Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 24 15:19:02.000199 osdx systemd-timedated[408768]: Changed local time to Tue 2025-06-24 15:19:02 UTC
Jun 24 15:19:02.001351 osdx systemd-journald[165652]: Time jumped backwards, rotating.
Jun 24 15:19:02.001552 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:19:02'.
Jun 24 15:19:02.334306 osdx sudo[480378]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:02.338237 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:19:02.341358 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:19:02.341423 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:19:02.343781 osdx sudo[480377]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:02.350850 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:19:02.575887 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 24 15:19:02.881094 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:02.966195 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:03.050113 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:03.121816 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:03.256666 osdx ubnt-cfgd[480402]: inactive
Jun 24 15:19:03.280231 osdx INFO[480410]: FRR daemons did not change
Jun 24 15:19:03.301361 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:19:03.374694 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:03.386811 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:03.405010 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:03.539774 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 24 15:19:03.694558 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:03.766930 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:19:03.891068 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:19:03.974889 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:19:04.087257 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:19:04.151169 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:19:04.253524 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 24 15:19:04.312889 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:19:04.447167 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:04.555499 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:04.653466 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:04.800834 osdx ubnt-cfgd[480571]: inactive
Jun 24 15:19:04.822686 osdx INFO[480579]: FRR daemons did not change
Jun 24 15:19:04.827438 osdx sudo[480582]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:04.836416 osdx ca-certificates[480595]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:05.372420 osdx ubnt-cfgd[481593]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:05.380732 osdx ca-certificates[481600]: 1 added, 0 removed; done.
Jun 24 15:19:05.383625 osdx ca-certificates[481605]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:05.386563 osdx ca-certificates[481607]: done.
Jun 24 15:19:05.474004 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:05.475570 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:05.477667 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:05.496212 osdx dnscrypt-proxy[481611]: dnscrypt-proxy 2.0.45
Jun 24 15:19:05.496289 osdx dnscrypt-proxy[481611]: Network connectivity detected
Jun 24 15:19:05.496548 osdx dnscrypt-proxy[481611]: Dropping privileges
Jun 24 15:19:05.499927 osdx dnscrypt-proxy[481611]: Network connectivity detected
Jun 24 15:19:05.499967 osdx dnscrypt-proxy[481611]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:19:05.499972 osdx dnscrypt-proxy[481611]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:19:05.500021 osdx dnscrypt-proxy[481611]: Firefox workaround initialized
Jun 24 15:19:05.500026 osdx dnscrypt-proxy[481611]: Loading the set of cloaking rules from [/tmp/tmpz725v6g8]
Jun 24 15:19:05.513633 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:05.674128 osdx dnscrypt-proxy[481611]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 24 15:19:05.674141 osdx dnscrypt-proxy[481611]: [RD] OK (DoH) - rtt: 112ms
Jun 24 15:19:05.674148 osdx dnscrypt-proxy[481611]: Server with the lowest initial latency: RD (rtt: 112ms)
Jun 24 15:19:05.674152 osdx dnscrypt-proxy[481611]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:19:10.669450 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:19:12.763468 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 24 15:19:20.339593 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free.
Jun 24 15:19:20.340233 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:19:20.340275 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:19:20.345437 osdx sudo[483276]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:20.352465 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:19:20.570260 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 24 15:19:20.813479 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:20.897788 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:20.980143 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:21.053022 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:21.149333 osdx ubnt-cfgd[483301]: inactive
Jun 24 15:19:21.172612 osdx INFO[483309]: FRR daemons did not change
Jun 24 15:19:21.192012 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:19:21.271355 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:21.283391 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:21.304725 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:21.476927 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 24 15:19:21.705503 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:21.770354 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:19:21.882652 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:19:21.985855 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:19:22.046228 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:19:22.151511 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:19:22.222926 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 24 15:19:22.288867 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:19:22.404665 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:22.461575 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:22.584760 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:22.654707 osdx ubnt-cfgd[483470]: inactive
Jun 24 15:19:22.673864 osdx INFO[483478]: FRR daemons did not change
Jun 24 15:19:22.677576 osdx sudo[483481]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:22.686372 osdx ca-certificates[483494]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:23.182862 osdx ubnt-cfgd[484492]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:23.190191 osdx ca-certificates[484498]: 1 added, 0 removed; done.
Jun 24 15:19:23.193063 osdx ca-certificates[484504]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:23.196940 osdx ca-certificates[484506]: done.
Jun 24 15:19:23.264268 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:23.265496 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:23.267487 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:23.284589 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:23.288085 osdx dnscrypt-proxy[484510]: dnscrypt-proxy 2.0.45
Jun 24 15:19:23.288157 osdx dnscrypt-proxy[484510]: Network connectivity detected
Jun 24 15:19:23.288396 osdx dnscrypt-proxy[484510]: Dropping privileges
Jun 24 15:19:23.291381 osdx dnscrypt-proxy[484510]: Network connectivity detected
Jun 24 15:19:23.291415 osdx dnscrypt-proxy[484510]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:19:23.291420 osdx dnscrypt-proxy[484510]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:19:23.291439 osdx dnscrypt-proxy[484510]: Firefox workaround initialized
Jun 24 15:19:23.291444 osdx dnscrypt-proxy[484510]: Loading the set of cloaking rules from [/tmp/tmpaxuzk9yb]
Jun 24 15:19:24.352612 osdx dnscrypt-proxy[484510]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 24 15:19:24.352634 osdx dnscrypt-proxy[484510]: [RD] OK (DoH) - rtt: 117ms
Jun 24 15:19:24.352644 osdx dnscrypt-proxy[484510]: Server with the lowest initial latency: RD (rtt: 117ms)
Jun 24 15:19:24.352649 osdx dnscrypt-proxy[484510]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:19:28.436881 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:19:30.526646 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 24 15:19:30.744897 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:19:30.747988 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:19:30.748067 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:19:30.749458 osdx sudo[484549]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:30.755617 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:19:31.019297 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:31.126032 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:19:31.204462 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:19:31.325128 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:31.402351 osdx ubnt-cfgd[484569]: inactive
Jun 24 15:19:31.421943 osdx dnscrypt-proxy[484510]: Stopped.
