Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Sep 05 09:48:00.303691 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:48:00.306038 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:48:00.306099 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:48:00.313050 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:48:00.525197 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:48:00.743009 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:00.817324 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:00.902039 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:00.970693 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:01.054960 osdx ubnt-cfgd[83538]: inactive Sep 05 09:48:01.100811 osdx INFO[83546]: FRR daemons did not change Sep 05 09:48:01.192486 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:01.206449 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:01.235842 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:01.377136 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:48:01.549465 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:01.616884 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:48:01.723211 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:48:01.795426 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:48:01.890075 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:48:01.957668 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:48:02.046684 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Sep 05 09:48:02.122187 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:48:02.242716 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:02.304539 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:02.461214 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:02.545920 osdx ubnt-cfgd[83710]: inactive Sep 05 09:48:02.564013 osdx INFO[83718]: FRR daemons did not change Sep 05 09:48:02.575831 osdx ca-certificates[83734]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:03.065984 osdx ubnt-cfgd[84732]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:03.074688 osdx ca-certificates[84738]: 1 added, 0 removed; done. Sep 05 09:48:03.077840 osdx ca-certificates[84744]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:03.081568 osdx ca-certificates[84746]: done. Sep 05 09:48:03.146304 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:03.147491 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:03.149808 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:03.165666 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:03.173727 osdx dnscrypt-proxy[84750]: dnscrypt-proxy 2.0.45 Sep 05 09:48:03.173797 osdx dnscrypt-proxy[84750]: Network connectivity detected Sep 05 09:48:03.174002 osdx dnscrypt-proxy[84750]: Dropping privileges Sep 05 09:48:03.176268 osdx dnscrypt-proxy[84750]: Network connectivity detected Sep 05 09:48:03.176443 osdx dnscrypt-proxy[84750]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:48:03.176473 osdx dnscrypt-proxy[84750]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:48:03.176523 osdx dnscrypt-proxy[84750]: Firefox workaround initialized Sep 05 09:48:03.176555 osdx dnscrypt-proxy[84750]: Loading the set of cloaking rules from [/tmp/tmpv48pju9f] Sep 05 09:48:03.364280 osdx dnscrypt-proxy[84750]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Sep 05 09:48:03.364295 osdx dnscrypt-proxy[84750]: [RD] OK (DoH) - rtt: 124ms Sep 05 09:48:03.364302 osdx dnscrypt-proxy[84750]: Server with the lowest initial latency: RD (rtt: 124ms) Sep 05 09:48:03.364307 osdx dnscrypt-proxy[84750]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:48:08.338371 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:48:10.438037 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Sep 05 09:48:17.327378 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:48:17.328370 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:48:17.328410 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:48:17.338758 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:48:17.555041 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:48:17.773894 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:17.884047 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:17.938350 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:18.045811 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:18.106922 osdx ubnt-cfgd[86438]: inactive Sep 05 09:48:18.125504 osdx INFO[86446]: FRR daemons did not change Sep 05 09:48:18.220510 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:18.231267 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:18.247903 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:18.392480 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:48:18.618196 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:18.679217 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:48:18.778438 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:48:18.842920 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:48:18.927893 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:48:18.988611 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:48:19.088856 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Sep 05 09:48:19.162710 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:48:19.238581 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:19.324565 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:19.396156 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:19.499489 osdx ubnt-cfgd[86607]: inactive Sep 05 09:48:19.518393 osdx INFO[86615]: FRR daemons did not change Sep 05 09:48:19.530591 osdx ca-certificates[86630]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:20.014618 osdx ubnt-cfgd[87629]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:20.022753 osdx ca-certificates[87635]: 1 added, 0 removed; done. Sep 05 09:48:20.025585 osdx ca-certificates[87641]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:20.028167 osdx ca-certificates[87643]: done. Sep 05 09:48:20.100830 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:20.102243 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:20.107548 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:20.135495 osdx dnscrypt-proxy[87647]: dnscrypt-proxy 2.0.45 Sep 05 09:48:20.135786 osdx dnscrypt-proxy[87647]: Network connectivity detected Sep 05 09:48:20.136003 osdx dnscrypt-proxy[87647]: Dropping privileges Sep 05 09:48:20.138026 osdx dnscrypt-proxy[87647]: Network connectivity detected Sep 05 09:48:20.138056 osdx dnscrypt-proxy[87647]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:48:20.138060 osdx dnscrypt-proxy[87647]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:48:20.138087 osdx dnscrypt-proxy[87647]: Firefox workaround initialized Sep 05 09:48:20.138092 osdx dnscrypt-proxy[87647]: Loading the set of cloaking rules from [/tmp/tmp4_eli74k] Sep 05 09:48:20.144065 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:23.254681 osdx dnscrypt-proxy[87647]: [RD] [https://remote.dns/dns-query]: 502 Bad Gateway Sep 05 09:48:23.254706 osdx dnscrypt-proxy[87647]: 502 Bad Gateway Sep 05 09:48:23.254722 osdx dnscrypt-proxy[87647]: dnscrypt-proxy is waiting for at least one server to be reachable Sep 05 09:48:25.319147 