Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 20 15:40:00.000205 osdx systemd-timedated[409461]: Changed local time to Fri 2025-06-20 15:40:00 UTC
Jun 20 15:40:00.000664 osdx systemd-journald[210303]: Time jumped backwards, rotating.
Jun 20 15:40:00.001433 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:40:00'.
Jun 20 15:40:00.302106 osdx sudo[435197]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:00.305177 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 3.8M, max 15.3M, 11.5M free.
Jun 20 15:40:00.308651 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:00.308729 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:00.310069 osdx sudo[435196]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:00.316819 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:00.545945 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 15:40:00.839994 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:00.942292 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:01.001668 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:01.175582 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:01.296407 osdx ubnt-cfgd[435221]: inactive
Jun 20 15:40:01.316806 osdx INFO[435229]: FRR daemons did not change
Jun 20 15:40:01.340670 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:01.352201 osdx CRON[435268]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:01.428486 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:01.442495 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:01.460145 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:01.609454 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 20 15:40:01.782959 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:01.901775 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:02.002055 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:02.075043 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:02.168384 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:02.271040 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:02.328853 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 20 15:40:02.426122 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:02.547932 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:02.601191 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:02.720137 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:02.791618 osdx ubnt-cfgd[435393]: inactive
Jun 20 15:40:02.811225 osdx INFO[435401]: FRR daemons did not change
Jun 20 15:40:02.814954 osdx sudo[435404]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:02.823049 osdx ca-certificates[435417]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:03.323461 osdx ubnt-cfgd[436415]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:03.330546 osdx ca-certificates[436421]: 1 added, 0 removed; done.
Jun 20 15:40:03.333322 osdx ca-certificates[436427]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:03.337048 osdx ca-certificates[436429]: done.
Jun 20 15:40:03.400926 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:03.402049 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:03.425976 osdx dnscrypt-proxy[436433]: dnscrypt-proxy 2.0.45
Jun 20 15:40:03.426033 osdx dnscrypt-proxy[436433]: Network connectivity detected
Jun 20 15:40:03.426208 osdx dnscrypt-proxy[436433]: Dropping privileges
Jun 20 15:40:03.428400 osdx dnscrypt-proxy[436433]: Network connectivity detected
Jun 20 15:40:03.428427 osdx dnscrypt-proxy[436433]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:03.428431 osdx dnscrypt-proxy[436433]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:03.428450 osdx dnscrypt-proxy[436433]: Firefox workaround initialized
Jun 20 15:40:03.428453 osdx dnscrypt-proxy[436433]: Loading the set of cloaking rules from [/tmp/tmps3nvvms3]
Jun 20 15:40:03.449387 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:03.466358 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:03.566664 osdx dnscrypt-proxy[436433]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 20 15:40:03.566683 osdx dnscrypt-proxy[436433]: [RD] OK (DoH) - rtt: 116ms
Jun 20 15:40:03.566695 osdx dnscrypt-proxy[436433]: Server with the lowest initial latency: RD (rtt: 116ms)
Jun 20 15:40:03.566701 osdx dnscrypt-proxy[436433]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:40:03.615158 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 20 15:40:10.000164 osdx systemd-timedated[409461]: Changed local time to Fri 2025-06-20 15:40:10 UTC
Jun 20 15:40:10.000752 osdx systemd-journald[210303]: Time jumped backwards, rotating.
Jun 20 15:40:10.001672 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:40:10'.
Jun 20 15:40:10.313458 osdx sudo[438093]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:10.316512 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.8M, max 15.3M, 12.5M free.
Jun 20 15:40:10.316948 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:10.316979 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:10.321438 osdx sudo[438092]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:10.327146 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:10.542667 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 15:40:10.789792 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:10.869533 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:10.960103 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:11.035070 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:11.152329 osdx ubnt-cfgd[438117]: inactive
Jun 20 15:40:11.172453 osdx INFO[438125]: FRR daemons did not change
Jun 20 15:40:11.192724 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:11.262394 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:11.275942 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:11.306603 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:11.492370 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 20 15:40:11.664306 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:11.733265 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:11.847355 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:11.935962 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:12.093613 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:12.154521 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:12.256852 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 20 15:40:12.311590 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:12.423459 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:12.477058 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:12.601529 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:12.672881 osdx ubnt-cfgd[438286]: inactive
Jun 20 15:40:12.701671 osdx INFO[438294]: FRR daemons did not change
Jun 20 15:40:12.706732 osdx sudo[438297]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:12.715717 osdx ca-certificates[438310]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:13.221209 osdx ubnt-cfgd[439308]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:13.228948 osdx ca-certificates[439314]: 1 added, 0 removed; done.
Jun 20 15:40:13.231830 osdx ca-certificates[439320]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:13.234557 osdx ca-certificates[439322]: done.
Jun 20 15:40:13.301243 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:13.302668 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:13.304972 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:13.322750 osdx dnscrypt-proxy[439326]: dnscrypt-proxy 2.0.45
Jun 20 15:40:13.323164 osdx dnscrypt-proxy[439326]: Network connectivity detected
Jun 20 15:40:13.323479 osdx dnscrypt-proxy[439326]: Dropping privileges
Jun 20 15:40:13.326669 osdx dnscrypt-proxy[439326]: Network connectivity detected
Jun 20 15:40:13.326704 osdx dnscrypt-proxy[439326]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:13.326708 osdx dnscrypt-proxy[439326]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:13.326731 osdx dnscrypt-proxy[439326]: Firefox workaround initialized
Jun 20 15:40:13.326735 osdx dnscrypt-proxy[439326]: Loading the set of cloaking rules from [/tmp/tmpqfbu_c1a]
Jun 20 15:40:13.330219 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:13.468924 osdx dnscrypt-proxy[439326]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 20 15:40:13.468939 osdx dnscrypt-proxy[439326]: [RD] OK (DoH) - rtt: 115ms
Jun 20 15:40:13.468947 osdx dnscrypt-proxy[439326]: Server with the lowest initial latency: RD (rtt: 115ms)
Jun 20 15:40:13.468952 osdx dnscrypt-proxy[439326]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:40:13.484458 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 20 15:40:13.691072 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.5M, max 15.3M, 12.7M free.
