Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 10 22:49:07.314103 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:49:07.314542 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:49:07.314573 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:49:07.326526 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:49:07.538144 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 22:49:07.762956 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:07.838219 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:07.925006 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:07.996841 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:08.084154 osdx ubnt-cfgd[568133]: inactive Oct 10 22:49:08.105185 osdx INFO[568139]: FRR daemons did not change Oct 10 22:49:08.126231 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:49:08.169144 osdx WARNING[568207]: No supported link modes on interface eth0 Oct 10 22:49:08.170416 osdx modulelauncher[568207]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:08.170430 osdx modulelauncher[568207]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:08.171568 osdx modulelauncher[568207]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:08.171578 osdx modulelauncher[568207]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:08.209980 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:08.222362 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:08.263922 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:08.418380 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 22:49:08.583472 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:08.641664 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:49:08.737981 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:49:08.806244 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:49:08.908875 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:49:09.007099 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:49:09.060090 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 22:49:09.151901 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:49:09.223119 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:09.299795 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:09.386423 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:09.459948 osdx ubnt-cfgd[568305]: inactive Oct 10 22:49:09.480291 osdx INFO[568313]: FRR daemons did not change Oct 10 22:49:09.493808 osdx ca-certificates[568329]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:09.978413 osdx ubnt-cfgd[569341]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:09.985843 osdx ca-certificates[569346]: 1 added, 0 removed; done. Oct 10 22:49:09.988628 osdx ca-certificates[569353]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:09.991310 osdx ca-certificates[569355]: done. Oct 10 22:49:10.082512 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:10.083677 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:10.085892 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:10.101105 osdx dnscrypt-proxy[569359]: dnscrypt-proxy 2.0.45 Oct 10 22:49:10.101175 osdx dnscrypt-proxy[569359]: Network connectivity detected Oct 10 22:49:10.101341 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:10.101555 osdx dnscrypt-proxy[569359]: Dropping privileges Oct 10 22:49:10.104515 osdx dnscrypt-proxy[569359]: Network connectivity detected Oct 10 22:49:10.104551 osdx dnscrypt-proxy[569359]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:49:10.104556 osdx dnscrypt-proxy[569359]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:49:10.104576 osdx dnscrypt-proxy[569359]: Firefox workaround initialized Oct 10 22:49:10.104581 osdx dnscrypt-proxy[569359]: Loading the set of cloaking rules from [/tmp/tmpnrfxulvj] Oct 10 22:49:10.303659 osdx dnscrypt-proxy[569359]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 22:49:10.303685 osdx dnscrypt-proxy[569359]: [RD] OK (DoH) - rtt: 109ms Oct 10 22:49:10.303695 osdx dnscrypt-proxy[569359]: Server with the lowest initial latency: RD (rtt: 109ms) Oct 10 22:49:10.303700 osdx dnscrypt-proxy[569359]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:49:15.243303 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:49:17.323623 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 10 22:49:23.311509 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:49:23.313065 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:49:23.313119 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:49:23.322628 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:49:23.534513 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 22:49:23.814766 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:23.889696 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:23.984869 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:24.088964 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:24.201949 osdx ubnt-cfgd[571070]: inactive Oct 10 22:49:24.219405 osdx INFO[571076]: FRR daemons did not change Oct 10 22:49:24.241069 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:49:24.280417 osdx WARNING[571144]: No supported link modes on interface eth0 Oct 10 22:49:24.281775 osdx modulelauncher[571144]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:24.281788 osdx modulelauncher[571144]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:24.282990 osdx modulelauncher[571144]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:24.282999 osdx modulelauncher[571144]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:24.315629 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:24.328271 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:24.345158 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:24.487912 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 22:49:24.663046 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:24.760474 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:49:24.814925 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:49:24.915757 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:49:24.972482 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:49:25.065468 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:49:25.120892 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 22:49:25.210859 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:49:25.284054 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:25.364755 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:25.446019 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:25.542337 osdx ubnt-cfgd[571242]: inactive Oct 10 22:49:25.562895 osdx INFO[571250]: FRR daemons did not change Oct 10 22:49:25.577132 osdx ca-certificates[571266]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:26.093103 osdx ubnt-cfgd[572278]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:26.100263 osdx ca-certificates[572284]: 1 added, 0 removed; done. Oct 10 22:49:26.103007 osdx ca-certificates[572290]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:26.105600 osdx ca-certificates[572292]: done. Oct 10 22:49:26.170046 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:26.172558 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:26.177275 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:26.196336 osdx dnscrypt-proxy[572296]: dnscrypt-proxy 2.0.45 Oct 10 22:49:26.196402 osdx dnscrypt-proxy[572296]: Network connectivity detected Oct 10 22:49:26.196815 osdx dnscrypt-proxy[572296]: Dropping privileges Oct 10 22:49:26.199578 osdx dnscrypt-proxy[572296]: Network connectivity detected Oct 10 22:49:26.199615 osdx dnscrypt-proxy[572296]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:49:26.199620 osdx dnscrypt-proxy[572296]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:49:26.199640 osdx dnscrypt-proxy[572296]: Firefox workaround initialized Oct 10 22:49:26.199646 osdx dnscrypt-proxy[572296]: Loading the set of cloaking rules from [/tmp/tmpgrujvc2p] Oct 10 22:49:26.246776 