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:48:32.407405 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:48:33.511695 osdx dnscrypt-proxy[87647]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Sep 05 09:48:33.511710 osdx dnscrypt-proxy[87647]: [RD] OK (DoH) - rtt: 111ms Sep 05 09:48:33.511717 osdx dnscrypt-proxy[87647]: Server with the lowest initial latency: RD (rtt: 111ms) Sep 05 09:48:34.500021 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Sep 05 09:48:34.703168 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:48:34.704381 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:48:34.704434 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:48:34.712727 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:48:34.958672 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:35.017440 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:48:35.130272 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:48:35.193519 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:35.293748 osdx ubnt-cfgd[87706]: inactive Sep 05 09:48:35.314553 osdx dnscrypt-proxy[87647]: Stopped. Sep 05 09:48:35.314643 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:48:35.315665 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:48:35.315788 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:35.386313 osdx ca-certificates[87793]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:48:35.634377 osdx ca-certificates[88363]: done. Sep 05 09:48:35.637991 osdx ca-certificates[88372]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:36.038653 osdx ubnt-cfgd[89217]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:36.046188 osdx ca-certificates[89223]: 140 added, 0 removed; done. Sep 05 09:48:36.049023 osdx ca-certificates[89229]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:36.051961 osdx ca-certificates[89231]: done. Sep 05 09:48:36.065308 osdx INFO[89234]: FRR daemons did not change Sep 05 09:48:36.065536 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:36.067386 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:36.092777 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:37.424593 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:37.484154 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:48:37.583117 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:48:37.647129 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:48:37.739639 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:48:37.798988 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:48:37.895957 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Sep 05 09:48:37.950150 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:48:38.091278 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:38.145306 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:38.258440 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:38.324199 osdx ubnt-cfgd[89268]: inactive Sep 05 09:48:38.348309 osdx INFO[89278]: FRR daemons did not change Sep 05 09:48:38.359745 osdx ca-certificates[89294]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:38.821799 osdx ubnt-cfgd[90292]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:38.829537 osdx ca-certificates[90297]: 1 added, 0 removed; done. Sep 05 09:48:38.832817 osdx ca-certificates[90304]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:38.835555 osdx ca-certificates[90306]: done. Sep 05 09:48:38.992888 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:38.994425 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:39.005385 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:39.021934 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:39.025996 osdx dnscrypt-proxy[90416]: dnscrypt-proxy 2.0.45 Sep 05 09:48:39.026063 osdx dnscrypt-proxy[90416]: Network connectivity detected Sep 05 09:48:39.026293 osdx dnscrypt-proxy[90416]: Dropping privileges Sep 05 09:48:39.028899 osdx dnscrypt-proxy[90416]: Network connectivity detected Sep 05 09:48:39.028930 osdx dnscrypt-proxy[90416]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:48:39.028935 osdx dnscrypt-proxy[90416]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:48:39.028958 osdx dnscrypt-proxy[90416]: Firefox workaround initialized Sep 05 09:48:39.028963 osdx dnscrypt-proxy[90416]: Loading the set of cloaking rules from [/tmp/tmpct8vnulh] Sep 05 09:48:39.207542 osdx dnscrypt-proxy[90416]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Sep 05 09:48:39.207560 osdx dnscrypt-proxy[90416]: [RD] OK (DoH) - rtt: 108ms Sep 05 09:48:39.207568 osdx dnscrypt-proxy[90416]: Server with the lowest initial latency: RD (rtt: 108ms) Sep 05 09:48:39.207573 osdx dnscrypt-proxy[90416]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:48:44.191611 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:48:46.279868 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Sep 05 09:48:46.475686 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:48:46.476367 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:48:46.476413 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:48:46.485097 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:48:46.814492 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:46.878358 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:48:46.990469 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:48:47.030619 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Sep 05 09:48:47.052313 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:47.145083 osdx ubnt-cfgd[90492]: inactive Sep 05 09:48:47.167748 osdx dnscrypt-proxy[90416]: Stopped. Sep 05 09:48:47.167833 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:48:47.168554 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:48:47.168676 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:47.244126 osdx ca-certificates[90578]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:48:47.502674 osdx ca-certificates[91148]: done. Sep 05 09:48:47.506905 osdx ca-certificates[91157]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:47.941494 osdx ubnt-cfgd[92002]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:47.951972 osdx ca-certificates[92009]: 140 added, 0 removed; done. Sep 05 09:48:47.955825 osdx ca-certificates[92014]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:47.958885 osdx ca-certificates[92016]: done. Sep 05 09:48:47.973407 osdx INFO[92019]: FRR daemons did not change Sep 05 09:48:47.973651 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:47.975927 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:48.002029 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:49.338309 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:48:49.400246 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:48:49.499203 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:48:49.567882 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:48:49.679618 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:48:49.792746 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:48:49.856257 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Sep 05 09:48:49.952371 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:48:50.026252 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:48:50.110165 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:48:50.182682 