Jun 20 15:40:13.692727 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:13.692797 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:13.695611 osdx sudo[439358]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:13.703523 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:14.055656 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:14.130383 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:40:14.273353 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:40:14.335579 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:14.448013 osdx ubnt-cfgd[439378]: inactive
Jun 20 15:40:14.469452 osdx dnscrypt-proxy[439326]: Stopped.
Jun 20 15:40:14.469536 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:40:14.470854 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:40:14.470982 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:14.539521 osdx sudo[439448]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:14.549325 osdx ca-certificates[439464]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:40:14.856729 osdx ca-certificates[440033]: done.
Jun 20 15:40:14.861376 osdx ca-certificates[440043]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:15.330152 osdx ubnt-cfgd[440888]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:15.339287 osdx ca-certificates[440894]: 140 added, 0 removed; done.
Jun 20 15:40:15.342204 osdx ca-certificates[440900]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:15.345829 osdx ca-certificates[440902]: done.
Jun 20 15:40:15.361043 osdx INFO[440905]: FRR daemons did not change
Jun 20 15:40:15.361304 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:15.363912 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:15.381454 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:16.712901 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:16.784652 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:16.888474 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:16.978680 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:17.082183 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:17.199767 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:17.275246 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 20 15:40:17.415508 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:17.500712 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:17.599234 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:17.707674 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:17.804808 osdx ubnt-cfgd[440939]: inactive
Jun 20 15:40:17.831193 osdx INFO[440949]: FRR daemons did not change
Jun 20 15:40:17.835038 osdx sudo[440952]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:17.844069 osdx ca-certificates[440964]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:18.374230 osdx ubnt-cfgd[441963]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:18.381622 osdx ca-certificates[441969]: 1 added, 0 removed; done.
Jun 20 15:40:18.384765 osdx ca-certificates[441975]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:18.387584 osdx ca-certificates[441977]: done.
Jun 20 15:40:18.408725 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:18.557090 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:18.558576 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:18.573856 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:18.583456 osdx dnscrypt-proxy[442087]: dnscrypt-proxy 2.0.45
Jun 20 15:40:18.583527 osdx dnscrypt-proxy[442087]: Network connectivity detected
Jun 20 15:40:18.583747 osdx dnscrypt-proxy[442087]: Dropping privileges
Jun 20 15:40:18.586253 osdx dnscrypt-proxy[442087]: Network connectivity detected
Jun 20 15:40:18.586286 osdx dnscrypt-proxy[442087]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:18.586291 osdx dnscrypt-proxy[442087]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:18.586314 osdx dnscrypt-proxy[442087]: Firefox workaround initialized
Jun 20 15:40:18.586319 osdx dnscrypt-proxy[442087]: Loading the set of cloaking rules from [/tmp/tmpq3nkmx9h]
Jun 20 15:40:18.593220 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:18.723806 osdx dnscrypt-proxy[442087]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 20 15:40:18.723820 osdx dnscrypt-proxy[442087]: [RD] OK (DoH) - rtt: 108ms
Jun 20 15:40:18.723827 osdx dnscrypt-proxy[442087]: Server with the lowest initial latency: RD (rtt: 108ms)
Jun 20 15:40:18.723831 osdx dnscrypt-proxy[442087]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:40:18.750300 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 20 15:40:19.021295 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.2M free.
Jun 20 15:40:19.024720 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:19.024774 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:19.026544 osdx sudo[442137]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:19.032118 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:19.312272 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:19.373951 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:40:19.504040 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:40:19.588215 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:19.684559 osdx ubnt-cfgd[442157]: inactive
Jun 20 15:40:19.704977 osdx dnscrypt-proxy[442087]: Stopped.
Jun 20 15:40:19.705044 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:40:19.706158 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:40:19.706263 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:19.774130 osdx sudo[442228]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:19.782603 osdx ca-certificates[442243]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:40:20.038387 osdx ca-certificates[442813]: done.
Jun 20 15:40:20.043387 osdx ca-certificates[442821]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:20.469197 osdx ubnt-cfgd[443667]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:20.478059 osdx ca-certificates[443673]: 140 added, 0 removed; done.
Jun 20 15:40:20.481002 osdx ca-certificates[443679]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:20.483918 osdx ca-certificates[443681]: done.
Jun 20 15:40:20.499582 osdx INFO[443684]: FRR daemons did not change
Jun 20 15:40:20.500105 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:20.502263 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:20.519751 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:21.745985 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:21.815653 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:21.907375 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:21.979554 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:22.076782 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:22.142973 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:22.242321 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 20 15:40:22.294269 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:22.399422 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:22.454382 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:22.603321 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:22.692387 osdx ubnt-cfgd[443718]: inactive
Jun 20 15:40:22.713990 osdx INFO[443728]: FRR daemons did not change
Jun 20 15:40:22.717580 osdx sudo[443731]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:22.726122 osdx ca-certificates[443744]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:23.255150 osdx ubnt-cfgd[444742]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:23.265536 osdx ca-certificates[444747]: 1 added, 0 removed; done.
Jun 20 15:40:23.269990 osdx ca-certificates[444754]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:23.272904 osdx ca-certificates[444756]: done.
