243 osdx dnscrypt-proxy[96209]: Network connectivity detected Mar 24 12:07:24.321282 osdx dnscrypt-proxy[96209]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:24.321293 osdx dnscrypt-proxy[96209]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:24.321323 osdx dnscrypt-proxy[96209]: Firefox workaround initialized Mar 24 12:07:24.321328 osdx dnscrypt-proxy[96209]: Loading the set of cloaking rules from [/tmp/tmpo3dh0eum] Mar 24 12:07:24.346701 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:24.361611 osdx dnscrypt-proxy[96209]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 24 12:07:24.361678 osdx dnscrypt-proxy[96209]: [RD] OK (DoH) - rtt: 13ms Mar 24 12:07:24.361688 osdx dnscrypt-proxy[96209]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 24 12:07:24.361692 osdx dnscrypt-proxy[96209]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:24.486202 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 24 12:07:24.686352 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:24.687141 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:24.687186 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:24.697478 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:24.966954 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:25.025053 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:25.142850 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:25.209629 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:25.311375 osdx ubnt-cfgd[96258]: inactive Mar 24 12:07:25.333531 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:25.333540 osdx dnscrypt-proxy[96209]: Stopped. Mar 24 12:07:25.334433 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:25.334531 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:25.410147 osdx ca-certificates[96344]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:25.703202 osdx ca-certificates[96913]: done. Mar 24 12:07:25.707505 osdx ca-certificates[96922]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:26.128986 osdx ubnt-cfgd[97768]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:26.139874 osdx ca-certificates[97774]: 140 added, 0 removed; done. Mar 24 12:07:26.142732 osdx ca-certificates[97780]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:26.145538 osdx ca-certificates[97782]: done. Mar 24 12:07:26.160302 osdx INFO[97785]: FRR daemons did not change Mar 24 12:07:26.160597 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:26.162548 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:26.181258 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:27.462743 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:27.527496 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:27.623952 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:27.689269 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:27.787583 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:27.878756 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:27.935342 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:07:28.040738 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 24 12:07:28.093061 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:28.211099 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:28.264082 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:28.373823 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:28.440162 osdx ubnt-cfgd[97822]: inactive Mar 24 12:07:28.463555 osdx INFO[97832]: FRR daemons did not change Mar 24 12:07:28.475330 osdx ca-certificates[97848]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:28.956393 osdx ubnt-cfgd[98846]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:28.965253 osdx ca-certificates[98852]: 1 added, 0 removed; done. Mar 24 12:07:28.969165 osdx ca-certificates[98858]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:28.972346 osdx ca-certificates[98860]: done. Mar 24 12:07:29.019161 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:29.151409 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:29.153045 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:29.164885 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:29.177899 osdx dnscrypt-proxy[98970]: dnscrypt-proxy 2.0.45 Mar 24 12:07:29.177955 osdx dnscrypt-proxy[98970]: Network connectivity detected Mar 24 12:07:29.178125 osdx dnscrypt-proxy[98970]: Dropping privileges Mar 24 12:07:29.180732 osdx dnscrypt-proxy[98970]: Network connectivity detected Mar 24 12:07:29.180778 osdx dnscrypt-proxy[98970]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:29.180785 osdx dnscrypt-proxy[98970]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:29.180816 osdx dnscrypt-proxy[98970]: Firefox workaround initialized Mar 24 12:07:29.180823 osdx dnscrypt-proxy[98970]: Loading the set of cloaking rules from [/tmp/tmpaprtbasp] Mar 24 12:07:29.182179 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:29.222686 osdx dnscrypt-proxy[98970]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 24 12:07:29.222706 osdx dnscrypt-proxy[98970]: [RD] OK (DoH) - rtt: 11ms Mar 24 12:07:29.222716 osdx dnscrypt-proxy[98970]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:07:29.222721 osdx dnscrypt-proxy[98970]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:29.330988 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 24 12:07:29.521052 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:29.523130 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:29.523183 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:29.530368 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:29.795518 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:29.852523 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:29.953919 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:30.024979 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:30.114309 osdx ubnt-cfgd[99038]: inactive