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:48:50.281194 osdx ubnt-cfgd[92053]: inactive Sep 05 09:48:50.304586 osdx INFO[92063]: FRR daemons did not change Sep 05 09:48:50.316761 osdx ca-certificates[92079]: Updating certificates in /etc/ssl/certs... Sep 05 09:48:50.834413 osdx ubnt-cfgd[93077]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:48:50.843544 osdx ca-certificates[93082]: 1 added, 0 removed; done. Sep 05 09:48:50.847430 osdx ca-certificates[93089]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:48:50.850257 osdx ca-certificates[93091]: done. Sep 05 09:48:51.020637 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:48:51.021902 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:48:51.036244 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:48:51.044126 osdx dnscrypt-proxy[93201]: dnscrypt-proxy 2.0.45 Sep 05 09:48:51.044196 osdx dnscrypt-proxy[93201]: Network connectivity detected Sep 05 09:48:51.044420 osdx dnscrypt-proxy[93201]: Dropping privileges Sep 05 09:48:51.047216 osdx dnscrypt-proxy[93201]: Network connectivity detected Sep 05 09:48:51.047252 osdx dnscrypt-proxy[93201]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:48:51.047257 osdx dnscrypt-proxy[93201]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:48:51.047282 osdx dnscrypt-proxy[93201]: Firefox workaround initialized Sep 05 09:48:51.047287 osdx dnscrypt-proxy[93201]: Loading the set of cloaking rules from [/tmp/tmpra8zp44g] Sep 05 09:48:51.059758 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:48:51.292885 osdx dnscrypt-proxy[93201]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Sep 05 09:48:51.292904 osdx dnscrypt-proxy[93201]: [RD] OK (DoH) - rtt: 129ms Sep 05 09:48:51.292914 osdx dnscrypt-proxy[93201]: Server with the lowest initial latency: RD (rtt: 129ms) Sep 05 09:48:51.292920 osdx dnscrypt-proxy[93201]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:48:56.219411 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:48:58.320373 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Sep 05 09:49:05.336279 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:05.337125 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:05.337177 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:05.345724 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:05.584259 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:49:05.804883 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:05.892413 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:05.973841 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:06.039443 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:06.137458 osdx ubnt-cfgd[94911]: inactive Sep 05 09:49:06.156969 osdx INFO[94919]: FRR daemons did not change Sep 05 09:49:06.257259 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:06.270575 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:06.287746 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:06.434742 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:49:06.656228 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:06.715576 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:06.834793 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:06.899582 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:06.996152 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:07.055534 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:07.155549 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:07.209570 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:07.322172 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:07.386226 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:07.489075 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:07.556164 osdx ubnt-cfgd[95080]: inactive Sep 05 09:49:07.573857 osdx INFO[95088]: FRR daemons did not change Sep 05 09:49:07.585012 osdx ca-certificates[95104]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:08.076023 osdx ubnt-cfgd[96102]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:08.085552 osdx ca-certificates[96107]: 1 added, 0 removed; done. Sep 05 09:49:08.088515 osdx ca-certificates[96114]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:08.091222 osdx ca-certificates[96116]: done. Sep 05 09:49:08.145340 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:08.146455 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:08.148904 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:08.169010 osdx dnscrypt-proxy[96120]: dnscrypt-proxy 2.0.45 Sep 05 09:49:08.169090 osdx dnscrypt-proxy[96120]: Network connectivity detected Sep 05 09:49:08.169304 osdx dnscrypt-proxy[96120]: Dropping privileges Sep 05 09:49:08.169516 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:08.171697 osdx dnscrypt-proxy[96120]: Network connectivity detected Sep 05 09:49:08.171724 osdx dnscrypt-proxy[96120]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:08.171728 osdx dnscrypt-proxy[96120]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:08.171745 osdx dnscrypt-proxy[96120]: Firefox workaround initialized Sep 05 09:49:08.171749 osdx dnscrypt-proxy[96120]: Loading the set of cloaking rules from [/tmp/tmpdqfqmz74] Sep 05 09:49:08.172589 osdx dnscrypt-proxy[96120]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Sep 05 09:49:14.321829 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:14.325553 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:14.325601 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:14.331218 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:14.541997 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:49:14.767659 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:14.844002 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:14.932284 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:14.998054 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:15.094826 osdx ubnt-cfgd[97800]: inactive Sep 05 09:49:15.113684 osdx INFO[97808]: FRR daemons did not change Sep 05 09:49:15.220265 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:15.238177 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:15.257876 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:15.406328 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:49:15.539683 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:15.610326 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:15.722527 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:15.813960 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:15.879990 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:16.002531 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:16.064656 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:16.162952 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:16.232277 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:16.341863 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:16.429220 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:16.517818 osdx ubnt-cfgd[97969]: inactive Sep 05 09:49:16.542481 osdx INFO[97977]: FRR daemons did not change Sep 05 09:49:16.555934 osdx ca-certificates[97992]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:17.046891 osdx