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:26.382272 osdx dnscrypt-proxy[572296]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 22:49:26.382304 osdx dnscrypt-proxy[572296]: [RD] OK (DoH) - rtt: 106ms Oct 10 22:49:26.382313 osdx dnscrypt-proxy[572296]: Server with the lowest initial latency: RD (rtt: 106ms) Oct 10 22:49:26.382318 osdx dnscrypt-proxy[572296]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:49:31.359046 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:49:33.445235 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 10 22:49:33.634792 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:49:33.637608 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:49:33.637709 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:49:33.657327 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:49:33.968969 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:34.022508 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:49:34.136960 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:49:34.197891 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:34.295032 osdx ubnt-cfgd[572352]: inactive Oct 10 22:49:34.314565 osdx dnscrypt-proxy[572296]: Stopped. Oct 10 22:49:34.314597 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:49:34.315359 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:49:34.315457 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:34.374846 osdx WARNING[572416]: No supported link modes on interface eth0 Oct 10 22:49:34.377140 osdx modulelauncher[572416]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:34.377153 osdx modulelauncher[572416]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:34.378566 osdx modulelauncher[572416]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:34.378575 osdx modulelauncher[572416]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:34.397238 osdx ca-certificates[572441]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:49:34.662316 osdx ca-certificates[573018]: done. Oct 10 22:49:34.665180 osdx ca-certificates[573027]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:35.109859 osdx ubnt-cfgd[573885]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:35.117609 osdx ca-certificates[573891]: 142 added, 0 removed; done. Oct 10 22:49:35.120381 osdx ca-certificates[573897]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:35.123009 osdx ca-certificates[573899]: done. Oct 10 22:49:35.137140 osdx INFO[573902]: FRR daemons did not change Oct 10 22:49:35.137369 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:35.139279 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:35.156605 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:36.296902 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:36.366989 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:49:36.479688 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:49:36.563746 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:49:36.705285 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:49:36.762003 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:49:36.854729 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 22:49:36.914828 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:49:37.041360 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:37.093831 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:37.207874 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:37.279610 osdx ubnt-cfgd[573936]: inactive Oct 10 22:49:37.302882 osdx INFO[573944]: FRR daemons did not change Oct 10 22:49:37.318355 osdx ca-certificates[573960]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:37.858101 osdx ubnt-cfgd[574972]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:37.866823 osdx ca-certificates[574977]: 1 added, 0 removed; done. Oct 10 22:49:37.869581 osdx ca-certificates[574984]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:37.872381 osdx ca-certificates[574986]: done. Oct 10 22:49:37.897075 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:49:37.941934 osdx WARNING[575052]: No supported link modes on interface eth0 Oct 10 22:49:37.943339 osdx modulelauncher[575052]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:37.943353 osdx modulelauncher[575052]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:37.944485 osdx modulelauncher[575052]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:37.944493 osdx modulelauncher[575052]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:38.073495 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:38.074904 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:38.089342 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:38.091977 osdx dnscrypt-proxy[575101]: dnscrypt-proxy 2.0.45 Oct 10 22:49:38.092052 osdx dnscrypt-proxy[575101]: Network connectivity detected Oct 10 22:49:38.092281 osdx dnscrypt-proxy[575101]: Dropping privileges Oct 10 22:49:38.094600 osdx dnscrypt-proxy[575101]: Network connectivity detected Oct 10 22:49:38.094631 osdx dnscrypt-proxy[575101]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:49:38.094637 osdx dnscrypt-proxy[575101]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:49:38.094658 osdx dnscrypt-proxy[575101]: Firefox workaround initialized Oct 10 22:49:38.094662 osdx dnscrypt-proxy[575101]: Loading the set of cloaking rules from [/tmp/tmp1wjbl33_] Oct 10 22:49:38.106776 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:38.331265 osdx dnscrypt-proxy[575101]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 22:49:38.331287 osdx dnscrypt-proxy[575101]: [RD] OK (DoH) - rtt: 163ms Oct 10 22:49:38.331302 osdx dnscrypt-proxy[575101]: Server with the lowest initial latency: RD (rtt: 163ms) Oct 10 22:49:38.331308 osdx dnscrypt-proxy[575101]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:49:43.261372 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:49:45.360611 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 10 22:49:45.559016 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:49:45.561064 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:49:45.561130 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:49:45.571204 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:49:45.831868 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:45.894792 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:49:46.008564 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:49:46.074041 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:46.170115 osdx ubnt-cfgd[575180]: inactive Oct 10 22:49:46.190405 osdx dnscrypt-proxy[575101]: Stopped. Oct 10 22:49:46.190441 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:49:46.191373 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:49:46.191493 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:46.250825 osdx WARNING[575244]: No supported link modes on interface eth0 Oct 10 22:49:46.252239 osdx modulelauncher[575244]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:46.252252 osdx modulelauncher[575244]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:46.253455 osdx modulelauncher[575244]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:46.253465 osdx modulelauncher[575244]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:46.269478 osdx ca-certificates[575269]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:49:46.561608 osdx ca-certificates[575846]: done. Oct 10 22:49:46.564431 osdx ca-certificates[575855]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:47.018444 osdx ubnt-cfgd[576713]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:47.028002 osdx ca-certificates[576719]: 142 added, 0 removed; done. Oct 10 22:49:47.030893 osdx ca-certificates[576725]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:47.033653 osdx ca-certificates[576727]: done. Oct 10 22:49:47.048652 osdx INFO[576730]: FRR daemons did not change Oct 10 22:49:47.048935 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:47.051266 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:47.067946 