Jun 20 15:40:23.292731 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:23.436994 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:23.438122 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:23.456405 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:23.468931 osdx dnscrypt-proxy[444866]: dnscrypt-proxy 2.0.45
Jun 20 15:40:23.468991 osdx dnscrypt-proxy[444866]: Network connectivity detected
Jun 20 15:40:23.469170 osdx dnscrypt-proxy[444866]: Dropping privileges
Jun 20 15:40:23.471073 osdx dnscrypt-proxy[444866]: Network connectivity detected
Jun 20 15:40:23.471100 osdx dnscrypt-proxy[444866]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:23.471104 osdx dnscrypt-proxy[444866]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:23.471123 osdx dnscrypt-proxy[444866]: Firefox workaround initialized
Jun 20 15:40:23.471126 osdx dnscrypt-proxy[444866]: Loading the set of cloaking rules from [/tmp/tmprnhbmflv]
Jun 20 15:40:23.473898 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:23.609171 osdx dnscrypt-proxy[444866]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:40:23.609183 osdx dnscrypt-proxy[444866]: [RD] OK (DoH) - rtt: 110ms
Jun 20 15:40:23.609190 osdx dnscrypt-proxy[444866]: Server with the lowest initial latency: RD (rtt: 110ms)
Jun 20 15:40:23.609194 osdx dnscrypt-proxy[444866]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:40:23.641016 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 20 15:40:31.349780 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:40:31.350308 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:31.350343 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:31.353804 osdx sudo[446542]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:31.360323 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:31.586174 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 15:40:31.817999 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:31.893102 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:31.981303 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:32.047940 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:32.158725 osdx ubnt-cfgd[446567]: inactive
Jun 20 15:40:32.179291 osdx INFO[446575]: FRR daemons did not change
Jun 20 15:40:32.198316 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:32.271878 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:32.285684 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:32.321705 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:32.477329 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 20 15:40:32.629469 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:32.713395 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:32.830747 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:32.899200 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:33.033304 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:33.114546 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:33.218068 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:40:33.294816 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:33.410874 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:33.467335 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:33.598136 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:33.699212 osdx ubnt-cfgd[446736]: inactive
Jun 20 15:40:33.721221 osdx INFO[446744]: FRR daemons did not change
Jun 20 15:40:33.724808 osdx sudo[446747]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:33.733037 osdx ca-certificates[446760]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:34.243634 osdx ubnt-cfgd[447758]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:34.251585 osdx ca-certificates[447763]: 1 added, 0 removed; done.
Jun 20 15:40:34.254418 osdx ca-certificates[447770]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:34.257359 osdx ca-certificates[447772]: done.
Jun 20 15:40:34.330704 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:34.332025 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:34.333973 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:34.351081 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:34.353935 osdx dnscrypt-proxy[447776]: dnscrypt-proxy 2.0.45
Jun 20 15:40:34.353989 osdx dnscrypt-proxy[447776]: Network connectivity detected
Jun 20 15:40:34.354175 osdx dnscrypt-proxy[447776]: Dropping privileges
Jun 20 15:40:34.356373 osdx dnscrypt-proxy[447776]: Network connectivity detected
Jun 20 15:40:34.356405 osdx dnscrypt-proxy[447776]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:34.356410 osdx dnscrypt-proxy[447776]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:34.356443 osdx dnscrypt-proxy[447776]: Firefox workaround initialized
Jun 20 15:40:34.356449 osdx dnscrypt-proxy[447776]: Loading the set of cloaking rules from [/tmp/tmpa01nsx1n]
Jun 20 15:40:34.357356 osdx dnscrypt-proxy[447776]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 20 15:40:34.486166 osdx dnscrypt-proxy[447776]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:40:34.486187 osdx dnscrypt-proxy[447776]: [RD] OK (DoH) - rtt: 105ms
Jun 20 15:40:34.486203 osdx dnscrypt-proxy[447776]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 20 15:40:34.486209 osdx dnscrypt-proxy[447776]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 20 15:40:41.276106 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:40:41.279201 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:41.279262 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:41.281450 osdx sudo[449430]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:41.288082 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:41.630145 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 15:40:41.890346 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:41.967786 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:42.082290 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:42.177551 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:42.270448 osdx ubnt-cfgd[449455]: inactive
Jun 20 15:40:42.293011 osdx INFO[449463]: FRR daemons did not change
Jun 20 15:40:42.315214 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:42.398629 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:42.415229 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:42.441218 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:42.595798 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 20 15:40:42.787376 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:42.864593 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:42.973295 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:43.054309 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:43.182085 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:43.240213 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:43.338218 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:40:43.391837 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:43.501923 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:43.554066 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:43.669737 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:43.734547 osdx ubnt-cfgd[449624]: inactive
Jun 20 15:40:43.760070 osdx INFO[449632]: FRR daemons did not change
Jun 20 15:40:43.764409 osdx sudo[449635]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:43.773790 osdx ca-certificates[449648]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:44.254238 osdx ubnt-cfgd[450646]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:44.262121 osdx ca-certificates[450652]: 1 added, 0 removed; done.
Jun 20 15:40:44.265002 osdx ca-certificates[450658]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:44.267788 osdx ca-certificates[450660]: done.