ubnt-cfgd[98991]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:17.054277 osdx ca-certificates[98996]: 1 added, 0 removed; done. Sep 05 09:49:17.057069 osdx ca-certificates[99003]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:17.059748 osdx ca-certificates[99005]: done. Sep 05 09:49:17.137853 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:17.139057 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:17.141114 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:17.157207 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:17.159482 osdx dnscrypt-proxy[99009]: dnscrypt-proxy 2.0.45 Sep 05 09:49:17.159553 osdx dnscrypt-proxy[99009]: Network connectivity detected Sep 05 09:49:17.159778 osdx dnscrypt-proxy[99009]: Dropping privileges Sep 05 09:49:17.162204 osdx dnscrypt-proxy[99009]: Network connectivity detected Sep 05 09:49:17.162230 osdx dnscrypt-proxy[99009]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:17.162236 osdx dnscrypt-proxy[99009]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:17.162260 osdx dnscrypt-proxy[99009]: Firefox workaround initialized Sep 05 09:49:17.162265 osdx dnscrypt-proxy[99009]: Loading the set of cloaking rules from [/tmp/tmpy_ifvy1w] Sep 05 09:49:17.163085 osdx dnscrypt-proxy[99009]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Sep 05 09:49:17.389310 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:17.389721 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:17.389750 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:17.400666 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:17.644110 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:17.707276 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:49:17.816158 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:49:17.874506 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:17.972604 osdx ubnt-cfgd[99056]: inactive Sep 05 09:49:17.991454 osdx dnscrypt-proxy[99009]: Stopped. Sep 05 09:49:17.991525 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:49:17.992450 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:49:17.992581 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:18.073399 osdx ca-certificates[99142]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:49:18.331137 osdx ca-certificates[99711]: done. Sep 05 09:49:18.334346 osdx ca-certificates[99721]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:18.773633 osdx ubnt-cfgd[100566]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:18.793563 osdx ca-certificates[100572]: 140 added, 0 removed; done. Sep 05 09:49:18.798064 osdx ca-certificates[100577]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:18.802153 osdx ca-certificates[100580]: done. Sep 05 09:49:18.822340 osdx INFO[100583]: FRR daemons did not change Sep 05 09:49:18.823469 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:18.825911 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:18.844563 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:20.038423 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:20.096588 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:20.196468 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:20.260274 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:20.355535 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:20.417175 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:20.515824 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Sep 05 09:49:20.570374 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:20.687143 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:20.747492 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:20.852286 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:20.919768 osdx ubnt-cfgd[100617]: inactive Sep 05 09:49:20.942108 osdx INFO[100627]: FRR daemons did not change Sep 05 09:49:20.956378 osdx ca-certificates[100643]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:21.422200 osdx ubnt-cfgd[101641]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:21.432474 osdx ca-certificates[101647]: 1 added, 0 removed; done. Sep 05 09:49:21.435293 osdx ca-certificates[101653]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:21.437997 osdx ca-certificates[101655]: done. Sep 05 09:49:21.585884 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:21.587100 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:21.601971 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:21.614959 osdx dnscrypt-proxy[101765]: dnscrypt-proxy 2.0.45 Sep 05 09:49:21.615052 osdx dnscrypt-proxy[101765]: Network connectivity detected Sep 05 09:49:21.615308 osdx dnscrypt-proxy[101765]: Dropping privileges Sep 05 09:49:21.618212 osdx dnscrypt-proxy[101765]: Network connectivity detected Sep 05 09:49:21.618241 osdx dnscrypt-proxy[101765]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:21.618247 osdx dnscrypt-proxy[101765]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:21.618275 osdx dnscrypt-proxy[101765]: Firefox workaround initialized Sep 05 09:49:21.618279 osdx dnscrypt-proxy[101765]: Loading the set of cloaking rules from [/tmp/tmpvzqumia9] Sep 05 09:49:21.619006 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:21.619316 osdx dnscrypt-proxy[101765]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Sep 05 09:49:21.877053 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 2.1M, max 13.8M, 11.6M free. Sep 05 09:49:21.877614 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:21.877656 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:21.888450 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:22.239603 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:22.303768 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:49:22.415743 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:49:22.477026 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:22.575406 osdx ubnt-cfgd[101833]: inactive Sep 05 09:49:22.593485 osdx dnscrypt-proxy[101765]: Stopped. Sep 05 09:49:22.593560 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:49:22.594224 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:49:22.594333 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:22.668286 osdx ca-certificates[101919]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:49:22.934227 osdx ca-certificates[102489]: done. Sep 05 09:49:22.937254 osdx ca-certificates[102498]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:23.346095 osdx ubnt-cfgd[103343]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:23.353742 osdx ca-certificates[103348]: 140 added, 0 removed; done. Sep 05 09:49:23.356546 osdx ca-certificates[103355]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:23.359445 osdx ca-certificates[103357]: done. Sep 05 09:49:23.373094 osdx INFO[103360]: FRR daemons did not change Sep 05 09:49:23.373321 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:23.440667 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:23.471816 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:24.675426 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:24.734126 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:24.831582 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:24.898269 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:25.017294 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:25.117073 