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:48.233516 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:49:48.299474 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:49:48.392517 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:49:48.453532 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:49:48.540406 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:49:48.595804 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:49:48.693514 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 22:49:48.744851 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:49:48.854217 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:49:48.920823 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:49:49.031681 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:49:49.105160 osdx ubnt-cfgd[576764]: inactive Oct 10 22:49:49.138148 osdx INFO[576772]: FRR daemons did not change Oct 10 22:49:49.150157 osdx ca-certificates[576788]: Updating certificates in /etc/ssl/certs... Oct 10 22:49:49.643555 osdx ubnt-cfgd[577800]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:49:49.650778 osdx ca-certificates[577805]: 1 added, 0 removed; done. Oct 10 22:49:49.653549 osdx ca-certificates[577812]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:49:49.656168 osdx ca-certificates[577814]: done. Oct 10 22:49:49.681067 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:49:49.729196 osdx WARNING[577880]: No supported link modes on interface eth0 Oct 10 22:49:49.731329 osdx modulelauncher[577880]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:49:49.731351 osdx modulelauncher[577880]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:49:49.733394 osdx modulelauncher[577880]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:49:49.733411 osdx modulelauncher[577880]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:49:49.841367 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:49:49.842597 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:49:49.853875 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:49:49.866051 osdx dnscrypt-proxy[577929]: dnscrypt-proxy 2.0.45 Oct 10 22:49:49.866129 osdx dnscrypt-proxy[577929]: Network connectivity detected Oct 10 22:49:49.866350 osdx dnscrypt-proxy[577929]: Dropping privileges Oct 10 22:49:49.868322 osdx dnscrypt-proxy[577929]: Network connectivity detected Oct 10 22:49:49.868349 osdx dnscrypt-proxy[577929]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:49:49.868353 osdx dnscrypt-proxy[577929]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:49:49.868373 osdx dnscrypt-proxy[577929]: Firefox workaround initialized Oct 10 22:49:49.868379 osdx dnscrypt-proxy[577929]: Loading the set of cloaking rules from [/tmp/tmp0aiewxwh] Oct 10 22:49:49.872866 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:49:50.054256 osdx dnscrypt-proxy[577929]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 22:49:50.054269 osdx dnscrypt-proxy[577929]: [RD] OK (DoH) - rtt: 124ms Oct 10 22:49:50.054275 osdx dnscrypt-proxy[577929]: Server with the lowest initial latency: RD (rtt: 124ms) Oct 10 22:49:50.054279 osdx dnscrypt-proxy[577929]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:49:53.030170 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Oct 10 22:49:55.032765 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:49:57.123453 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 10 22:50:04.362112 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:04.365992 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:04.366049 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:04.373474 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:04.654837 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 22:50:04.889731 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:04.963186 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:05.039446 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:05.101702 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:05.196654 osdx ubnt-cfgd[579665]: inactive Oct 10 22:50:05.214297 osdx INFO[579671]: FRR daemons did not change Oct 10 22:50:05.233992 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:05.277538 osdx WARNING[579739]: No supported link modes on interface eth0 Oct 10 22:50:05.278882 osdx modulelauncher[579739]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:05.278894 osdx modulelauncher[579739]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:05.280371 osdx modulelauncher[579739]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:05.280380 osdx modulelauncher[579739]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:05.317584 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:05.332103 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:05.351148 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:05.498735 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 22:50:05.745452 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:05.802922 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:05.943268 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:06.005797 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:06.095211 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:06.152661 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:06.245146 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:50:06.294207 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:06.403126 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:06.454085 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:06.567029 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:06.646205 osdx ubnt-cfgd[579837]: inactive Oct 10 22:50:06.667765 osdx INFO[579845]: FRR daemons did not change Oct 10 22:50:06.685466 osdx ca-certificates[579861]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:07.177640 osdx ubnt-cfgd[580873]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:07.185028 osdx ca-certificates[580878]: 1 added, 0 removed; done. Oct 10 22:50:07.187819 osdx ca-certificates[580885]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:07.190568 osdx ca-certificates[580887]: done. Oct 10 22:50:07.246262 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:07.247459 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:07.250073 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:07.264871 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:07.265099 osdx dnscrypt-proxy[580891]: dnscrypt-proxy 2.0.45 Oct 10 22:50:07.265156 osdx dnscrypt-proxy[580891]: Network connectivity detected Oct 10 22:50:07.265343 osdx dnscrypt-proxy[580891]: Dropping privileges Oct 10 22:50:07.267554 osdx dnscrypt-proxy[580891]: Network connectivity detected Oct 10 22:50:07.267588 osdx dnscrypt-proxy[580891]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:07.267593 osdx dnscrypt-proxy[580891]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:07.267613 osdx dnscrypt-proxy[580891]: Firefox workaround initialized Oct 10 22:50:07.267618 osdx dnscrypt-proxy[580891]: Loading the set of cloaking rules from [/tmp/tmpj6wrf40m] Oct 10 22:50:07.268479 osdx dnscrypt-proxy[580891]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 10 22:50:14.341581 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:14.344363 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:14.344434 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:14.351707 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:14.571165 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 22:50:14.826993 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:14.912414 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:14.998638 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:15.075578 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:15.176483 osdx ubnt-cfgd[582593]: inactive Oct 10 22:50:15.193885 osdx INFO[582599]: FRR daemons did not change Oct 10 22:50:15.216357 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:15.258778 osdx