Mar 24 12:07:30.136967 osdx dnscrypt-proxy[98970]: Stopped. Mar 24 12:07:30.137003 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:30.137794 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:30.137905 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:30.227726 osdx ca-certificates[99124]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:30.489117 osdx ca-certificates[99693]: done. Mar 24 12:07:30.493917 osdx ca-certificates[99702]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:30.920912 osdx ubnt-cfgd[100548]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:30.931704 osdx ca-certificates[100554]: 140 added, 0 removed; done. Mar 24 12:07:30.934601 osdx ca-certificates[100560]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:30.937447 osdx ca-certificates[100562]: done. Mar 24 12:07:30.951909 osdx INFO[100565]: FRR daemons did not change Mar 24 12:07:30.952145 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:30.954224 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:30.970893 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:32.284662 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:32.365701 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:32.436353 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:32.545583 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:32.601323 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:32.701476 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:32.759049 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 24 12:07:32.856043 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 24 12:07:32.908208 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:33.021676 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:33.075209 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:33.197852 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:33.265106 osdx ubnt-cfgd[100602]: inactive Mar 24 12:07:33.292763 osdx INFO[100612]: FRR daemons did not change Mar 24 12:07:33.307705 osdx ca-certificates[100628]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:33.823555 osdx ubnt-cfgd[101626]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:33.831048 osdx ca-certificates[101632]: 1 added, 0 removed; done. Mar 24 12:07:33.833838 osdx ca-certificates[101638]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:33.836749 osdx ca-certificates[101640]: done. Mar 24 12:07:33.859158 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:33.991385 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:33.992563 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:34.010271 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:34.033330 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:34.035082 osdx dnscrypt-proxy[101750]: dnscrypt-proxy 2.0.45 Mar 24 12:07:34.035164 osdx dnscrypt-proxy[101750]: Network connectivity detected Mar 24 12:07:34.035362 osdx dnscrypt-proxy[101750]: Dropping privileges Mar 24 12:07:34.037563 osdx dnscrypt-proxy[101750]: Network connectivity detected Mar 24 12:07:34.037589 osdx dnscrypt-proxy[101750]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:34.037593 osdx dnscrypt-proxy[101750]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:34.037614 osdx dnscrypt-proxy[101750]: Firefox workaround initialized Mar 24 12:07:34.037618 osdx dnscrypt-proxy[101750]: Loading the set of cloaking rules from [/tmp/tmpso4dubla] Mar 24 12:07:34.076020 osdx dnscrypt-proxy[101750]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:07:34.076040 osdx dnscrypt-proxy[101750]: [RD] OK (DoH) - rtt: 10ms Mar 24 12:07:34.076049 osdx dnscrypt-proxy[101750]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 24 12:07:34.076055 osdx dnscrypt-proxy[101750]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:34.202071 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 24 12:07:34.411660 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:34.415127 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:34.415177 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:34.420832 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:34.724766 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:34.786056 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:34.894644 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:34.961509 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:35.050938 osdx ubnt-cfgd[101819]: inactive Mar 24 12:07:35.071055 osdx dnscrypt-proxy[101750]: Stopped. Mar 24 12:07:35.071056 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:35.072133 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:35.072234 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:35.144938 osdx ca-certificates[101905]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:35.446322 osdx ca-certificates[102475]: done. Mar 24 12:07:35.450460 osdx ca-certificates[102487]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:35.871597 osdx ubnt-cfgd[103329]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:35.879183 osdx ca-certificates[103335]: 140 added, 0 removed; done. Mar 24 12:07:35.882024 osdx ca-certificates[103341]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:35.884705 osdx ca-certificates[103343]: done. Mar 24 12:07:35.898998 osdx INFO[103346]: FRR daemons did not change Mar 24 12:07:35.899235 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:35.900973 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:35.917275 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:37.283226 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:37.339506 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:37.438504 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:37.510041 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:37.604123 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:37.706198 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:37.768173 