Jun 24 15:19:31.422005 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:19:31.423143 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:19:31.423244 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:31.487574 osdx sudo[484639]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:31.496840 osdx ca-certificates[484655]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:19:31.756105 osdx ca-certificates[485224]: done.
Jun 24 15:19:31.759399 osdx ca-certificates[485234]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:32.175086 osdx ubnt-cfgd[486079]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:32.183244 osdx ca-certificates[486084]: 140 added, 0 removed; done.
Jun 24 15:19:32.186959 osdx ca-certificates[486091]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:32.190485 osdx ca-certificates[486093]: done.
Jun 24 15:19:32.207260 osdx INFO[486096]: FRR daemons did not change
Jun 24 15:19:32.207504 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:32.209749 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:32.247289 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:33.630365 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:33.694459 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:19:33.804529 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:19:33.878785 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:19:33.969012 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:19:34.043461 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:19:34.133092 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 24 15:19:34.226488 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:19:34.304164 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:34.385123 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:34.467633 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:34.554695 osdx ubnt-cfgd[486131]: inactive
Jun 24 15:19:34.581378 osdx INFO[486141]: FRR daemons did not change
Jun 24 15:19:34.586546 osdx sudo[486144]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:34.597010 osdx ca-certificates[486157]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:35.093599 osdx ubnt-cfgd[487155]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:35.101890 osdx ca-certificates[487160]: 1 added, 0 removed; done.
Jun 24 15:19:35.105891 osdx ca-certificates[487167]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:35.109722 osdx ca-certificates[487169]: done.
Jun 24 15:19:35.131991 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:19:35.292286 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:35.293800 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:35.305772 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:35.316547 osdx dnscrypt-proxy[487279]: dnscrypt-proxy 2.0.45
Jun 24 15:19:35.316623 osdx dnscrypt-proxy[487279]: Network connectivity detected
Jun 24 15:19:35.316872 osdx dnscrypt-proxy[487279]: Dropping privileges
Jun 24 15:19:35.319355 osdx dnscrypt-proxy[487279]: Network connectivity detected
Jun 24 15:19:35.319383 osdx dnscrypt-proxy[487279]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:19:35.319387 osdx dnscrypt-proxy[487279]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:19:35.319408 osdx dnscrypt-proxy[487279]: Firefox workaround initialized
Jun 24 15:19:35.319413 osdx dnscrypt-proxy[487279]: Loading the set of cloaking rules from [/tmp/tmpmv5sp7p3]
Jun 24 15:19:35.334619 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:35.507109 osdx dnscrypt-proxy[487279]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 24 15:19:35.507126 osdx dnscrypt-proxy[487279]: [RD] OK (DoH) - rtt: 124ms
Jun 24 15:19:35.507136 osdx dnscrypt-proxy[487279]: Server with the lowest initial latency: RD (rtt: 124ms)
Jun 24 15:19:35.507141 osdx dnscrypt-proxy[487279]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:19:40.476676 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:19:42.576129 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 24 15:19:42.822463 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:19:42.823988 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:19:42.824053 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:19:42.827448 osdx sudo[487335]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:42.834135 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:19:43.132517 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:43.194329 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:19:43.303862 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:19:43.370298 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:43.474272 osdx ubnt-cfgd[487355]: inactive
Jun 24 15:19:43.494271 osdx dnscrypt-proxy[487279]: Stopped.
Jun 24 15:19:43.494301 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:19:43.495457 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:19:43.495552 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:43.561271 osdx sudo[487425]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:43.569922 osdx ca-certificates[487441]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:19:43.829646 osdx ca-certificates[488010]: done.
Jun 24 15:19:43.833563 osdx ca-certificates[488020]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:44.267868 osdx ubnt-cfgd[488865]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:44.276654 osdx ca-certificates[488871]: 140 added, 0 removed; done.
Jun 24 15:19:44.279718 osdx ca-certificates[488877]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:44.283165 osdx ca-certificates[488879]: done.
Jun 24 15:19:44.297786 osdx INFO[488882]: FRR daemons did not change
Jun 24 15:19:44.298307 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:44.300282 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:44.333949 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:45.612805 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:45.674505 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:19:45.804204 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:19:45.881938 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:19:45.982188 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:19:46.086149 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:19:46.143671 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 24 15:19:46.239064 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:19:46.313767 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:46.397551 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:46.468513 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:46.564291 osdx ubnt-cfgd[488916]: inactive
Jun 24 15:19:46.596672 osdx INFO[488926]: FRR daemons did not change
Jun 24 15:19:46.602759 osdx sudo[488929]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:46.611941 osdx ca-certificates[488942]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:47.123534 osdx ubnt-cfgd[489940]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:47.132810 osdx ca-certificates[489946]: 1 added, 0 removed; done.
Jun 24 15:19:47.135695 osdx ca-certificates[489952]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:47.138524 osdx ca-certificates[489954]: done.