WARNING[582667]: No supported link modes on interface eth0 Oct 10 22:50:15.260066 osdx modulelauncher[582667]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:15.260077 osdx modulelauncher[582667]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:15.261179 osdx modulelauncher[582667]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:15.261187 osdx modulelauncher[582667]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:15.303352 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:15.318906 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:15.335742 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:15.473000 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 22:50:15.588159 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:15.644680 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:15.739693 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:15.799607 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:15.889705 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:15.945052 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:16.046920 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:50:16.107897 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:16.206350 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:16.278061 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:16.438134 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:16.509409 osdx ubnt-cfgd[582761]: inactive Oct 10 22:50:16.530735 osdx INFO[582769]: FRR daemons did not change Oct 10 22:50:16.542537 osdx ca-certificates[582784]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:17.064639 osdx ubnt-cfgd[583797]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:17.072190 osdx ca-certificates[583802]: 1 added, 0 removed; done. Oct 10 22:50:17.074976 osdx ca-certificates[583809]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:17.077742 osdx ca-certificates[583811]: done. Oct 10 22:50:17.160806 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:17.162168 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:17.165022 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:17.180873 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:17.181730 osdx dnscrypt-proxy[583815]: dnscrypt-proxy 2.0.45 Oct 10 22:50:17.181802 osdx dnscrypt-proxy[583815]: Network connectivity detected Oct 10 22:50:17.182033 osdx dnscrypt-proxy[583815]: Dropping privileges Oct 10 22:50:17.184983 osdx dnscrypt-proxy[583815]: Network connectivity detected Oct 10 22:50:17.185016 osdx dnscrypt-proxy[583815]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:17.185021 osdx dnscrypt-proxy[583815]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:17.185041 osdx dnscrypt-proxy[583815]: Firefox workaround initialized Oct 10 22:50:17.185047 osdx dnscrypt-proxy[583815]: Loading the set of cloaking rules from [/tmp/tmpsktl820p] Oct 10 22:50:17.185990 osdx dnscrypt-proxy[583815]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 10 22:50:17.415961 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:17.416387 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:17.416417 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:17.425770 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:17.707800 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:17.761807 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:50:17.899672 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:50:17.983772 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:18.096597 osdx ubnt-cfgd[583864]: inactive Oct 10 22:50:18.117174 osdx dnscrypt-proxy[583815]: Stopped. Oct 10 22:50:18.117215 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:50:18.118054 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:50:18.118156 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:18.176635 osdx WARNING[583929]: No supported link modes on interface eth0 Oct 10 22:50:18.178291 osdx modulelauncher[583929]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:18.178303 osdx modulelauncher[583929]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:18.179446 osdx modulelauncher[583929]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:18.179455 osdx modulelauncher[583929]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:18.197551 osdx ca-certificates[583954]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:50:18.480553 osdx ca-certificates[584531]: done. Oct 10 22:50:18.483971 osdx ca-certificates[584540]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:18.933953 osdx ubnt-cfgd[585398]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:18.941767 osdx ca-certificates[585403]: 142 added, 0 removed; done. Oct 10 22:50:18.944631 osdx ca-certificates[585410]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:18.947373 osdx ca-certificates[585412]: done. Oct 10 22:50:18.963561 osdx INFO[585415]: FRR daemons did not change Oct 10 22:50:18.963905 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:18.981453 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:19.014042 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:20.241777 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:20.299376 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:20.395566 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:20.456221 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:20.547109 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:20.603548 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:20.702516 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 22:50:20.752578 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:20.876660 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:20.941034 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:21.072628 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:21.144759 osdx ubnt-cfgd[585449]: inactive Oct 10 22:50:21.164375 osdx INFO[585457]: FRR daemons did not change Oct 10 22:50:21.175255 osdx ca-certificates[585473]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:21.681310 osdx ubnt-cfgd[586485]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:21.688419 osdx ca-certificates[586491]: 1 added, 0 removed; done. Oct 10 22:50:21.691264 osdx ca-certificates[586497]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:21.693986 osdx ca-certificates[586499]: done. Oct 10 22:50:21.716355 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:21.755623 osdx WARNING[586565]: No supported link modes on interface eth0 Oct 10 22:50:21.757069 osdx modulelauncher[586565]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:21.757081 osdx modulelauncher[586565]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:21.758248 osdx modulelauncher[586565]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:21.758258 osdx modulelauncher[586565]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:21.844704 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:21.845866 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:21.858105 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:21.863794 osdx dnscrypt-proxy[586614]: dnscrypt-proxy 2.0.45 Oct 10 22:50:21.863848 osdx dnscrypt-proxy[586614]: Network connectivity detected Oct 10 22:50:21.864051 osdx dnscrypt-proxy[586614]: Dropping privileges Oct 10 22:50:21.866260 osdx dnscrypt-proxy[586614]: Network connectivity detected Oct 10 22:50:21.866295 osdx dnscrypt-proxy[586614]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:21.866299 osdx dnscrypt-proxy[586614]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:21.866313 osdx dnscrypt-proxy[586614]: Firefox workaround initialized Oct 10 22:50:21.866322 osdx dnscrypt-proxy[586614]: Loading the set of cloaking rules from [/tmp/tmpmcijkgzp] Oct 10 22:50:21.867210 osdx dnscrypt-proxy[586614]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 22:50:21.881235 osdx OSDxCLI[472467]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Oct 10 22:50:22.133690 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:22.136352 