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 24 12:07:37.874810 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 24 12:07:37.926869 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:38.049367 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:38.103411 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:38.212918 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:38.277536 osdx ubnt-cfgd[103385]: inactive Mar 24 12:07:38.300254 osdx INFO[103395]: FRR daemons did not change Mar 24 12:07:38.313574 osdx ca-certificates[103411]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:38.801200 osdx ubnt-cfgd[104409]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:38.810373 osdx ca-certificates[104415]: 1 added, 0 removed; done. Mar 24 12:07:38.813249 osdx ca-certificates[104421]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:38.816164 osdx ca-certificates[104423]: done. Mar 24 12:07:38.839129 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:38.999488 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:39.000978 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:39.015112 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:39.026636 osdx dnscrypt-proxy[104533]: dnscrypt-proxy 2.0.45 Mar 24 12:07:39.026691 osdx dnscrypt-proxy[104533]: Network connectivity detected Mar 24 12:07:39.026888 osdx dnscrypt-proxy[104533]: Dropping privileges Mar 24 12:07:39.028928 osdx dnscrypt-proxy[104533]: Network connectivity detected Mar 24 12:07:39.028960 osdx dnscrypt-proxy[104533]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:39.028964 osdx dnscrypt-proxy[104533]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:39.028983 osdx dnscrypt-proxy[104533]: Firefox workaround initialized Mar 24 12:07:39.028987 osdx dnscrypt-proxy[104533]: Loading the set of cloaking rules from [/tmp/tmpgs7asgjy] Mar 24 12:07:39.034090 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:39.068298 osdx dnscrypt-proxy[104533]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 24 12:07:39.068314 osdx dnscrypt-proxy[104533]: [RD] OK (DoH) - rtt: 10ms Mar 24 12:07:39.068322 osdx dnscrypt-proxy[104533]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 24 12:07:39.068328 osdx dnscrypt-proxy[104533]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:39.221539 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 24 12:07:39.452704 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:39.455130 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:39.455206 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:39.464313 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:39.774910 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:39.838086 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:39.949366 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:40.032013 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:40.118407 osdx ubnt-cfgd[104603]: inactive Mar 24 12:07:40.139873 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:40.139939 osdx dnscrypt-proxy[104533]: Stopped. Mar 24 12:07:40.140897 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:40.141001 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:40.207487 osdx ca-certificates[104689]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:40.469361 osdx ca-certificates[105258]: done. Mar 24 12:07:40.472999 osdx ca-certificates[105267]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:40.899639 osdx ubnt-cfgd[106113]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:40.907999 osdx ca-certificates[106119]: 140 added, 0 removed; done. Mar 24 12:07:40.910740 osdx ca-certificates[106125]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:40.913469 osdx ca-certificates[106127]: done. Mar 24 12:07:40.928315 osdx INFO[106130]: FRR daemons did not change Mar 24 12:07:40.928795 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:40.930974 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:40.947920 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:42.288744 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:42.348400 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:42.449659 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:42.518668 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:42.614181 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:42.692380 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:42.749627 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 24 12:07:42.848868 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 24 12:07:42.902645 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:43.017432 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:43.070969 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:43.186022 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:43.259325 osdx ubnt-cfgd[106167]: inactive Mar 24 12:07:43.283044 osdx INFO[106177]: FRR daemons did not change Mar 24 12:07:43.296471 osdx ca-certificates[106193]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:43.797466 osdx ubnt-cfgd[107191]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:43.804735 osdx ca-certificates[107197]: 1 added, 0 removed; done. Mar 24 12:07:43.807442 osdx ca-certificates[107203]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:43.810877 osdx ca-certificates[107205]: done. Mar 24 12:07:43.831139 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:43.967412 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:43.968533 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:43.979703 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:43.997307 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:44.000318 osdx dnscrypt-proxy[107315]: dnscrypt-proxy 2.0.45 Mar 24 12:07:44.000394 osdx dnscrypt-proxy[107315]: Network connectivity detected Mar 24 12:07:44.000627 osdx dnscrypt-proxy[107315]: Dropping