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:25.182674 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:25.283739 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Sep 05 09:49:25.371496 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:25.444837 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:25.529854 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:25.611789 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:25.717967 osdx ubnt-cfgd[103397]: inactive Sep 05 09:49:25.752469 osdx INFO[103407]: FRR daemons did not change Sep 05 09:49:25.767278 osdx ca-certificates[103423]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:26.220251 osdx ubnt-cfgd[104421]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:26.227523 osdx ca-certificates[104427]: 1 added, 0 removed; done. Sep 05 09:49:26.230351 osdx ca-certificates[104433]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:26.233191 osdx ca-certificates[104435]: done. Sep 05 09:49:26.409864 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:26.411016 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:26.425201 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:26.438329 osdx dnscrypt-proxy[104545]: dnscrypt-proxy 2.0.45 Sep 05 09:49:26.438386 osdx dnscrypt-proxy[104545]: Network connectivity detected Sep 05 09:49:26.438558 osdx dnscrypt-proxy[104545]: Dropping privileges Sep 05 09:49:26.440573 osdx dnscrypt-proxy[104545]: Network connectivity detected Sep 05 09:49:26.440599 osdx dnscrypt-proxy[104545]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:26.440603 osdx dnscrypt-proxy[104545]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:26.440621 osdx dnscrypt-proxy[104545]: Firefox workaround initialized Sep 05 09:49:26.440625 osdx dnscrypt-proxy[104545]: Loading the set of cloaking rules from [/tmp/tmp7a0gdmqu] Sep 05 09:49:26.441575 osdx dnscrypt-proxy[104545]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Sep 05 09:49:26.456036 osdx OSDxCLI[2038]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Sep 05 09:49:33.298142 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:33.301557 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:33.301601 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:33.308816 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:33.543556 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system coredump delete all'. Sep 05 09:49:33.800331 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:33.875721 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:33.960463 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:34.031474 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:34.124295 osdx ubnt-cfgd[106244]: inactive Sep 05 09:49:34.145595 osdx INFO[106252]: FRR daemons did not change Sep 05 09:49:34.238076 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:34.248788 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:34.264812 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:34.420569 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Sep 05 09:49:34.624367 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:34.685515 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:34.809145 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:34.871551 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:34.966791 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:35.022701 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:35.117721 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:35.184449 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Sep 05 09:49:35.277673 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:35.367511 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:35.451687 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:35.529552 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:35.623243 osdx ubnt-cfgd[106416]: inactive Sep 05 09:49:35.641640 osdx INFO[106424]: FRR daemons did not change Sep 05 09:49:35.654150 osdx ca-certificates[106439]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:36.125230 osdx ubnt-cfgd[107438]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:36.133818 osdx ca-certificates[107444]: 1 added, 0 removed; done. Sep 05 09:49:36.136800 osdx ca-certificates[107450]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:36.140418 osdx ca-certificates[107452]: done. Sep 05 09:49:36.242078 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:36.243850 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:36.246045 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:36.262310 osdx dnscrypt-proxy[107456]: dnscrypt-proxy 2.0.45 Sep 05 09:49:36.262365 osdx dnscrypt-proxy[107456]: Network connectivity detected Sep 05 09:49:36.262554 osdx dnscrypt-proxy[107456]: Dropping privileges Sep 05 09:49:36.265053 osdx dnscrypt-proxy[107456]: Network connectivity detected Sep 05 09:49:36.265087 osdx dnscrypt-proxy[107456]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:36.265092 osdx dnscrypt-proxy[107456]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:36.265116 osdx dnscrypt-proxy[107456]: Firefox workaround initialized Sep 05 09:49:36.265122 osdx dnscrypt-proxy[107456]: Loading the set of cloaking rules from [/tmp/tmp0v3bpl1d] Sep 05 09:49:36.265887 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:36.457097 osdx dnscrypt-proxy[107456]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Sep 05 09:49:36.457145 osdx dnscrypt-proxy[107456]: [RD] OK (DoH) - rtt: 126ms Sep 05 09:49:36.457165 osdx dnscrypt-proxy[107456]: Server with the lowest initial latency: RD (rtt: 126ms) Sep 05 09:49:36.457175 osdx dnscrypt-proxy[107456]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:49:41.423685 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:49:43.506819 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Sep 05 09:49:43.718664 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:43.721558 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:43.721599 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:43.727673 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:44.052796 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:44.110258 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:49:44.216829 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:49:44.279297 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:44.399166 osdx ubnt-cfgd[107512]: inactive Sep 05 09:49:44.422780 osdx dnscrypt-proxy[107456]: Stopped. Sep 05 09:49:44.422846 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:49:44.423948 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:49:44.424052 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:44.491128 osdx ca-certificates[107598]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:49:44.733236 osdx ca-certificates[108168]: done. Sep 05 09:49:44.738161 osdx ca-certificates[108175]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:45.147029 osdx ubnt-cfgd[109022]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:45.156176 osdx ca-certificates[109028]: 140 added, 0 removed; done. Sep 05 09:49:45.159105 osdx ca-certificates[109034]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:45.161958 osdx ca-certificates[109036]: done. Sep 05 09:49:45.175970 osdx INFO[109039]: FRR daemons did not change Sep 05 09:49:45.176199 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:45.177949 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:45.194184 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:46.426942 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:46.487082 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:46.587013 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:46.648315 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:46.744711 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:46.803337 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:46.901490 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:46.958336 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Sep 05 09:49:47.054000 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:47.127865 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:47.214633 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:47.287587 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:47.398041 osdx ubnt-cfgd[109076]: inactive Sep 05 09:49:47.419824 osdx INFO[109086]: FRR daemons did not change Sep 05 09:49:47.441597 osdx ca-certificates[109102]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:47.910742 osdx ubnt-cfgd[110100]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:47.918979 osdx ca-certificates[110105]: 1 added, 0 removed; done. Sep 05 09:49:47.921926 osdx ca-certificates[110112]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:47.924517 osdx ca-certificates[110114]: done. Sep 05 09:49:48.121895 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:48.122978 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:48.136992 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:48.148495 osdx dnscrypt-proxy[110224]: dnscrypt-proxy 2.0.45 Sep 05 09:49:48.148591 osdx dnscrypt-proxy[110224]: Network connectivity detected Sep 05 09:49:48.148886 osdx dnscrypt-proxy[110224]: Dropping privileges Sep 05 09:49:48.152635 osdx dnscrypt-proxy[110224]: Network connectivity detected Sep 05 09:49:48.152917 osdx dnscrypt-proxy[110224]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:49:48.152978 osdx dnscrypt-proxy[110224]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:49:48.153073 osdx dnscrypt-proxy[110224]: Firefox workaround initialized Sep 05 09:49:48.153128 osdx dnscrypt-proxy[110224]: Loading the set of cloaking rules from [/tmp/tmpi8j_7elm] Sep 05 09:49:48.160870 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:48.335421 osdx dnscrypt-proxy[110224]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Sep 05 09:49:48.335438 osdx dnscrypt-proxy[110224]: [RD] OK (DoH) - rtt: 115ms Sep 05 09:49:48.335447 osdx dnscrypt-proxy[110224]: Server with the lowest initial latency: RD (rtt: 115ms) Sep 05 09:49:48.335452 osdx dnscrypt-proxy[110224]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:49:53.329844 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:49:55.410437 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Sep 05 09:49:55.622318 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:49:55.625568 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:49:55.625636 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:49:55.632434 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:49:55.888824 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:55.958683 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:49:56.069729 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:49:56.144752 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:56.242108 osdx ubnt-cfgd[110298]: inactive Sep 05 09:49:56.263844 osdx dnscrypt-proxy[110224]: Stopped. Sep 05 09:49:56.263937 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:49:56.264933 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:49:56.265053 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:49:56.345832 osdx ca-certificates[110384]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:49:56.623323 osdx ca-certificates[110953]: done. Sep 05 09:49:56.627401 osdx ca-certificates[110962]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:57.072389 osdx ubnt-cfgd[111808]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:57.081730 osdx ca-certificates[111813]: 140 added, 0 removed; done. Sep 05 09:49:57.085521 osdx ca-certificates[111820]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:57.089865 osdx ca-certificates[111822]: done. Sep 05 09:49:57.105429 osdx INFO[111825]: FRR daemons did not change Sep 05 09:49:57.105994 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:49:57.108017 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:49:57.138757 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:49:58.424321 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:49:58.493423 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:49:58.593935 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:49:58.658996 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:49:58.760214 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:49:58.821948 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:49:58.919224 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Sep 05 09:49:58.976739 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Sep 05 09:49:59.070051 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:49:59.143238 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:49:59.276448 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:49:59.357079 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:49:59.456226 osdx ubnt-cfgd[111862]: inactive Sep 05 09:49:59.478559 osdx INFO[111872]: FRR daemons did not change Sep 05 09:49:59.492221 osdx ca-certificates[111887]: Updating certificates in /etc/ssl/certs... Sep 05 09:49:59.961525 osdx ubnt-cfgd[112886]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:49:59.968798 osdx ca-certificates[112892]: 1 added, 0 removed; done. Sep 05 09:49:59.971600 osdx ca-certificates[112898]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:49:59.974451 osdx ca-certificates[112900]: done. Sep 05 09:50:00.205946 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:00.207090 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:00.218283 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:00.228106 osdx dnscrypt-proxy[113010]: dnscrypt-proxy 2.0.45 Sep 05 09:50:00.228450 osdx dnscrypt-proxy[113010]: Network connectivity detected Sep 05 09:50:00.228716 osdx dnscrypt-proxy[113010]: Dropping privileges Sep 05 09:50:00.231501 osdx dnscrypt-proxy[113010]: Network connectivity detected Sep 05 09:50:00.231533 osdx dnscrypt-proxy[113010]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:50:00.231538 osdx dnscrypt-proxy[113010]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:50:00.231562 osdx dnscrypt-proxy[113010]: Firefox workaround initialized Sep 05 09:50:00.231567 osdx dnscrypt-proxy[113010]: Loading the set of cloaking rules from [/tmp/tmpkvi3ln5y] Sep 05 09:50:00.234823 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:00.421096 osdx dnscrypt-proxy[113010]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Sep 05 09:50:00.421119 osdx dnscrypt-proxy[113010]: [RD] OK (DoH) - rtt: 121ms Sep 05 