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:22.136399 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:22.142848 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:22.421017 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:22.487965 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:50:22.602868 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:50:22.675815 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:22.780736 osdx ubnt-cfgd[586682]: inactive Oct 10 22:50:22.799417 osdx dnscrypt-proxy[586614]: Stopped. Oct 10 22:50:22.799481 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:50:22.800240 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:50:22.800369 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:22.853759 osdx WARNING[586746]: No supported link modes on interface eth0 Oct 10 22:50:22.855023 osdx modulelauncher[586746]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:22.855033 osdx modulelauncher[586746]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:22.856160 osdx modulelauncher[586746]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:22.856168 osdx modulelauncher[586746]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:22.871009 osdx ca-certificates[586771]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:50:23.122324 osdx ca-certificates[587348]: done. Oct 10 22:50:23.125294 osdx ca-certificates[587357]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:23.577887 osdx ubnt-cfgd[588215]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:23.587141 osdx ca-certificates[588221]: 142 added, 0 removed; done. Oct 10 22:50:23.589823 osdx ca-certificates[588227]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:23.592332 osdx ca-certificates[588229]: done. Oct 10 22:50:23.610859 osdx INFO[588232]: FRR daemons did not change Oct 10 22:50:23.611305 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:23.618943 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:23.635623 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:24.758946 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:24.813506 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:24.908284 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:24.975007 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:25.063245 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:25.117012 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:25.208599 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:50:25.269120 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 22:50:25.355355 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:25.425443 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:25.500825 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:25.567529 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:25.655790 osdx ubnt-cfgd[588269]: inactive Oct 10 22:50:25.693843 osdx INFO[588277]: FRR daemons did not change Oct 10 22:50:25.716745 osdx ca-certificates[588292]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:26.252817 osdx ubnt-cfgd[589305]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:26.261217 osdx ca-certificates[589311]: 1 added, 0 removed; done. Oct 10 22:50:26.264022 osdx ca-certificates[589317]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:26.266721 osdx ca-certificates[589319]: done. Oct 10 22:50:26.288410 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:26.330660 osdx WARNING[589385]: No supported link modes on interface eth0 Oct 10 22:50:26.331999 osdx modulelauncher[589385]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:26.332013 osdx modulelauncher[589385]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:26.333139 osdx modulelauncher[589385]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:26.333150 osdx modulelauncher[589385]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:26.440798 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:26.442138 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:26.455463 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:26.462564 osdx dnscrypt-proxy[589434]: dnscrypt-proxy 2.0.45 Oct 10 22:50:26.462623 osdx dnscrypt-proxy[589434]: Network connectivity detected Oct 10 22:50:26.462798 osdx dnscrypt-proxy[589434]: Dropping privileges Oct 10 22:50:26.465060 osdx dnscrypt-proxy[589434]: Network connectivity detected Oct 10 22:50:26.465096 osdx dnscrypt-proxy[589434]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:26.465100 osdx dnscrypt-proxy[589434]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:26.465120 osdx dnscrypt-proxy[589434]: Firefox workaround initialized Oct 10 22:50:26.465125 osdx dnscrypt-proxy[589434]: Loading the set of cloaking rules from [/tmp/tmpef1wja_9] Oct 10 22:50:26.465945 osdx dnscrypt-proxy[589434]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Oct 10 22:50:26.485099 osdx OSDxCLI[472467]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 10 22:50:33.281070 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:33.283366 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:33.283419 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:33.291909 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:33.512662 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system coredump delete all'. Oct 10 22:50:33.737022 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:33.824490 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:33.905570 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:33.973546 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:34.055899 osdx ubnt-cfgd[591156]: inactive Oct 10 22:50:34.075966 osdx INFO[591162]: FRR daemons did not change Oct 10 22:50:34.099374 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:34.142848 osdx WARNING[591230]: No supported link modes on interface eth0 Oct 10 22:50:34.144311 osdx modulelauncher[591230]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:34.144322 osdx modulelauncher[591230]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:34.145693 osdx modulelauncher[591230]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:34.145700 osdx modulelauncher[591230]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:34.181655 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:34.192763 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:34.208408 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:34.356244 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 10 22:50:34.577063 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:35.164794 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:35.218864 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:35.321581 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:35.384344 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:35.481276 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:35.546429 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:50:35.652007 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 22:50:35.722799 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:35.841201 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:35.892436 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:36.005456 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:36.074014 osdx ubnt-cfgd[591331]: inactive Oct 10 22:50:36.095633 osdx INFO[591339]: FRR daemons did not change Oct 10 22:50:36.109818 osdx ca-certificates[591355]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:36.626465 osdx ubnt-cfgd[592367]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:36.635962 osdx ca-certificates[592373]: 1 added, 0 removed; done. Oct 10 22:50:36.639768 osdx ca-certificates[592379]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:36.643158 osdx ca-certificates[592381]: done. Oct 10 22:50:36.715750 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:36.717094 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:36.719219 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:36.734728 