privileges Mar 24 12:07:44.003160 osdx dnscrypt-proxy[107315]: Network connectivity detected Mar 24 12:07:44.003190 osdx dnscrypt-proxy[107315]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:44.003194 osdx dnscrypt-proxy[107315]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:44.003213 osdx dnscrypt-proxy[107315]: Firefox workaround initialized Mar 24 12:07:44.003217 osdx dnscrypt-proxy[107315]: Loading the set of cloaking rules from [/tmp/tmp4zkmkynj] Mar 24 12:07:44.040488 osdx dnscrypt-proxy[107315]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 24 12:07:44.040507 osdx dnscrypt-proxy[107315]: [RD] OK (DoH) - rtt: 11ms Mar 24 12:07:44.040517 osdx dnscrypt-proxy[107315]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:07:44.040523 osdx dnscrypt-proxy[107315]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:44.146373 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 24 12:07:44.364647 osdx systemd-journald[1674]: Runtime Journal (/run/log/journal/aec016c8ce304ac68362b205c4156884) is 1.8M, max 13.8M, 11.9M free. Mar 24 12:07:44.367130 osdx systemd-journald[1674]: Received client request to rotate journal, rotating. Mar 24 12:07:44.367179 osdx systemd-journald[1674]: Vacuuming done, freed 0B of archived journals from /run/log/journal/aec016c8ce304ac68362b205c4156884. Mar 24 12:07:44.374866 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'system journal clear'. Mar 24 12:07:44.682451 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:44.762835 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'delete '. Mar 24 12:07:44.834121 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 24 12:07:44.949622 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:45.008795 osdx ubnt-cfgd[107383]: inactive Mar 24 12:07:45.029380 osdx dnscrypt-proxy[107315]: Stopped. Mar 24 12:07:45.029412 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 24 12:07:45.030456 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 24 12:07:45.030575 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:45.103612 osdx ca-certificates[107469]: Clearing symlinks in /etc/ssl/certs... Mar 24 12:07:45.376031 osdx ca-certificates[108038]: done. Mar 24 12:07:45.379915 osdx ca-certificates[108048]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:45.790126 osdx ubnt-cfgd[108893]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:45.798906 osdx ca-certificates[108899]: 140 added, 0 removed; done. Mar 24 12:07:45.801752 osdx ca-certificates[108905]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:45.804528 osdx ca-certificates[108907]: done. Mar 24 12:07:45.821077 osdx INFO[108910]: FRR daemons did not change Mar 24 12:07:45.821501 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:45.823286 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:45.839050 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:47.231773 osdx OSDxCLI[2595]: User 'admin' entered the configuration menu. Mar 24 12:07:47.306791 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 24 12:07:47.396718 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 24 12:07:47.522149 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 24 12:07:47.579426 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 24 12:07:47.674566 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Mar 24 12:07:47.731220 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 24 12:07:47.831221 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 24 12:07:47.886048 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 24 12:07:48.002535 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 12:07:48.058809 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 12:07:48.169778 osdx OSDxCLI[2595]: User 'admin' added a new cfg line: 'show working'. Mar 24 12:07:48.240652 osdx ubnt-cfgd[108947]: inactive Mar 24 12:07:48.272413 osdx INFO[108957]: FRR daemons did not change Mar 24 12:07:48.286182 osdx ca-certificates[108973]: Updating certificates in /etc/ssl/certs... Mar 24 12:07:48.777976 osdx ubnt-cfgd[109971]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 24 12:07:48.785395 osdx ca-certificates[109976]: 1 added, 0 removed; done. Mar 24 12:07:48.788172 osdx ca-certificates[109983]: Running hooks in /etc/ca-certificates/update.d... Mar 24 12:07:48.790955 osdx ca-certificates[109985]: done. Mar 24 12:07:48.811133 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 12:07:48.955383 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 24 12:07:48.956368 osdx cfgd[1472]: [2595]Completed change to active configuration Mar 24 12:07:48.975865 osdx OSDxCLI[2595]: User 'admin' committed the configuration. Mar 24 12:07:48.993462 osdx dnscrypt-proxy[110095]: dnscrypt-proxy 2.0.45 Mar 24 12:07:48.993526 osdx dnscrypt-proxy[110095]: Network connectivity detected Mar 24 12:07:48.993699 osdx dnscrypt-proxy[110095]: Dropping privileges Mar 24 12:07:48.996019 osdx dnscrypt-proxy[110095]: Network connectivity detected Mar 24 12:07:48.996046 osdx dnscrypt-proxy[110095]: Now listening to 127.0.0.1:53 [UDP] Mar 24 12:07:48.996050 osdx dnscrypt-proxy[110095]: Now listening to 127.0.0.1:53 [TCP] Mar 24 12:07:48.996070 osdx dnscrypt-proxy[110095]: Firefox workaround initialized Mar 24 12:07:48.996074 osdx dnscrypt-proxy[110095]: Loading the set of cloaking rules from [/tmp/tmp6nklc3gl] Mar 24 12:07:49.016229 osdx OSDxCLI[2595]: User 'admin' left the configuration menu. Mar 24 12:07:49.036451 osdx dnscrypt-proxy[110095]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 24 12:07:49.036467 osdx dnscrypt-proxy[110095]: [RD] OK (DoH) - rtt: 11ms Mar 24 12:07:49.036474 osdx dnscrypt-proxy[110095]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 24 12:07:49.036478 osdx dnscrypt-proxy[110095]: dnscrypt-proxy is ready - live servers: 1 Mar 24 12:07:49.171467 osdx OSDxCLI[2595]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.