Jun 24 15:19:47.164039 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:19:47.328277 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:47.329339 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:47.340473 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:47.352684 osdx dnscrypt-proxy[490064]: dnscrypt-proxy 2.0.45
Jun 24 15:19:47.352757 osdx dnscrypt-proxy[490064]: Network connectivity detected
Jun 24 15:19:47.352965 osdx dnscrypt-proxy[490064]: Dropping privileges
Jun 24 15:19:47.355546 osdx dnscrypt-proxy[490064]: Network connectivity detected
Jun 24 15:19:47.355584 osdx dnscrypt-proxy[490064]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:19:47.355588 osdx dnscrypt-proxy[490064]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:19:47.355605 osdx dnscrypt-proxy[490064]: Firefox workaround initialized
Jun 24 15:19:47.355610 osdx dnscrypt-proxy[490064]: Loading the set of cloaking rules from [/tmp/tmpjqvt4uj7]
Jun 24 15:19:47.379988 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:47.518864 osdx dnscrypt-proxy[490064]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 24 15:19:47.518886 osdx dnscrypt-proxy[490064]: [RD] OK (DoH) - rtt: 105ms
Jun 24 15:19:47.518896 osdx dnscrypt-proxy[490064]: Server with the lowest initial latency: RD (rtt: 105ms)
Jun 24 15:19:47.518901 osdx dnscrypt-proxy[490064]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:19:47.538989 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 24 15:19:54.000443 osdx systemd-timedated[491742]: Changed local time to Tue 2025-06-24 15:19:54 UTC
Jun 24 15:19:54.002345 osdx systemd-journald[165652]: Time jumped backwards, rotating.
Jun 24 15:19:54.002469 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:19:54'.
Jun 24 15:19:54.341569 osdx sudo[491746]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:54.344762 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:19:54.346347 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:19:54.346395 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:19:54.348834 osdx sudo[491745]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:54.354604 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:19:54.594343 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 24 15:19:54.838483 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:54.927864 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:55.040677 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:55.107435 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:55.206959 osdx ubnt-cfgd[491770]: inactive
Jun 24 15:19:55.228002 osdx INFO[491778]: FRR daemons did not change
Jun 24 15:19:55.246370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:19:55.323082 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:55.334984 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:55.352689 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:19:55.538753 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 24 15:19:55.786801 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:19:55.861284 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:19:55.984800 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:19:56.053482 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:19:56.197260 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:19:56.324085 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:19:56.433028 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:19:56.488590 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:19:56.606634 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:19:56.675019 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:19:56.793032 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:19:56.867700 osdx ubnt-cfgd[491939]: inactive
Jun 24 15:19:56.939686 osdx INFO[491947]: FRR daemons did not change
Jun 24 15:19:56.943549 osdx sudo[491950]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:19:56.953493 osdx ca-certificates[491962]: Updating certificates in /etc/ssl/certs...
Jun 24 15:19:57.447920 osdx ubnt-cfgd[492961]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:19:57.455677 osdx ca-certificates[492966]: 1 added, 0 removed; done.
Jun 24 15:19:57.458737 osdx ca-certificates[492973]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:19:57.461512 osdx ca-certificates[492975]: done.
Jun 24 15:19:57.518765 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:19:57.520149 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:19:57.522569 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:19:57.543228 osdx dnscrypt-proxy[492979]: dnscrypt-proxy 2.0.45
Jun 24 15:19:57.543292 osdx dnscrypt-proxy[492979]: Network connectivity detected
Jun 24 15:19:57.543519 osdx dnscrypt-proxy[492979]: Dropping privileges
Jun 24 15:19:57.546200 osdx dnscrypt-proxy[492979]: Network connectivity detected
Jun 24 15:19:57.546234 osdx dnscrypt-proxy[492979]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:19:57.546239 osdx dnscrypt-proxy[492979]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:19:57.546258 osdx dnscrypt-proxy[492979]: Firefox workaround initialized
Jun 24 15:19:57.546262 osdx dnscrypt-proxy[492979]: Loading the set of cloaking rules from [/tmp/tmpzkno_3r6]
Jun 24 15:19:57.547263 osdx dnscrypt-proxy[492979]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 24 15:19:57.554020 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 24 15:20:05.367067 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free.
Jun 24 15:20:05.367556 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:05.367586 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:05.372508 osdx sudo[494636]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:05.379433 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:05.648086 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 24 15:20:05.895853 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:05.974140 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:06.074210 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:06.153829 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:06.249388 osdx ubnt-cfgd[494661]: inactive
Jun 24 15:20:06.269250 osdx INFO[494669]: FRR daemons did not change
Jun 24 15:20:06.287500 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:06.357474 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:06.370302 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:06.388828 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:06.538004 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 24 15:20:06.738058 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:06.800733 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:06.914971 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:06.979312 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:07.074586 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:07.175540 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:07.230200 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:20:07.325938 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:07.400157 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:07.493555 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:07.570066 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:07.658522 osdx ubnt-cfgd[494830]: inactive
Jun 24 15:20:07.682248 osdx INFO[494838]: FRR daemons did not change
Jun 24 15:20:07.686915 osdx sudo[494841]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:07.699255 osdx ca-certificates[494854]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:08.181084 osdx ubnt-cfgd[495852]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:08.188588 osdx ca-certificates[495858]: 1 added, 0 removed; done.
Jun 24 15:20:08.191611 osdx ca-certificates[495864]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:08.194350 osdx ca-certificates[495866]: done.