Jun 20 15:40:44.327476 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:44.328850 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:44.330708 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:44.363088 osdx dnscrypt-proxy[450664]: dnscrypt-proxy 2.0.45
Jun 20 15:40:44.363143 osdx dnscrypt-proxy[450664]: Network connectivity detected
Jun 20 15:40:44.363351 osdx dnscrypt-proxy[450664]: Dropping privileges
Jun 20 15:40:44.363618 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:44.365847 osdx dnscrypt-proxy[450664]: Network connectivity detected
Jun 20 15:40:44.365881 osdx dnscrypt-proxy[450664]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:44.365886 osdx dnscrypt-proxy[450664]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:44.365913 osdx dnscrypt-proxy[450664]: Firefox workaround initialized
Jun 20 15:40:44.365918 osdx dnscrypt-proxy[450664]: Loading the set of cloaking rules from [/tmp/tmpk_wkjgcq]
Jun 20 15:40:44.366678 osdx dnscrypt-proxy[450664]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 20 15:40:44.612446 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:40:44.615215 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:44.615274 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:44.616789 osdx sudo[450692]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:44.623150 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:44.913975 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:44.987939 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:40:45.115856 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:40:45.181022 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:45.275750 osdx ubnt-cfgd[450712]: inactive
Jun 20 15:40:45.298829 osdx dnscrypt-proxy[450664]: Stopped.
Jun 20 15:40:45.298858 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:40:45.299718 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:40:45.299816 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:45.368372 osdx sudo[450782]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:45.377651 osdx ca-certificates[450798]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:40:45.639202 osdx ca-certificates[451367]: done.
Jun 20 15:40:45.642632 osdx ca-certificates[451377]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:46.066720 osdx ubnt-cfgd[452222]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:46.076121 osdx ca-certificates[452227]: 140 added, 0 removed; done.
Jun 20 15:40:46.079163 osdx ca-certificates[452234]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:46.082119 osdx ca-certificates[452236]: done.
Jun 20 15:40:46.097174 osdx INFO[452239]: FRR daemons did not change
Jun 20 15:40:46.097487 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:46.134414 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:46.154111 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:47.527032 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:47.636882 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:47.715474 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:47.840080 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:47.909060 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:48.016576 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:48.073430 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 20 15:40:48.180325 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:48.254337 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:48.365707 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:48.473550 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:48.573149 osdx ubnt-cfgd[452274]: inactive
Jun 20 15:40:48.600683 osdx INFO[452284]: FRR daemons did not change
Jun 20 15:40:48.604406 osdx sudo[452287]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:48.613854 osdx ca-certificates[452300]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:49.108765 osdx ubnt-cfgd[453300]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:49.116029 osdx ca-certificates[453306]: 1 added, 0 removed; done.
Jun 20 15:40:49.118792 osdx ca-certificates[453312]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:49.121574 osdx ca-certificates[453314]: done.
Jun 20 15:40:49.143196 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:49.283645 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:49.285102 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:49.301751 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:49.313494 osdx dnscrypt-proxy[453424]: dnscrypt-proxy 2.0.45
Jun 20 15:40:49.313772 osdx dnscrypt-proxy[453424]: Network connectivity detected
Jun 20 15:40:49.314006 osdx dnscrypt-proxy[453424]: Dropping privileges
Jun 20 15:40:49.316549 osdx dnscrypt-proxy[453424]: Network connectivity detected
Jun 20 15:40:49.316577 osdx dnscrypt-proxy[453424]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:49.316581 osdx dnscrypt-proxy[453424]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:49.316600 osdx dnscrypt-proxy[453424]: Firefox workaround initialized
Jun 20 15:40:49.316604 osdx dnscrypt-proxy[453424]: Loading the set of cloaking rules from [/tmp/tmpy4o8_tmf]
Jun 20 15:40:49.317308 osdx dnscrypt-proxy[453424]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 20 15:40:49.320409 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:49.447582 osdx dnscrypt-proxy[453424]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:40:49.447599 osdx dnscrypt-proxy[453424]: [RD] OK (DoH) - rtt: 105ms
Jun 20 15:40:49.447609 osdx dnscrypt-proxy[453424]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 20 15:40:49.447615 osdx dnscrypt-proxy[453424]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 20 15:40:49.578713 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:40:49.579189 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:40:49.579224 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:40:49.582716 osdx sudo[453471]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:49.589301 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:40:49.860386 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:49.924784 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:40:50.128434 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:40:50.202254 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:50.315267 osdx ubnt-cfgd[453491]: inactive
Jun 20 15:40:50.334210 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:40:50.334254 osdx dnscrypt-proxy[453424]: Stopped.
Jun 20 15:40:50.335517 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:40:50.335635 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:50.396736 osdx sudo[453561]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:50.405475 osdx ca-certificates[453577]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:40:50.672990 osdx ca-certificates[454147]: done.
Jun 20 15:40:50.676322 osdx ca-certificates[454156]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:51.116490 osdx ubnt-cfgd[455001]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:51.127115 osdx ca-certificates[455008]: 140 added, 0 removed; done.
Jun 20 15:40:51.130625 osdx ca-certificates[455013]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:51.133420 osdx ca-certificates[455015]: done.
Jun 20 15:40:51.151569 osdx INFO[455018]: FRR daemons did not change
Jun 20 15:40:51.151996 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:51.154308 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:51.178028 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:52.634571 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:40:52.706749 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:40:52.798754 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:40:52.870360 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:40:52.965390 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:40:53.026068 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:40:53.123934 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:40:53.182994 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 20 15:40:53.267698 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:40:53.401453 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:40:53.506224 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:40:53.629191 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:40:53.699754 osdx ubnt-cfgd[455055]: inactive
Jun 20 15:40:53.726585 osdx INFO[455065]: FRR daemons did not change
Jun 20 15:40:53.731848 osdx sudo[455068]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:40:53.741924 osdx ca-certificates[455081]: Updating certificates in /etc/ssl/certs...
Jun 20 15:40:54.229812 osdx ubnt-cfgd[456079]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:40:54.237246 osdx ca-certificates[456084]: 1 added, 0 removed; done.