09:50:00.421130 osdx dnscrypt-proxy[113010]: Server with the lowest initial latency: RD (rtt: 121ms) Sep 05 09:50:00.421136 osdx dnscrypt-proxy[113010]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:50:03.030863 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Sep 05 09:50:05.403551 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:50:07.489948 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Sep 05 09:50:07.706622 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:50:07.709560 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:50:07.709621 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:50:07.717743 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:50:07.970255 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:08.028144 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:50:08.139469 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:50:08.199844 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:08.311732 osdx ubnt-cfgd[113089]: inactive Sep 05 09:50:08.330819 osdx dnscrypt-proxy[113010]: Stopped. Sep 05 09:50:08.330840 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:50:08.332097 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:50:08.332192 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:08.402850 osdx ca-certificates[113175]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:50:08.658566 osdx ca-certificates[113744]: done. Sep 05 09:50:08.663472 osdx ca-certificates[113752]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:09.072696 osdx ubnt-cfgd[114599]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:09.080603 osdx ca-certificates[114604]: 140 added, 0 removed; done. Sep 05 09:50:09.083393 osdx ca-certificates[114611]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:09.087164 osdx ca-certificates[114613]: done. Sep 05 09:50:09.106603 osdx INFO[114616]: FRR daemons did not change Sep 05 09:50:09.107071 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:09.108847 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:09.126635 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:10.454336 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:10.527713 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:50:10.620040 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:50:10.683697 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:50:10.772223 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:50:10.830144 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:50:10.924889 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Sep 05 09:50:10.980378 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Sep 05 09:50:11.074074 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:50:11.146396 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:50:11.241305 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:50:11.350611 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:11.468935 osdx ubnt-cfgd[114654]: inactive Sep 05 09:50:11.494270 osdx INFO[114664]: FRR daemons did not change Sep 05 09:50:11.507544 osdx ca-certificates[114680]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:11.976987 osdx ubnt-cfgd[115678]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:11.984165 osdx ca-certificates[115684]: 1 added, 0 removed; done. Sep 05 09:50:11.987120 osdx ca-certificates[115690]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:11.989899 osdx ca-certificates[115692]: done. Sep 05 09:50:12.165853 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:12.166840 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:12.180673 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:12.189840 osdx dnscrypt-proxy[115802]: dnscrypt-proxy 2.0.45 Sep 05 09:50:12.189910 osdx dnscrypt-proxy[115802]: Network connectivity detected Sep 05 09:50:12.190162 osdx dnscrypt-proxy[115802]: Dropping privileges Sep 05 09:50:12.192774 osdx dnscrypt-proxy[115802]: Network connectivity detected Sep 05 09:50:12.192809 osdx dnscrypt-proxy[115802]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:50:12.192814 osdx dnscrypt-proxy[115802]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:50:12.192846 osdx dnscrypt-proxy[115802]: Firefox workaround initialized Sep 05 09:50:12.192851 osdx dnscrypt-proxy[115802]: Loading the set of cloaking rules from [/tmp/tmp7aylrao2] Sep 05 09:50:12.197324 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:12.372946 osdx dnscrypt-proxy[115802]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Sep 05 09:50:12.372959 osdx dnscrypt-proxy[115802]: [RD] OK (DoH) - rtt: 112ms Sep 05 09:50:12.372966 osdx dnscrypt-proxy[115802]: Server with the lowest initial latency: RD (rtt: 112ms) Sep 05 09:50:12.372972 osdx dnscrypt-proxy[115802]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:50:17.357453 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:50:19.448205 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Sep 05 09:50:19.659303 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:50:19.661559 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:50:19.661610 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:50:19.670331 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:50:20.013867 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:20.078481 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:50:20.207895 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:50:20.273058 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:20.368789 osdx ubnt-cfgd[115877]: inactive Sep 05 09:50:20.387589 osdx dnscrypt-proxy[115802]: Stopped. Sep 05 09:50:20.387644 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:50:20.388475 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:50:20.388573 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:20.466976 osdx ca-certificates[115963]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:50:20.740321 osdx ca-certificates[116533]: done. Sep 05 09:50:20.743762 osdx ca-certificates[116540]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:21.168454 osdx ubnt-cfgd[117387]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:21.176486 osdx ca-certificates[117393]: 140 added, 0 removed; done. Sep 05 09:50:21.179231 osdx ca-certificates[117399]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:21.181921 osdx ca-certificates[117401]: done. Sep 05 09:50:21.196607 osdx INFO[117404]: FRR daemons did not change Sep 05 09:50:21.196850 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:21.234945 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:21.269087 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:22.569035 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:22.635270 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:50:22.735425 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:50:22.800077 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:50:22.885402 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:50:22.943728 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:50:23.041143 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Sep 05 09:50:23.100353 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Sep 05 09:50:23.195535 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:50:23.271648 