Jun 24 15:20:08.271891 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:08.273445 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:08.277810 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:08.299825 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:08.301644 osdx dnscrypt-proxy[495870]: dnscrypt-proxy 2.0.45
Jun 24 15:20:08.301718 osdx dnscrypt-proxy[495870]: Network connectivity detected
Jun 24 15:20:08.302005 osdx dnscrypt-proxy[495870]: Dropping privileges
Jun 24 15:20:08.304821 osdx dnscrypt-proxy[495870]: Network connectivity detected
Jun 24 15:20:08.304870 osdx dnscrypt-proxy[495870]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:08.304877 osdx dnscrypt-proxy[495870]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:08.304901 osdx dnscrypt-proxy[495870]: Firefox workaround initialized
Jun 24 15:20:08.304908 osdx dnscrypt-proxy[495870]: Loading the set of cloaking rules from [/tmp/tmpwdp_dkm_]
Jun 24 15:20:08.305714 osdx dnscrypt-proxy[495870]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 24 15:20:08.548690 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:20:08.551502 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:08.551565 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:08.552702 osdx sudo[495900]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:08.559283 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:08.816361 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:08.874398 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:20:08.985224 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:20:09.045953 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:09.137037 osdx ubnt-cfgd[495920]: inactive
Jun 24 15:20:09.159011 osdx dnscrypt-proxy[495870]: Stopped.
Jun 24 15:20:09.159087 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:20:09.160064 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:20:09.160186 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:09.222299 osdx sudo[495991]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:09.232703 osdx ca-certificates[496006]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:20:09.509306 osdx ca-certificates[496574]: done.
Jun 24 15:20:09.513204 osdx ca-certificates[496584]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:09.947997 osdx ubnt-cfgd[497430]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:09.959013 osdx ca-certificates[497436]: 140 added, 0 removed; done.
Jun 24 15:20:09.963028 osdx ca-certificates[497442]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:09.966589 osdx ca-certificates[497444]: done.
Jun 24 15:20:09.982164 osdx INFO[497447]: FRR daemons did not change
Jun 24 15:20:09.982669 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:09.984848 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:10.001617 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:11.345838 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:11.421857 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:11.575573 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:11.661451 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:11.758615 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:11.861453 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:11.992132 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 24 15:20:12.080797 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:12.154255 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:12.240393 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:12.311355 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:12.417072 osdx ubnt-cfgd[497481]: inactive
Jun 24 15:20:12.440667 osdx INFO[497491]: FRR daemons did not change
Jun 24 15:20:12.445569 osdx sudo[497494]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:12.454830 osdx ca-certificates[497507]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:12.949680 osdx ubnt-cfgd[498505]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:12.958184 osdx ca-certificates[498511]: 1 added, 0 removed; done.
Jun 24 15:20:12.961187 osdx ca-certificates[498517]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:12.965030 osdx ca-certificates[498519]: done.
Jun 24 15:20:12.983491 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:13.123939 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:13.125326 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:13.138660 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:13.150901 osdx dnscrypt-proxy[498629]: dnscrypt-proxy 2.0.45
Jun 24 15:20:13.150973 osdx dnscrypt-proxy[498629]: Network connectivity detected
Jun 24 15:20:13.151208 osdx dnscrypt-proxy[498629]: Dropping privileges
Jun 24 15:20:13.153579 osdx dnscrypt-proxy[498629]: Network connectivity detected
Jun 24 15:20:13.153633 osdx dnscrypt-proxy[498629]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:13.153638 osdx dnscrypt-proxy[498629]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:13.153658 osdx dnscrypt-proxy[498629]: Firefox workaround initialized
Jun 24 15:20:13.153663 osdx dnscrypt-proxy[498629]: Loading the set of cloaking rules from [/tmp/tmp6qhntslu]
Jun 24 15:20:13.154460 osdx dnscrypt-proxy[498629]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 24 15:20:13.155739 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 24 15:20:13.432565 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:20:13.435494 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:13.435559 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:13.436551 osdx sudo[498678]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:13.442876 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:13.720081 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:13.798511 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:20:13.913799 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:20:14.065322 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:14.180612 osdx ubnt-cfgd[498698]: inactive
Jun 24 15:20:14.204181 osdx dnscrypt-proxy[498629]: Stopped.
Jun 24 15:20:14.204216 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:20:14.205288 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:20:14.205415 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:14.276764 osdx sudo[498768]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:14.287044 osdx ca-certificates[498784]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:20:14.558435 osdx ca-certificates[499354]: done.
Jun 24 15:20:14.561707 osdx ca-certificates[499363]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:14.991611 osdx ubnt-cfgd[500208]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:14.999560 osdx ca-certificates[500215]: 140 added, 0 removed; done.
Jun 24 15:20:15.002691 osdx ca-certificates[500220]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:15.005402 osdx ca-certificates[500222]: done.
Jun 24 15:20:15.020741 osdx INFO[500225]: FRR daemons did not change
Jun 24 15:20:15.021024 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:15.023453 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:15.041074 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:16.378777 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:16.441434 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:16.561114 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:16.628858 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:16.728556 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:16.828526 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:16.888133 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:20:16.988626 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 24 15:20:17.043267 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:17.161854 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:17.219588 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:17.332491 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:17.406447 osdx ubnt-cfgd[500262]: inactive
Jun 24 15:20:17.430912 osdx INFO[500272]: FRR daemons did not change
Jun 24 15:20:17.435532 osdx sudo[500275]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:17.445239 osdx ca-certificates[500288]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:17.970312 osdx ubnt-cfgd[501286]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:17.978856 osdx ca-certificates[501291]: 1 added, 0 removed; done.
Jun 24 15:20:17.982160 osdx ca-certificates[501298]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:17.985566 osdx ca-certificates[501300]: done.