Jun 20 15:40:54.240120 osdx ca-certificates[456091]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:40:54.244046 osdx ca-certificates[456093]: done.
Jun 20 15:40:54.263206 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:40:54.399483 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:40:54.400576 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:40:54.411319 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:40:54.423087 osdx dnscrypt-proxy[456203]: dnscrypt-proxy 2.0.45
Jun 20 15:40:54.423159 osdx dnscrypt-proxy[456203]: Network connectivity detected
Jun 20 15:40:54.423432 osdx dnscrypt-proxy[456203]: Dropping privileges
Jun 20 15:40:54.425758 osdx dnscrypt-proxy[456203]: Network connectivity detected
Jun 20 15:40:54.426023 osdx dnscrypt-proxy[456203]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:40:54.426093 osdx dnscrypt-proxy[456203]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:40:54.426169 osdx dnscrypt-proxy[456203]: Firefox workaround initialized
Jun 20 15:40:54.426212 osdx dnscrypt-proxy[456203]: Loading the set of cloaking rules from [/tmp/tmps9kedffl]
Jun 20 15:40:54.427034 osdx dnscrypt-proxy[456203]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 20 15:40:54.431217 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:40:54.561102 osdx dnscrypt-proxy[456203]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:40:54.561115 osdx dnscrypt-proxy[456203]: [RD] OK (DoH) - rtt: 105ms
Jun 20 15:40:54.561123 osdx dnscrypt-proxy[456203]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 20 15:40:54.561128 osdx dnscrypt-proxy[456203]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 20 15:41:01.000220 osdx systemd-timedated[409461]: Changed local time to Fri 2025-06-20 15:41:01 UTC
Jun 20 15:41:01.002088 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'set date 2025-06-20 15:41:01'.
Jun 20 15:41:01.002382 osdx systemd-journald[210303]: Time jumped backwards, rotating.
Jun 20 15:41:01.352527 osdx sudo[457879]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:01.356226 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:41:01.358389 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:01.358451 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:01.361648 osdx sudo[457878]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:01.368405 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:01.593929 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 20 15:41:01.807993 osdx CRON[457888]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:01.875249 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:01.954854 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:02.033865 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:02.157399 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:02.230972 osdx ubnt-cfgd[457906]: inactive
Jun 20 15:41:02.257577 osdx INFO[457914]: FRR daemons did not change
Jun 20 15:41:02.282388 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:02.372165 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:02.384383 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:02.429704 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:02.616815 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 20 15:41:02.825837 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:02.900665 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:03.017492 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:03.110467 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:03.250303 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:03.392293 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:03.459653 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:41:03.560400 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 20 15:41:03.622810 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:03.776868 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:03.841092 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:03.981810 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:04.053402 osdx ubnt-cfgd[458078]: inactive
Jun 20 15:41:04.073109 osdx INFO[458086]: FRR daemons did not change
Jun 20 15:41:04.077109 osdx sudo[458089]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:04.086490 osdx ca-certificates[458101]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:04.591767 osdx ubnt-cfgd[459100]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:04.603644 osdx ca-certificates[459106]: 1 added, 0 removed; done.
Jun 20 15:41:04.606776 osdx ca-certificates[459112]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:04.610403 osdx ca-certificates[459114]: done.
Jun 20 15:41:04.702864 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:04.704482 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:04.707376 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:04.731232 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:04.733788 osdx dnscrypt-proxy[459118]: dnscrypt-proxy 2.0.45
Jun 20 15:41:04.733845 osdx dnscrypt-proxy[459118]: Network connectivity detected
Jun 20 15:41:04.734044 osdx dnscrypt-proxy[459118]: Dropping privileges
Jun 20 15:41:04.736146 osdx dnscrypt-proxy[459118]: Network connectivity detected
Jun 20 15:41:04.736173 osdx dnscrypt-proxy[459118]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:04.736177 osdx dnscrypt-proxy[459118]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:04.736198 osdx dnscrypt-proxy[459118]: Firefox workaround initialized
Jun 20 15:41:04.736209 osdx dnscrypt-proxy[459118]: Loading the set of cloaking rules from [/tmp/tmp49sjdxq6]
Jun 20 15:41:04.879194 osdx dnscrypt-proxy[459118]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 20 15:41:04.879207 osdx dnscrypt-proxy[459118]: [RD] OK (DoH) - rtt: 118ms
Jun 20 15:41:04.879217 osdx dnscrypt-proxy[459118]: Server with the lowest initial latency: RD (rtt: 118ms)
Jun 20 15:41:04.879223 osdx dnscrypt-proxy[459118]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:09.883485 osdx OSDxCLI[389379]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 20 15:41:11.978910 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 20 15:41:12.199993 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.2M free.
Jun 20 15:41:12.202382 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:12.202443 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:12.204037 osdx sudo[459153]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:12.210425 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:12.603798 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:12.672117 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:41:12.806764 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:41:12.889899 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:12.991575 osdx ubnt-cfgd[459173]: inactive
Jun 20 15:41:13.011253 osdx dnscrypt-proxy[459118]: Stopped.
Jun 20 15:41:13.011268 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:41:13.012217 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:41:13.012312 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:13.074538 osdx sudo[459243]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:13.083531 osdx ca-certificates[459259]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:41:13.342963 osdx ca-certificates[459829]: done.
Jun 20 15:41:13.346150 osdx ca-certificates[459841]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:13.766796 osdx ubnt-cfgd[460683]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:13.774329 osdx ca-certificates[460689]: 140 added, 0 removed; done.
Jun 20 15:41:13.777035 osdx ca-certificates[460695]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:13.780680 osdx ca-certificates[460697]: done.