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:50:23.356489 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:50:23.435247 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:23.533884 osdx ubnt-cfgd[117441]: inactive Sep 05 09:50:23.559551 osdx INFO[117451]: FRR daemons did not change Sep 05 09:50:23.572447 osdx ca-certificates[117466]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:24.044771 osdx ubnt-cfgd[118465]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:24.053513 osdx ca-certificates[118471]: 1 added, 0 removed; done. Sep 05 09:50:24.056387 osdx ca-certificates[118477]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:24.059226 osdx ca-certificates[118479]: done. Sep 05 09:50:24.229949 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:24.231218 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:24.245048 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:24.252181 osdx dnscrypt-proxy[118589]: dnscrypt-proxy 2.0.45 Sep 05 09:50:24.252257 osdx dnscrypt-proxy[118589]: Network connectivity detected Sep 05 09:50:24.252483 osdx dnscrypt-proxy[118589]: Dropping privileges Sep 05 09:50:24.255051 osdx dnscrypt-proxy[118589]: Network connectivity detected Sep 05 09:50:24.255084 osdx dnscrypt-proxy[118589]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:50:24.255090 osdx dnscrypt-proxy[118589]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:50:24.255114 osdx dnscrypt-proxy[118589]: Firefox workaround initialized Sep 05 09:50:24.255119 osdx dnscrypt-proxy[118589]: Loading the set of cloaking rules from [/tmp/tmpj2ups3hk] Sep 05 09:50:24.265336 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:24.469239 osdx dnscrypt-proxy[118589]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Sep 05 09:50:24.469278 osdx dnscrypt-proxy[118589]: [RD] OK (DoH) - rtt: 136ms Sep 05 09:50:24.469298 osdx dnscrypt-proxy[118589]: Server with the lowest initial latency: RD (rtt: 136ms) Sep 05 09:50:24.469313 osdx dnscrypt-proxy[118589]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:50:29.426764 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:50:31.505358 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Sep 05 09:50:31.724047 osdx systemd-journald[1764]: Runtime Journal (/run/log/journal/8e652e5518b84f0bb5a60f6ad502329f) is 1.8M, max 13.8M, 11.9M free. Sep 05 09:50:31.725563 osdx systemd-journald[1764]: Received client request to rotate journal, rotating. Sep 05 09:50:31.725626 osdx systemd-journald[1764]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8e652e5518b84f0bb5a60f6ad502329f. Sep 05 09:50:31.733307 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'system journal clear'. Sep 05 09:50:31.988927 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:32.046048 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'delete '. Sep 05 09:50:32.161901 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Sep 05 09:50:32.222988 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:32.319363 osdx ubnt-cfgd[118664]: inactive Sep 05 09:50:32.337895 osdx dnscrypt-proxy[118589]: Stopped. Sep 05 09:50:32.337979 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Sep 05 09:50:32.339175 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Sep 05 09:50:32.339274 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:32.423145 osdx ca-certificates[118750]: Clearing symlinks in /etc/ssl/certs... Sep 05 09:50:32.657490 osdx ca-certificates[119319]: done. Sep 05 09:50:32.660231 osdx ca-certificates[119328]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:33.051126 osdx ubnt-cfgd[120174]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:33.059067 osdx ca-certificates[120180]: 140 added, 0 removed; done. Sep 05 09:50:33.061890 osdx ca-certificates[120186]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:33.064750 osdx ca-certificates[120188]: done. Sep 05 09:50:33.078496 osdx INFO[120191]: FRR daemons did not change Sep 05 09:50:33.078975 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:33.080985 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:33.097657 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:34.334029 osdx OSDxCLI[2038]: User 'admin' entered the configuration menu. Sep 05 09:50:34.394757 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Sep 05 09:50:34.509165 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Sep 05 09:50:34.585184 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Sep 05 09:50:34.676918 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Sep 05 09:50:34.736542 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 3da01845fbcfc1579f9eca2d995ba22ecb78951c4fead8f8e986fc6d1e954848'. Sep 05 09:50:34.838194 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Sep 05 09:50:34.896139 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Sep 05 09:50:34.990611 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Sep 05 09:50:35.064200 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Sep 05 09:50:35.151652 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Sep 05 09:50:35.223765 osdx OSDxCLI[2038]: User 'admin' added a new cfg line: 'show working'. Sep 05 09:50:35.321951 osdx ubnt-cfgd[120229]: inactive Sep 05 09:50:35.345263 osdx INFO[120239]: FRR daemons did not change Sep 05 09:50:35.358140 osdx ca-certificates[120255]: Updating certificates in /etc/ssl/certs... Sep 05 09:50:35.871708 osdx ubnt-cfgd[121253]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Sep 05 09:50:35.880460 osdx ca-certificates[121259]: 1 added, 0 removed; done. Sep 05 09:50:35.883640 osdx ca-certificates[121265]: Running hooks in /etc/ca-certificates/update.d... Sep 05 09:50:35.886345 osdx ca-certificates[121267]: done. Sep 05 09:50:36.053903 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Sep 05 09:50:36.055148 osdx cfgd[1461]: [2038]Completed change to active configuration Sep 05 09:50:36.066270 osdx OSDxCLI[2038]: User 'admin' committed the configuration. Sep 05 09:50:36.081487 osdx dnscrypt-proxy[121377]: dnscrypt-proxy 2.0.45 Sep 05 09:50:36.081625 osdx dnscrypt-proxy[121377]: Network connectivity detected Sep 05 09:50:36.082005 osdx dnscrypt-proxy[121377]: Dropping privileges Sep 05 09:50:36.085780 osdx dnscrypt-proxy[121377]: Network connectivity detected Sep 05 09:50:36.085839 osdx dnscrypt-proxy[121377]: Now listening to 127.0.0.1:53 [UDP] Sep 05 09:50:36.085849 osdx dnscrypt-proxy[121377]: Now listening to 127.0.0.1:53 [TCP] Sep 05 09:50:36.085895 osdx dnscrypt-proxy[121377]: Firefox workaround initialized Sep 05 09:50:36.085905 osdx dnscrypt-proxy[121377]: Loading the set of cloaking rules from [/tmp/tmpsul8d3dr] Sep 05 09:50:36.111714 osdx OSDxCLI[2038]: User 'admin' left the configuration menu. Sep 05 09:50:36.278909 osdx dnscrypt-proxy[121377]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Sep 05 09:50:36.278927 osdx dnscrypt-proxy[121377]: [RD] OK (DoH) - rtt: 118ms Sep 05 09:50:36.278936 osdx dnscrypt-proxy[121377]: Server with the lowest initial latency: RD (rtt: 118ms) Sep 05 09:50:36.278942 osdx dnscrypt-proxy[121377]: dnscrypt-proxy is ready - live servers: 1 Sep 05 09:50:41.272523 osdx OSDxCLI[2038]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Sep 05 09:50:43.361841 osdx OSDxCLI[2038]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.