Jun 24 15:20:18.011499 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:18.175865 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:18.177112 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:18.190973 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:18.200480 osdx dnscrypt-proxy[501410]: dnscrypt-proxy 2.0.45
Jun 24 15:20:18.200552 osdx dnscrypt-proxy[501410]: Network connectivity detected
Jun 24 15:20:18.200784 osdx dnscrypt-proxy[501410]: Dropping privileges
Jun 24 15:20:18.203728 osdx dnscrypt-proxy[501410]: Network connectivity detected
Jun 24 15:20:18.203945 osdx dnscrypt-proxy[501410]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:18.204000 osdx dnscrypt-proxy[501410]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:18.204044 osdx dnscrypt-proxy[501410]: Firefox workaround initialized
Jun 24 15:20:18.204084 osdx dnscrypt-proxy[501410]: Loading the set of cloaking rules from [/tmp/tmpecf_3a01]
Jun 24 15:20:18.205135 osdx dnscrypt-proxy[501410]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 24 15:20:18.221686 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 24 15:20:25.000207 osdx systemd-timedated[491742]: Changed local time to Tue 2025-06-24 15:20:25 UTC
Jun 24 15:20:25.000864 osdx systemd-journald[165652]: Time jumped backwards, rotating.
Jun 24 15:20:25.001672 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'set date 2025-06-24 15:20:25'.
Jun 24 15:20:25.289225 osdx sudo[503087]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:25.292242 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.1M free.
Jun 24 15:20:25.292634 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:25.292665 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:25.297295 osdx sudo[503086]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:25.303124 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:25.517891 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 24 15:20:25.754376 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:25.829146 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:25.920422 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:25.986106 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:26.087797 osdx ubnt-cfgd[503111]: inactive
Jun 24 15:20:26.107410 osdx INFO[503119]: FRR daemons did not change
Jun 24 15:20:26.124563 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:26.198475 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:26.209475 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:26.227154 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:26.376741 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 24 15:20:26.545828 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:26.605072 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:26.719390 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:26.797132 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:26.890781 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:26.949960 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:27.047390 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:20:27.105360 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 24 15:20:27.199524 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:27.270044 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:27.355758 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:27.439817 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:27.544902 osdx ubnt-cfgd[503283]: inactive
Jun 24 15:20:27.562983 osdx INFO[503291]: FRR daemons did not change
Jun 24 15:20:27.566455 osdx sudo[503294]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:27.575075 osdx ca-certificates[503306]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:28.058500 osdx ubnt-cfgd[504305]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:28.066832 osdx ca-certificates[504311]: 1 added, 0 removed; done.
Jun 24 15:20:28.069981 osdx ca-certificates[504317]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:28.072836 osdx ca-certificates[504319]: done.
Jun 24 15:20:28.152925 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:28.155325 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:28.157716 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:28.184495 osdx dnscrypt-proxy[504323]: dnscrypt-proxy 2.0.45
Jun 24 15:20:28.184833 osdx dnscrypt-proxy[504323]: Network connectivity detected
Jun 24 15:20:28.186540 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:28.186874 osdx dnscrypt-proxy[504323]: Dropping privileges
Jun 24 15:20:28.189235 osdx dnscrypt-proxy[504323]: Network connectivity detected
Jun 24 15:20:28.189446 osdx dnscrypt-proxy[504323]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:28.189485 osdx dnscrypt-proxy[504323]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:28.189536 osdx dnscrypt-proxy[504323]: Firefox workaround initialized
Jun 24 15:20:28.189577 osdx dnscrypt-proxy[504323]: Loading the set of cloaking rules from [/tmp/tmpp_o5o6jb]
Jun 24 15:20:28.382911 osdx dnscrypt-proxy[504323]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 24 15:20:28.382930 osdx dnscrypt-proxy[504323]: [RD] OK (DoH) - rtt: 113ms
Jun 24 15:20:28.382939 osdx dnscrypt-proxy[504323]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 24 15:20:28.382944 osdx dnscrypt-proxy[504323]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:20:33.337470 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:20:35.441443 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 24 15:20:35.672543 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.3M, max 15.3M, 13.0M free.
Jun 24 15:20:35.676591 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:35.676675 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:35.678076 osdx sudo[504362]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:35.687023 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:36.008798 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:36.066793 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:20:36.179124 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:20:36.257969 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:36.360261 osdx ubnt-cfgd[504382]: inactive
Jun 24 15:20:36.379995 osdx dnscrypt-proxy[504323]: Stopped.
Jun 24 15:20:36.380057 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:20:36.381139 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:20:36.381253 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:36.448950 osdx sudo[504452]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:36.458225 osdx ca-certificates[504468]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:20:36.748543 osdx ca-certificates[505037]: done.
Jun 24 15:20:36.752540 osdx ca-certificates[505046]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:37.269449 osdx ubnt-cfgd[505892]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:37.280705 osdx ca-certificates[505897]: 140 added, 0 removed; done.
Jun 24 15:20:37.284633 osdx ca-certificates[505904]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:37.288535 osdx ca-certificates[505906]: done.
Jun 24 15:20:37.305640 osdx INFO[505909]: FRR daemons did not change
Jun 24 15:20:37.306086 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:37.308195 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:37.325786 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:38.959910 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:39.047036 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:39.140786 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:39.212035 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:39.310511 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:39.425730 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:39.481833 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:20:39.593536 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 24 15:20:39.650013 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:39.764989 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:39.819658 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:39.933590 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:40.002164 osdx ubnt-cfgd[505947]: inactive
Jun 24 15:20:40.026595 osdx INFO[505957]: FRR daemons did not change
Jun 24 15:20:40.030246 osdx sudo[505960]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:40.039795 osdx ca-certificates[505972]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:40.575617 osdx ubnt-cfgd[506971]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:40.583774 osdx ca-certificates[506977]: 1 added, 0 removed; done.