Jun 20 15:41:13.801094 osdx INFO[460700]: FRR daemons did not change
Jun 20 15:41:13.801544 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:13.807107 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:13.825734 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:15.245198 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:15.308385 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:15.425348 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:15.504514 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:15.591247 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:15.651966 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:15.754107 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:41:15.810910 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 20 15:41:15.915051 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:15.995990 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:16.079969 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:16.158801 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:16.250844 osdx ubnt-cfgd[460737]: inactive
Jun 20 15:41:16.277353 osdx INFO[460747]: FRR daemons did not change
Jun 20 15:41:16.282234 osdx sudo[460750]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:16.292999 osdx ca-certificates[460763]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:16.813506 osdx ubnt-cfgd[461761]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:16.822955 osdx ca-certificates[461766]: 1 added, 0 removed; done.
Jun 20 15:41:16.825885 osdx ca-certificates[461773]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:16.829487 osdx ca-certificates[461775]: done.
Jun 20 15:41:16.850389 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:16.990680 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:16.991953 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:17.006626 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:17.014402 osdx dnscrypt-proxy[461885]: dnscrypt-proxy 2.0.45
Jun 20 15:41:17.014474 osdx dnscrypt-proxy[461885]: Network connectivity detected
Jun 20 15:41:17.014698 osdx dnscrypt-proxy[461885]: Dropping privileges
Jun 20 15:41:17.017484 osdx dnscrypt-proxy[461885]: Network connectivity detected
Jun 20 15:41:17.017528 osdx dnscrypt-proxy[461885]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:17.017533 osdx dnscrypt-proxy[461885]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:17.017565 osdx dnscrypt-proxy[461885]: Firefox workaround initialized
Jun 20 15:41:17.017570 osdx dnscrypt-proxy[461885]: Loading the set of cloaking rules from [/tmp/tmp91ejs312]
Jun 20 15:41:17.025848 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:17.163215 osdx dnscrypt-proxy[461885]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 20 15:41:17.163233 osdx dnscrypt-proxy[461885]: [RD] OK (DoH) - rtt: 120ms
Jun 20 15:41:17.163241 osdx dnscrypt-proxy[461885]: Server with the lowest initial latency: RD (rtt: 120ms)
Jun 20 15:41:17.163246 osdx dnscrypt-proxy[461885]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:17.169647 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 20 15:41:17.385516 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.1M, max 15.3M, 13.2M free.
Jun 20 15:41:17.386375 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:17.386427 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:17.389536 osdx sudo[461936]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:17.396021 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:17.653495 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:17.714426 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:41:17.863615 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:41:17.927146 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:18.026286 osdx ubnt-cfgd[461956]: inactive
Jun 20 15:41:18.045761 osdx dnscrypt-proxy[461885]: Stopped.
Jun 20 15:41:18.045789 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:41:18.046529 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:41:18.046638 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:18.110076 osdx sudo[462026]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:18.120890 osdx ca-certificates[462042]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:41:18.389920 osdx ca-certificates[462611]: done.
Jun 20 15:41:18.395732 osdx ca-certificates[462621]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:18.808898 osdx ubnt-cfgd[463466]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:18.816930 osdx ca-certificates[463471]: 140 added, 0 removed; done.
Jun 20 15:41:18.819751 osdx ca-certificates[463478]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:18.822711 osdx ca-certificates[463480]: done.
Jun 20 15:41:18.838824 osdx INFO[463483]: FRR daemons did not change
Jun 20 15:41:18.839221 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:18.840989 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:18.858767 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:20.214515 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:20.276936 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:20.395872 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:20.470212 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:20.569498 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:20.691550 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:20.761807 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 20 15:41:20.872638 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 20 15:41:20.925782 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:21.037093 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:21.092866 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:21.213904 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:21.278559 osdx ubnt-cfgd[463520]: inactive
Jun 20 15:41:21.303759 osdx INFO[463530]: FRR daemons did not change
Jun 20 15:41:21.307299 osdx sudo[463533]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:21.316507 osdx ca-certificates[463545]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:21.822766 osdx ubnt-cfgd[464544]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:21.830112 osdx ca-certificates[464550]: 1 added, 0 removed; done.
Jun 20 15:41:21.832992 osdx ca-certificates[464556]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:21.837010 osdx ca-certificates[464558]: done.
Jun 20 15:41:21.870391 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:22.022666 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:22.026571 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:22.050588 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:22.077834 osdx dnscrypt-proxy[464668]: dnscrypt-proxy 2.0.45
Jun 20 15:41:22.077894 osdx dnscrypt-proxy[464668]: Network connectivity detected
Jun 20 15:41:22.078077 osdx dnscrypt-proxy[464668]: Dropping privileges
Jun 20 15:41:22.080166 osdx dnscrypt-proxy[464668]: Network connectivity detected
Jun 20 15:41:22.080195 osdx dnscrypt-proxy[464668]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:22.080200 osdx dnscrypt-proxy[464668]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:22.080220 osdx dnscrypt-proxy[464668]: Firefox workaround initialized
Jun 20 15:41:22.080223 osdx dnscrypt-proxy[464668]: Loading the set of cloaking rules from [/tmp/tmpkkzlrg54]
Jun 20 15:41:22.081515 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:22.221009 osdx dnscrypt-proxy[464668]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:41:22.221024 osdx dnscrypt-proxy[464668]: [RD] OK (DoH) - rtt: 116ms
Jun 20 15:41:22.221032 osdx dnscrypt-proxy[464668]: Server with the lowest initial latency: RD (rtt: 116ms)
Jun 20 15:41:22.221037 osdx dnscrypt-proxy[464668]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:22.245282 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 20 15:41:22.471460 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:41:22.474386 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:22.474437 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:22.475804 osdx sudo[464718]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:22.482428 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:22.773761 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:22.859859 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:41:22.958091 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:41:23.063211 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:23.186849 osdx ubnt-cfgd[464738]: inactive
Jun 20 15:41:23.207834 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:41:23.207978 osdx dnscrypt-proxy[464668]: Stopped.