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:36.741897 osdx dnscrypt-proxy[592385]: dnscrypt-proxy 2.0.45 Oct 10 22:50:36.741984 osdx dnscrypt-proxy[592385]: Network connectivity detected Oct 10 22:50:36.742225 osdx dnscrypt-proxy[592385]: Dropping privileges Oct 10 22:50:36.745047 osdx dnscrypt-proxy[592385]: Network connectivity detected Oct 10 22:50:36.745078 osdx dnscrypt-proxy[592385]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:36.745081 osdx dnscrypt-proxy[592385]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:36.745098 osdx dnscrypt-proxy[592385]: Firefox workaround initialized Oct 10 22:50:36.745102 osdx dnscrypt-proxy[592385]: Loading the set of cloaking rules from [/tmp/tmpmhhqjeu0] Oct 10 22:50:36.976994 osdx dnscrypt-proxy[592385]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 22:50:36.977012 osdx dnscrypt-proxy[592385]: [RD] OK (DoH) - rtt: 147ms Oct 10 22:50:36.977020 osdx dnscrypt-proxy[592385]: Server with the lowest initial latency: RD (rtt: 147ms) Oct 10 22:50:36.977026 osdx dnscrypt-proxy[592385]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:50:41.894616 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:50:43.986597 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 10 22:50:44.221395 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:44.223367 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:44.223432 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:44.231268 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:44.496900 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:44.549525 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:50:44.661373 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:50:44.725272 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:44.822807 osdx ubnt-cfgd[592442]: inactive Oct 10 22:50:44.845755 osdx dnscrypt-proxy[592385]: Stopped. Oct 10 22:50:44.845848 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:50:44.846601 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:50:44.846730 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:44.909791 osdx WARNING[592506]: No supported link modes on interface eth0 Oct 10 22:50:44.911157 osdx modulelauncher[592506]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:44.911168 osdx modulelauncher[592506]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:44.912305 osdx modulelauncher[592506]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:44.912312 osdx modulelauncher[592506]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:44.927828 osdx ca-certificates[592531]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:50:45.211041 osdx ca-certificates[593109]: done. Oct 10 22:50:45.213802 osdx ca-certificates[593118]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:45.650958 osdx ubnt-cfgd[593975]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:45.660169 osdx ca-certificates[593981]: 142 added, 0 removed; done. Oct 10 22:50:45.663946 osdx ca-certificates[593987]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:45.666968 osdx ca-certificates[593989]: done. Oct 10 22:50:45.684729 osdx INFO[593992]: FRR daemons did not change Oct 10 22:50:45.685060 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:45.687506 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:45.710582 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:47.095580 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:47.682019 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:50:47.744733 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:50:47.856506 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:50:47.916689 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:50:48.017042 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:50:48.070587 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:50:48.181400 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 22:50:48.231100 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:50:48.348657 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:50:48.403436 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:50:48.517634 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:48.588709 osdx ubnt-cfgd[594029]: inactive Oct 10 22:50:48.610657 osdx INFO[594037]: FRR daemons did not change Oct 10 22:50:48.623832 osdx ca-certificates[594053]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:49.122414 osdx ubnt-cfgd[595065]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:49.129892 osdx ca-certificates[595071]: 1 added, 0 removed; done. Oct 10 22:50:49.132619 osdx ca-certificates[595077]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:49.135178 osdx ca-certificates[595079]: done. Oct 10 22:50:49.155367 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:50:49.200313 osdx WARNING[595145]: No supported link modes on interface eth0 Oct 10 22:50:49.201713 osdx modulelauncher[595145]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:49.201727 osdx modulelauncher[595145]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:49.202827 osdx modulelauncher[595145]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:49.202836 osdx modulelauncher[595145]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:49.307754 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:49.309314 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:49.323896 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:49.326613 osdx dnscrypt-proxy[595194]: dnscrypt-proxy 2.0.45 Oct 10 22:50:49.326685 osdx dnscrypt-proxy[595194]: Network connectivity detected Oct 10 22:50:49.326913 osdx dnscrypt-proxy[595194]: Dropping privileges Oct 10 22:50:49.329749 osdx dnscrypt-proxy[595194]: Network connectivity detected Oct 10 22:50:49.329782 osdx dnscrypt-proxy[595194]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:50:49.329787 osdx dnscrypt-proxy[595194]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:50:49.329806 osdx dnscrypt-proxy[595194]: Firefox workaround initialized Oct 10 22:50:49.329811 osdx dnscrypt-proxy[595194]: Loading the set of cloaking rules from [/tmp/tmp3i6kp8hz] Oct 10 22:50:49.340957 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:49.506338 osdx dnscrypt-proxy[595194]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 22:50:49.506353 osdx dnscrypt-proxy[595194]: [RD] OK (DoH) - rtt: 114ms Oct 10 22:50:49.506360 osdx dnscrypt-proxy[595194]: Server with the lowest initial latency: RD (rtt: 114ms) Oct 10 22:50:49.506364 osdx dnscrypt-proxy[595194]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:50:54.513654 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:50:56.606822 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 10 22:50:56.934923 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:50:56.935545 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:50:56.935598 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:50:56.946887 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:50:57.219249 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:50:57.293933 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:50:57.403586 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:50:57.472247 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:50:57.556346 osdx ubnt-cfgd[595271]: inactive Oct 10 22:50:57.576514 osdx dnscrypt-proxy[595194]: Stopped. Oct 10 22:50:57.576567 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:50:57.577156 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:50:57.577280 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:50:57.635838 osdx WARNING[595335]: No supported link modes on interface eth0 Oct 10 22:50:57.637171 osdx modulelauncher[595335]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:50:57.637184 osdx modulelauncher[595335]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:50:57.638652 osdx modulelauncher[595335]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:50:57.638659 osdx