Jun 24 15:20:40.586763 osdx ca-certificates[506983]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:40.589507 osdx ca-certificates[506985]: done.
Jun 24 15:20:40.608567 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:40.744897 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:40.746782 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:40.775608 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:40.797979 osdx dnscrypt-proxy[507095]: dnscrypt-proxy 2.0.45
Jun 24 15:20:40.798286 osdx dnscrypt-proxy[507095]: Network connectivity detected
Jun 24 15:20:40.798512 osdx dnscrypt-proxy[507095]: Dropping privileges
Jun 24 15:20:40.801378 osdx dnscrypt-proxy[507095]: Network connectivity detected
Jun 24 15:20:40.801416 osdx dnscrypt-proxy[507095]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:40.801421 osdx dnscrypt-proxy[507095]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:40.801457 osdx dnscrypt-proxy[507095]: Firefox workaround initialized
Jun 24 15:20:40.801463 osdx dnscrypt-proxy[507095]: Loading the set of cloaking rules from [/tmp/tmpdxq8tpj6]
Jun 24 15:20:40.802233 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:40.964457 osdx dnscrypt-proxy[507095]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 24 15:20:40.964607 osdx dnscrypt-proxy[507095]: [RD] OK (DoH) - rtt: 106ms
Jun 24 15:20:40.964665 osdx dnscrypt-proxy[507095]: Server with the lowest initial latency: RD (rtt: 106ms)
Jun 24 15:20:40.964719 osdx dnscrypt-proxy[507095]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:20:45.954617 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:20:48.055527 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 24 15:20:48.286963 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.2M free.
Jun 24 15:20:48.288561 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:20:48.288619 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:20:48.291217 osdx sudo[507152]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:48.297508 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:20:48.558218 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:48.620537 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:20:48.749895 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:20:48.813520 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:48.911625 osdx ubnt-cfgd[507172]: inactive
Jun 24 15:20:48.933775 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:20:48.933779 osdx dnscrypt-proxy[507095]: Stopped.
Jun 24 15:20:48.934549 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:20:48.934647 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:48.997381 osdx sudo[507242]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:49.006233 osdx ca-certificates[507258]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:20:49.273728 osdx ca-certificates[507827]: done.
Jun 24 15:20:49.276546 osdx ca-certificates[507837]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:49.702575 osdx ubnt-cfgd[508682]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:49.710820 osdx ca-certificates[508688]: 140 added, 0 removed; done.
Jun 24 15:20:49.714526 osdx ca-certificates[508694]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:49.718219 osdx ca-certificates[508696]: done.
Jun 24 15:20:49.737456 osdx INFO[508699]: FRR daemons did not change
Jun 24 15:20:49.737744 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:49.739664 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:49.755783 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:51.023369 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:20:51.092967 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:20:51.209141 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:20:51.277033 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:20:51.373226 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:20:51.476684 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:20:51.536688 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 24 15:20:51.638574 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 24 15:20:51.695297 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:20:51.804325 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:20:51.861120 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:20:51.976429 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:20:52.043998 osdx ubnt-cfgd[508736]: inactive
Jun 24 15:20:52.066647 osdx INFO[508746]: FRR daemons did not change
Jun 24 15:20:52.070169 osdx sudo[508749]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:20:52.079878 osdx ca-certificates[508761]: Updating certificates in /etc/ssl/certs...
Jun 24 15:20:52.584764 osdx ubnt-cfgd[509760]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:20:52.593973 osdx ca-certificates[509765]: 1 added, 0 removed; done.
Jun 24 15:20:52.596947 osdx ca-certificates[509772]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:20:52.600195 osdx ca-certificates[509774]: done.
Jun 24 15:20:52.620567 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:20:52.752847 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:20:52.754195 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:20:52.766020 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:20:52.777915 osdx dnscrypt-proxy[509884]: dnscrypt-proxy 2.0.45
Jun 24 15:20:52.777990 osdx dnscrypt-proxy[509884]: Network connectivity detected
Jun 24 15:20:52.778208 osdx dnscrypt-proxy[509884]: Dropping privileges
Jun 24 15:20:52.780834 osdx dnscrypt-proxy[509884]: Network connectivity detected
Jun 24 15:20:52.780870 osdx dnscrypt-proxy[509884]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:20:52.780876 osdx dnscrypt-proxy[509884]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:20:52.780897 osdx dnscrypt-proxy[509884]: Firefox workaround initialized
Jun 24 15:20:52.780902 osdx dnscrypt-proxy[509884]: Loading the set of cloaking rules from [/tmp/tmphdl5i9hw]
Jun 24 15:20:52.786283 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:20:52.961516 osdx dnscrypt-proxy[509884]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 24 15:20:52.961529 osdx dnscrypt-proxy[509884]: [RD] OK (DoH) - rtt: 100ms
Jun 24 15:20:52.961536 osdx dnscrypt-proxy[509884]: Server with the lowest initial latency: RD (rtt: 100ms)
Jun 24 15:20:52.961540 osdx dnscrypt-proxy[509884]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:20:55.030796 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Jun 24 15:20:57.948483 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:21:00.040546 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 24 15:21:00.253463 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:21:00.256568 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:21:00.256645 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:21:00.258006 osdx sudo[509943]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:00.266086 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:21:00.570587 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:00.641144 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:21:00.776808 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:21:00.841032 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:00.951271 osdx ubnt-cfgd[509963]: inactive
Jun 24 15:21:00.974968 osdx dnscrypt-proxy[509884]: Stopped.