Jun 20 15:41:23.209122 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:41:23.209234 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:23.287951 osdx sudo[464808]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:23.297817 osdx ca-certificates[464824]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:41:23.576228 osdx ca-certificates[465394]: done.
Jun 20 15:41:23.581120 osdx ca-certificates[465403]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:24.033670 osdx ubnt-cfgd[466248]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:24.042491 osdx ca-certificates[466254]: 140 added, 0 removed; done.
Jun 20 15:41:24.045368 osdx ca-certificates[466260]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:24.048166 osdx ca-certificates[466262]: done.
Jun 20 15:41:24.064116 osdx INFO[466265]: FRR daemons did not change
Jun 20 15:41:24.064596 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:24.108762 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:24.160166 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:25.596349 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:25.667012 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:25.835110 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:26.001428 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:26.122629 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:26.234044 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:26.305291 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 20 15:41:26.391281 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 20 15:41:26.459144 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:26.595474 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:26.657414 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:26.779913 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:26.846738 osdx ubnt-cfgd[466302]: inactive
Jun 20 15:41:26.870029 osdx INFO[466312]: FRR daemons did not change
Jun 20 15:41:26.874720 osdx sudo[466315]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:26.883838 osdx ca-certificates[466328]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:27.377516 osdx ubnt-cfgd[467326]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:27.385709 osdx ca-certificates[467331]: 1 added, 0 removed; done.
Jun 20 15:41:27.389537 osdx ca-certificates[467338]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:27.393479 osdx ca-certificates[467340]: done.
Jun 20 15:41:27.418402 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:27.550702 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:27.551817 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:27.563664 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:27.582832 osdx dnscrypt-proxy[467450]: dnscrypt-proxy 2.0.45
Jun 20 15:41:27.582889 osdx dnscrypt-proxy[467450]: Network connectivity detected
Jun 20 15:41:27.583075 osdx dnscrypt-proxy[467450]: Dropping privileges
Jun 20 15:41:27.585488 osdx dnscrypt-proxy[467450]: Network connectivity detected
Jun 20 15:41:27.585524 osdx dnscrypt-proxy[467450]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:27.585529 osdx dnscrypt-proxy[467450]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:27.585553 osdx dnscrypt-proxy[467450]: Firefox workaround initialized
Jun 20 15:41:27.585558 osdx dnscrypt-proxy[467450]: Loading the set of cloaking rules from [/tmp/tmp8xjjw15_]
Jun 20 15:41:27.590610 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:27.922626 osdx dnscrypt-proxy[467450]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 20 15:41:27.922642 osdx dnscrypt-proxy[467450]: [RD] OK (DoH) - rtt: 105ms
Jun 20 15:41:27.922650 osdx dnscrypt-proxy[467450]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 20 15:41:27.922655 osdx dnscrypt-proxy[467450]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:31.030325 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Jun 20 15:41:32.766716 osdx OSDxCLI[389379]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 20 15:41:34.913607 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 20 15:41:35.150174 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:41:35.150814 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:35.150855 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:35.154678 osdx sudo[467506]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:35.160893 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:35.419604 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:35.479831 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:41:35.588647 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:41:35.659205 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:35.766982 osdx ubnt-cfgd[467526]: inactive
Jun 20 15:41:35.791652 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:41:35.791657 osdx dnscrypt-proxy[467450]: Stopped.
Jun 20 15:41:35.793512 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:41:35.793615 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:35.871179 osdx sudo[467596]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:35.879862 osdx ca-certificates[467612]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:41:36.148127 osdx ca-certificates[468182]: done.
Jun 20 15:41:36.151148 osdx ca-certificates[468193]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:36.571010 osdx ubnt-cfgd[469036]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:36.578489 osdx ca-certificates[469042]: 140 added, 0 removed; done.
Jun 20 15:41:36.581291 osdx ca-certificates[469048]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:36.584098 osdx ca-certificates[469050]: done.
Jun 20 15:41:36.599924 osdx INFO[469053]: FRR daemons did not change
Jun 20 15:41:36.600370 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:36.602449 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:36.619036 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:37.861816 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:37.924503 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:38.024392 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:38.091667 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:38.184016 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:38.259292 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:38.358594 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 20 15:41:38.418786 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 20 15:41:38.513734 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:38.589822 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:38.676438 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:38.755339 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:38.847517 osdx ubnt-cfgd[469090]: inactive
Jun 20 15:41:38.870878 osdx INFO[469100]: FRR daemons did not change
Jun 20 15:41:38.874601 osdx sudo[469103]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:38.882859 osdx ca-certificates[469116]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:39.403516 osdx ubnt-cfgd[470114]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:39.410889 osdx ca-certificates[470119]: 1 added, 0 removed; done.
Jun 20 15:41:39.413906 osdx ca-certificates[470126]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:39.417650 osdx ca-certificates[470128]: done.