modulelauncher[595335]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:50:57.656477 osdx ca-certificates[595360]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:50:57.952169 osdx ca-certificates[595937]: done. Oct 10 22:50:57.955233 osdx ca-certificates[595946]: Updating certificates in /etc/ssl/certs... Oct 10 22:50:58.415181 osdx ubnt-cfgd[596804]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:50:58.424009 osdx ca-certificates[596810]: 142 added, 0 removed; done. Oct 10 22:50:58.427677 osdx ca-certificates[596816]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:50:58.430772 osdx ca-certificates[596818]: done. Oct 10 22:50:58.444865 osdx INFO[596821]: FRR daemons did not change Oct 10 22:50:58.445104 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:50:58.447302 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:50:58.464086 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:50:59.697543 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:00.337478 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:51:00.390474 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:51:00.491911 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:51:00.546159 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:51:00.640981 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:51:00.693963 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Oct 10 22:51:00.802260 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 22:51:00.851284 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:51:00.974982 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:51:01.038157 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:51:01.145565 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:01.231729 osdx ubnt-cfgd[596858]: inactive Oct 10 22:51:01.251112 osdx INFO[596866]: FRR daemons did not change Oct 10 22:51:01.265325 osdx ca-certificates[596882]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:01.804166 osdx ubnt-cfgd[597894]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:01.813910 osdx ca-certificates[597900]: 1 added, 0 removed; done. Oct 10 22:51:01.818104 osdx ca-certificates[597906]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:01.823814 osdx ca-certificates[597908]: done. Oct 10 22:51:01.855373 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:51:01.901475 osdx WARNING[597974]: No supported link modes on interface eth0 Oct 10 22:51:01.903225 osdx modulelauncher[597974]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:01.903237 osdx modulelauncher[597974]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:01.904708 osdx modulelauncher[597974]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:01.904717 osdx modulelauncher[597974]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:02.007642 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:02.008888 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:02.021159 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:02.027859 osdx dnscrypt-proxy[598023]: dnscrypt-proxy 2.0.45 Oct 10 22:51:02.027923 osdx dnscrypt-proxy[598023]: Network connectivity detected Oct 10 22:51:02.028134 osdx dnscrypt-proxy[598023]: Dropping privileges Oct 10 22:51:02.030860 osdx dnscrypt-proxy[598023]: Network connectivity detected Oct 10 22:51:02.030892 osdx dnscrypt-proxy[598023]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:51:02.030897 osdx dnscrypt-proxy[598023]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:51:02.030914 osdx dnscrypt-proxy[598023]: Firefox workaround initialized Oct 10 22:51:02.030920 osdx dnscrypt-proxy[598023]: Loading the set of cloaking rules from [/tmp/tmpb5jx5ian] Oct 10 22:51:02.043117 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:02.213819 osdx dnscrypt-proxy[598023]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 22:51:02.213840 osdx dnscrypt-proxy[598023]: [RD] OK (DoH) - rtt: 125ms Oct 10 22:51:02.213850 osdx dnscrypt-proxy[598023]: Server with the lowest initial latency: RD (rtt: 125ms) Oct 10 22:51:02.213855 osdx dnscrypt-proxy[598023]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:51:03.030482 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Oct 10 22:51:07.202789 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:51:09.315673 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Oct 10 22:51:09.576800 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:51:09.579366 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:51:09.579426 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:51:09.586495 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:51:09.878805 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:09.955771 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:51:10.060859 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:51:10.122266 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:10.215503 osdx ubnt-cfgd[598103]: inactive Oct 10 22:51:10.235921 osdx dnscrypt-proxy[598023]: Stopped. Oct 10 22:51:10.235959 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:51:10.236677 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:51:10.236779 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:10.288511 osdx WARNING[598167]: No supported link modes on interface eth0 Oct 10 22:51:10.290123 osdx modulelauncher[598167]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:10.290137 osdx modulelauncher[598167]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:10.291601 osdx modulelauncher[598167]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:10.291611 osdx modulelauncher[598167]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:10.306938 osdx ca-certificates[598192]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:51:10.582314 osdx ca-certificates[598772]: done. Oct 10 22:51:10.586582 osdx ca-certificates[598781]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:11.041211 osdx ubnt-cfgd[599638]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:11.049247 osdx ca-certificates[599643]: 142 added, 0 removed; done. Oct 10 22:51:11.053056 osdx ca-certificates[599650]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:11.056785 osdx ca-certificates[599652]: done. Oct 10 22:51:11.071740 osdx INFO[599655]: FRR daemons did not change Oct 10 22:51:11.071982 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:11.086875 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:11.104586 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:12.452766 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:13.102983 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:51:13.171496 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:51:13.266146 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:51:13.321186 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:51:13.424976 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:51:13.478894 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 22:51:13.576729 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Oct 10 22:51:13.626889 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:51:13.751580 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:51:13.807300 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:51:13.933249 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:13.998423 osdx ubnt-cfgd[599692]: inactive Oct 10 22:51:14.024058 osdx INFO[599700]: FRR daemons did not change Oct 10 22:51:14.038330 osdx ca-certificates[599716]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:14.550006 osdx ubnt-cfgd[600728]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:14.558731 osdx ca-certificates[600734]: 1 added, 0 removed; done. Oct 10 22:51:14.562475 osdx ca-certificates[600740]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:14.566131 osdx ca-certificates[600742]: done. Oct 10 22:51:14.587370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:51:14.632091 osdx WARNING[600808]: No supported link modes on interface eth0 Oct 10 22:51:14.633342 osdx modulelauncher[600808]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:14.633354 