Jun 24 15:21:00.975031 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:21:00.976196 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:21:00.976340 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:01.046527 osdx sudo[510033]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:01.055097 osdx ca-certificates[510049]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:21:01.341150 osdx ca-certificates[510618]: done.
Jun 24 15:21:01.345199 osdx ca-certificates[510626]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:01.787077 osdx ubnt-cfgd[511473]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:01.795140 osdx ca-certificates[511479]: 140 added, 0 removed; done.
Jun 24 15:21:01.797971 osdx ca-certificates[511485]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:01.800691 osdx ca-certificates[511487]: done.
Jun 24 15:21:01.815138 osdx INFO[511490]: FRR daemons did not change
Jun 24 15:21:01.815501 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:01.817390 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:01.834567 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:02.047780 osdx CRON[511500]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:03.128146 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:03.191429 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:21:03.313167 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:21:03.401854 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:21:03.496373 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:21:03.598656 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:21:03.656337 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 24 15:21:03.756632 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 24 15:21:03.811473 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:21:03.933472 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:21:03.988641 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:21:04.106744 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:04.176759 osdx ubnt-cfgd[511530]: inactive
Jun 24 15:21:04.203782 osdx INFO[511540]: FRR daemons did not change
Jun 24 15:21:04.207590 osdx sudo[511543]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:04.216482 osdx ca-certificates[511556]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:04.757853 osdx ubnt-cfgd[512554]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:04.768688 osdx ca-certificates[512561]: 1 added, 0 removed; done.
Jun 24 15:21:04.772542 osdx ca-certificates[512566]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:04.776394 osdx ca-certificates[512568]: done.
Jun 24 15:21:04.796569 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:21:04.956986 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:04.958186 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:04.969768 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:04.986497 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:04.989547 osdx dnscrypt-proxy[512678]: dnscrypt-proxy 2.0.45
Jun 24 15:21:04.989606 osdx dnscrypt-proxy[512678]: Network connectivity detected
Jun 24 15:21:04.989840 osdx dnscrypt-proxy[512678]: Dropping privileges
Jun 24 15:21:04.992108 osdx dnscrypt-proxy[512678]: Network connectivity detected
Jun 24 15:21:04.992142 osdx dnscrypt-proxy[512678]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:21:04.992147 osdx dnscrypt-proxy[512678]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:21:04.992165 osdx dnscrypt-proxy[512678]: Firefox workaround initialized
Jun 24 15:21:04.992171 osdx dnscrypt-proxy[512678]: Loading the set of cloaking rules from [/tmp/tmpv977nejx]
Jun 24 15:21:05.215392 osdx dnscrypt-proxy[512678]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 24 15:21:05.215410 osdx dnscrypt-proxy[512678]: [RD] OK (DoH) - rtt: 137ms
Jun 24 15:21:05.215419 osdx dnscrypt-proxy[512678]: Server with the lowest initial latency: RD (rtt: 137ms)
Jun 24 15:21:05.215423 osdx dnscrypt-proxy[512678]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:21:10.140870 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:21:12.227403 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 24 15:21:12.465030 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:21:12.468567 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:21:12.468625 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:21:12.470161 osdx sudo[512735]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:12.476134 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:21:12.732768 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:12.795936 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:21:12.909691 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:21:12.980173 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:13.072723 osdx ubnt-cfgd[512755]: inactive
Jun 24 15:21:13.094563 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:21:13.094601 osdx dnscrypt-proxy[512678]: Stopped.
Jun 24 15:21:13.095480 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:21:13.095587 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:13.159768 osdx sudo[512825]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:13.168126 osdx ca-certificates[512841]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:21:13.450554 osdx ca-certificates[513410]: done.
Jun 24 15:21:13.453473 osdx ca-certificates[513419]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:13.902328 osdx ubnt-cfgd[514265]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:13.911570 osdx ca-certificates[514271]: 140 added, 0 removed; done.
Jun 24 15:21:13.914508 osdx ca-certificates[514277]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:13.918373 osdx ca-certificates[514279]: done.
Jun 24 15:21:13.933601 osdx INFO[514282]: FRR daemons did not change
Jun 24 15:21:13.934099 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:13.935983 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:13.967051 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:15.480196 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:15.581473 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:21:15.724242 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:21:15.820840 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:21:15.884204 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:21:15.989744 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:21:16.048349 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 24 15:21:16.151713 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 24 15:21:16.223094 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:21:16.328445 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:21:16.383431 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:21:16.503031 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:16.575029 osdx ubnt-cfgd[514319]: inactive
Jun 24 15:21:16.600389 osdx INFO[514329]: FRR daemons did not change
Jun 24 15:21:16.605405 osdx sudo[514332]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:16.615104 osdx ca-certificates[514345]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:17.157800 osdx ubnt-cfgd[515343]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:17.166140 osdx ca-certificates[515349]: 1 added, 0 removed; done.
Jun 24 15:21:17.169337 osdx ca-certificates[515355]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:17.173163 osdx ca-certificates[515357]: done.