Jun 20 15:41:39.442385 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:39.594869 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:39.596187 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:39.610273 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:39.620167 osdx dnscrypt-proxy[470238]: dnscrypt-proxy 2.0.45
Jun 20 15:41:39.620228 osdx dnscrypt-proxy[470238]: Network connectivity detected
Jun 20 15:41:39.620429 osdx dnscrypt-proxy[470238]: Dropping privileges
Jun 20 15:41:39.622418 osdx dnscrypt-proxy[470238]: Network connectivity detected
Jun 20 15:41:39.622454 osdx dnscrypt-proxy[470238]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:39.622459 osdx dnscrypt-proxy[470238]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:39.622488 osdx dnscrypt-proxy[470238]: Firefox workaround initialized
Jun 20 15:41:39.622493 osdx dnscrypt-proxy[470238]: Loading the set of cloaking rules from [/tmp/tmpq99hlfse]
Jun 20 15:41:39.641022 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:39.759660 osdx dnscrypt-proxy[470238]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 20 15:41:39.759677 osdx dnscrypt-proxy[470238]: [RD] OK (DoH) - rtt: 112ms
Jun 20 15:41:39.759686 osdx dnscrypt-proxy[470238]: Server with the lowest initial latency: RD (rtt: 112ms)
Jun 20 15:41:39.759691 osdx dnscrypt-proxy[470238]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:39.819747 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 20 15:41:40.080697 osdx systemd-journald[210303]: Runtime Journal (/run/log/journal/a9538f26f6924eb58d28105803b55de8) is 2.0M, max 15.3M, 13.3M free.
Jun 20 15:41:40.082377 osdx systemd-journald[210303]: Received client request to rotate journal, rotating.
Jun 20 15:41:40.082427 osdx systemd-journald[210303]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9538f26f6924eb58d28105803b55de8.
Jun 20 15:41:40.084619 osdx sudo[470290]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:40.091086 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'system journal clear'.
Jun 20 15:41:40.346717 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:40.403934 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'delete '.
Jun 20 15:41:40.526535 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 20 15:41:40.589367 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:40.708235 osdx ubnt-cfgd[470310]: inactive
Jun 20 15:41:40.729559 osdx dnscrypt-proxy[470238]: Stopped.
Jun 20 15:41:40.729593 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 20 15:41:40.730811 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 20 15:41:40.730909 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:40.802977 osdx sudo[470380]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:40.812275 osdx ca-certificates[470395]: Clearing symlinks in /etc/ssl/certs...
Jun 20 15:41:41.085938 osdx ca-certificates[470965]: done.
Jun 20 15:41:41.089682 osdx ca-certificates[470975]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:41.531784 osdx ubnt-cfgd[471820]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:41.541680 osdx ca-certificates[471826]: 140 added, 0 removed; done.
Jun 20 15:41:41.545516 osdx ca-certificates[471832]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:41.549210 osdx ca-certificates[471834]: done.
Jun 20 15:41:41.563846 osdx INFO[471837]: FRR daemons did not change
Jun 20 15:41:41.564263 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:41.577610 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:41.605713 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:42.918981 osdx OSDxCLI[389379]: User 'admin' entered the configuration menu.
Jun 20 15:41:42.979525 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 20 15:41:43.094967 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 20 15:41:43.167672 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 20 15:41:43.258597 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 20 15:41:43.327423 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 20 15:41:43.425467 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 20 15:41:43.508313 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 20 15:41:43.569015 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 20 15:41:43.730438 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 20 15:41:43.786863 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 20 15:41:43.904148 osdx OSDxCLI[389379]: User 'admin' added a new cfg line: 'show working'.
Jun 20 15:41:43.984652 osdx ubnt-cfgd[471874]: inactive
Jun 20 15:41:44.008869 osdx INFO[471884]: FRR daemons did not change
Jun 20 15:41:44.012485 osdx sudo[471887]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 20 15:41:44.022176 osdx ca-certificates[471900]: Updating certificates in /etc/ssl/certs...
Jun 20 15:41:44.536775 osdx ubnt-cfgd[472898]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 20 15:41:44.544400 osdx ca-certificates[472904]: 1 added, 0 removed; done.
Jun 20 15:41:44.547335 osdx ca-certificates[472910]: Running hooks in /etc/ca-certificates/update.d...
Jun 20 15:41:44.550251 osdx ca-certificates[472912]: done.
Jun 20 15:41:44.570386 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 20 15:41:44.730658 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 20 15:41:44.731926 osdx cfgd[1460]: [389379]Completed change to active configuration
Jun 20 15:41:44.743468 osdx OSDxCLI[389379]: User 'admin' committed the configuration.
Jun 20 15:41:44.756725 osdx dnscrypt-proxy[473022]: dnscrypt-proxy 2.0.45
Jun 20 15:41:44.756799 osdx dnscrypt-proxy[473022]: Network connectivity detected
Jun 20 15:41:44.757032 osdx dnscrypt-proxy[473022]: Dropping privileges
Jun 20 15:41:44.759874 osdx dnscrypt-proxy[473022]: Network connectivity detected
Jun 20 15:41:44.759913 osdx dnscrypt-proxy[473022]: Now listening to 127.0.0.1:53 [UDP]
Jun 20 15:41:44.759920 osdx dnscrypt-proxy[473022]: Now listening to 127.0.0.1:53 [TCP]
Jun 20 15:41:44.759945 osdx dnscrypt-proxy[473022]: Firefox workaround initialized
Jun 20 15:41:44.759950 osdx dnscrypt-proxy[473022]: Loading the set of cloaking rules from [/tmp/tmpymnnvjs5]
Jun 20 15:41:44.766963 osdx OSDxCLI[389379]: User 'admin' left the configuration menu.
Jun 20 15:41:44.905512 osdx dnscrypt-proxy[473022]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 20 15:41:44.905535 osdx dnscrypt-proxy[473022]: [RD] OK (DoH) - rtt: 117ms
Jun 20 15:41:44.905546 osdx dnscrypt-proxy[473022]: Server with the lowest initial latency: RD (rtt: 117ms)
Jun 20 15:41:44.905553 osdx dnscrypt-proxy[473022]: dnscrypt-proxy is ready - live servers: 1
Jun 20 15:41:44.926398 osdx OSDxCLI[389379]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---