Jun 24 15:21:17.192574 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:21:17.345001 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:17.346455 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:17.360613 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:17.373374 osdx dnscrypt-proxy[515467]: dnscrypt-proxy 2.0.45
Jun 24 15:21:17.373456 osdx dnscrypt-proxy[515467]: Network connectivity detected
Jun 24 15:21:17.373721 osdx dnscrypt-proxy[515467]: Dropping privileges
Jun 24 15:21:17.376596 osdx dnscrypt-proxy[515467]: Network connectivity detected
Jun 24 15:21:17.376643 osdx dnscrypt-proxy[515467]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:21:17.376648 osdx dnscrypt-proxy[515467]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:21:17.376669 osdx dnscrypt-proxy[515467]: Firefox workaround initialized
Jun 24 15:21:17.376678 osdx dnscrypt-proxy[515467]: Loading the set of cloaking rules from [/tmp/tmp3kiw6byk]
Jun 24 15:21:17.396001 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:17.549077 osdx dnscrypt-proxy[515467]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 24 15:21:17.549099 osdx dnscrypt-proxy[515467]: [RD] OK (DoH) - rtt: 120ms
Jun 24 15:21:17.549109 osdx dnscrypt-proxy[515467]: Server with the lowest initial latency: RD (rtt: 120ms)
Jun 24 15:21:17.549114 osdx dnscrypt-proxy[515467]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:21:17.560639 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 24 15:21:17.791169 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free.
Jun 24 15:21:17.792573 osdx systemd-journald[165652]: Received client request to rotate journal, rotating.
Jun 24 15:21:17.792621 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300.
Jun 24 15:21:17.796328 osdx sudo[515518]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:17.803679 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'system journal clear'.
Jun 24 15:21:18.093177 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:18.211525 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'delete '.
Jun 24 15:21:18.311958 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 24 15:21:18.385283 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:18.485088 osdx ubnt-cfgd[515538]: inactive
Jun 24 15:21:18.504229 osdx dnscrypt-proxy[515467]: Stopped.
Jun 24 15:21:18.504260 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 24 15:21:18.505352 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 24 15:21:18.505447 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:18.567160 osdx sudo[515608]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:18.576999 osdx ca-certificates[515624]: Clearing symlinks in /etc/ssl/certs...
Jun 24 15:21:18.839173 osdx ca-certificates[516193]: done.
Jun 24 15:21:18.844250 osdx ca-certificates[516202]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:19.261000 osdx ubnt-cfgd[517048]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:19.268615 osdx ca-certificates[517053]: 140 added, 0 removed; done.
Jun 24 15:21:19.271370 osdx ca-certificates[517060]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:19.273997 osdx ca-certificates[517062]: done.
Jun 24 15:21:19.288238 osdx INFO[517065]: FRR daemons did not change
Jun 24 15:21:19.288498 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:19.290474 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:19.306663 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:20.582056 osdx OSDxCLI[304734]: User 'admin' entered the configuration menu.
Jun 24 15:21:20.647358 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 24 15:21:20.748771 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 24 15:21:20.817576 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 24 15:21:20.940479 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 24 15:21:21.010250 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ce5bfb07edc17945305c52b77f54ddda93ca3edba3b5213add895927eb42f82a'.
Jun 24 15:21:21.099625 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 24 15:21:21.165499 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 24 15:21:21.263850 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 24 15:21:21.347248 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 24 15:21:21.430266 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 24 15:21:21.506017 osdx OSDxCLI[304734]: User 'admin' added a new cfg line: 'show working'.
Jun 24 15:21:21.613365 osdx ubnt-cfgd[517102]: inactive
Jun 24 15:21:21.635606 osdx INFO[517112]: FRR daemons did not change
Jun 24 15:21:21.640367 osdx sudo[517115]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Jun 24 15:21:21.649213 osdx ca-certificates[517128]: Updating certificates in /etc/ssl/certs...
Jun 24 15:21:22.139002 osdx ubnt-cfgd[518126]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 24 15:21:22.146864 osdx ca-certificates[518132]: 1 added, 0 removed; done.
Jun 24 15:21:22.149779 osdx ca-certificates[518138]: Running hooks in /etc/ca-certificates/update.d...
Jun 24 15:21:22.152736 osdx ca-certificates[518140]: done.
Jun 24 15:21:22.188598 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 24 15:21:22.356988 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 24 15:21:22.358651 osdx cfgd[1460]: [304734]Completed change to active configuration
Jun 24 15:21:22.386406 osdx OSDxCLI[304734]: User 'admin' committed the configuration.
Jun 24 15:21:22.418794 osdx dnscrypt-proxy[518250]: dnscrypt-proxy 2.0.45
Jun 24 15:21:22.418896 osdx dnscrypt-proxy[518250]: Network connectivity detected
Jun 24 15:21:22.419228 osdx dnscrypt-proxy[518250]: Dropping privileges
Jun 24 15:21:22.421828 osdx dnscrypt-proxy[518250]: Network connectivity detected
Jun 24 15:21:22.421863 osdx dnscrypt-proxy[518250]: Now listening to 127.0.0.1:53 [UDP]
Jun 24 15:21:22.421868 osdx dnscrypt-proxy[518250]: Now listening to 127.0.0.1:53 [TCP]
Jun 24 15:21:22.421888 osdx dnscrypt-proxy[518250]: Firefox workaround initialized
Jun 24 15:21:22.421894 osdx dnscrypt-proxy[518250]: Loading the set of cloaking rules from [/tmp/tmpsequiziq]
Jun 24 15:21:22.432001 osdx OSDxCLI[304734]: User 'admin' left the configuration menu.
Jun 24 15:21:22.620264 osdx dnscrypt-proxy[518250]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 24 15:21:22.620281 osdx dnscrypt-proxy[518250]: [RD] OK (DoH) - rtt: 113ms
Jun 24 15:21:22.620289 osdx dnscrypt-proxy[518250]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 24 15:21:22.620294 osdx dnscrypt-proxy[518250]: dnscrypt-proxy is ready - live servers: 1
Jun 24 15:21:27.579137 osdx OSDxCLI[304734]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 24 15:21:29.681754 osdx OSDxCLI[304734]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---