osdx modulelauncher[600808]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:14.634445 osdx modulelauncher[600808]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:14.634457 osdx modulelauncher[600808]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:14.747706 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:14.748893 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:14.760967 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:14.766571 osdx dnscrypt-proxy[600857]: dnscrypt-proxy 2.0.45 Oct 10 22:51:14.766641 osdx dnscrypt-proxy[600857]: Network connectivity detected Oct 10 22:51:14.766853 osdx dnscrypt-proxy[600857]: Dropping privileges Oct 10 22:51:14.768795 osdx dnscrypt-proxy[600857]: Network connectivity detected Oct 10 22:51:14.768831 osdx dnscrypt-proxy[600857]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:51:14.768836 osdx dnscrypt-proxy[600857]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:51:14.768855 osdx dnscrypt-proxy[600857]: Firefox workaround initialized Oct 10 22:51:14.768863 osdx dnscrypt-proxy[600857]: Loading the set of cloaking rules from [/tmp/tmpl092my8w] Oct 10 22:51:14.780527 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:14.984830 osdx dnscrypt-proxy[600857]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Oct 10 22:51:14.984854 osdx dnscrypt-proxy[600857]: [RD] OK (DoH) - rtt: 150ms Oct 10 22:51:14.984863 osdx dnscrypt-proxy[600857]: Server with the lowest initial latency: RD (rtt: 150ms) Oct 10 22:51:14.984869 osdx dnscrypt-proxy[600857]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:51:19.954205 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:51:22.041787 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Oct 10 22:51:22.264705 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:51:22.267376 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:51:22.267483 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:51:22.277122 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:51:22.564058 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:22.646440 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:51:22.713520 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:51:22.809345 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:22.870353 osdx ubnt-cfgd[600932]: inactive Oct 10 22:51:22.893881 osdx dnscrypt-proxy[600857]: Stopped. Oct 10 22:51:22.893909 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:51:22.895006 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:51:22.895103 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:22.955670 osdx WARNING[600996]: No supported link modes on interface eth0 Oct 10 22:51:22.957386 osdx modulelauncher[600996]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:22.957399 osdx modulelauncher[600996]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:22.958828 osdx modulelauncher[600996]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:22.958837 osdx modulelauncher[600996]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:22.974336 osdx ca-certificates[601021]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:51:23.254303 osdx ca-certificates[601598]: done. Oct 10 22:51:23.258020 osdx ca-certificates[601606]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:23.719755 osdx ubnt-cfgd[602465]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:23.728062 osdx ca-certificates[602471]: 142 added, 0 removed; done. Oct 10 22:51:23.730876 osdx ca-certificates[602477]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:23.733523 osdx ca-certificates[602479]: done. Oct 10 22:51:23.750862 osdx INFO[602482]: FRR daemons did not change Oct 10 22:51:23.751157 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:23.753631 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:23.769413 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:25.444526 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:26.389004 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:51:26.477477 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:51:26.622944 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:51:26.677657 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:51:26.786456 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:51:26.839761 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 22:51:26.932789 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Oct 10 22:51:26.982306 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:51:27.097055 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:51:27.151314 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:51:27.261266 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:27.326417 osdx ubnt-cfgd[602519]: inactive Oct 10 22:51:27.360798 osdx INFO[602527]: FRR daemons did not change Oct 10 22:51:27.372213 osdx ca-certificates[602543]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:27.866961 osdx ubnt-cfgd[603555]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:27.876790 osdx ca-certificates[603561]: 1 added, 0 removed; done. Oct 10 22:51:27.879751 osdx ca-certificates[603567]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:27.882681 osdx ca-certificates[603569]: done. Oct 10 22:51:27.907370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:51:27.954806 osdx WARNING[603635]: No supported link modes on interface eth0 Oct 10 22:51:27.956466 osdx modulelauncher[603635]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:27.956477 osdx modulelauncher[603635]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:27.957614 osdx modulelauncher[603635]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:27.957621 osdx modulelauncher[603635]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:28.047716 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:28.049022 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:28.060588 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:28.067207 osdx dnscrypt-proxy[603684]: dnscrypt-proxy 2.0.45 Oct 10 22:51:28.067275 osdx dnscrypt-proxy[603684]: Network connectivity detected Oct 10 22:51:28.067495 osdx dnscrypt-proxy[603684]: Dropping privileges Oct 10 22:51:28.069805 osdx dnscrypt-proxy[603684]: Network connectivity detected Oct 10 22:51:28.069846 osdx dnscrypt-proxy[603684]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:51:28.069850 osdx dnscrypt-proxy[603684]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:51:28.069870 osdx dnscrypt-proxy[603684]: Firefox workaround initialized Oct 10 22:51:28.069880 osdx dnscrypt-proxy[603684]: Loading the set of cloaking rules from [/tmp/tmpy3sk_jt2] Oct 10 22:51:28.083449 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:28.250454 osdx dnscrypt-proxy[603684]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Oct 10 22:51:28.250478 osdx dnscrypt-proxy[603684]: [RD] OK (DoH) - rtt: 113ms Oct 10 22:51:28.250487 osdx dnscrypt-proxy[603684]: Server with the lowest initial latency: RD (rtt: 113ms) Oct 10 22:51:28.250492 osdx dnscrypt-proxy[603684]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:51:33.257478 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:51:35.355812 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Oct 10 22:51:35.624498 osdx systemd-journald[246736]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free. Oct 10 22:51:35.627373 osdx systemd-journald[246736]: Received client request to rotate journal, rotating. Oct 10 22:51:35.627457 osdx systemd-journald[246736]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac. Oct 10 22:51:35.635957 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'system journal clear'. Oct 10 22:51:35.903242 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:35.967105 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'delete '. Oct 10 22:51:36.081655 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Oct 10 22:51:36.157244 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:36.258984 osdx ubnt-cfgd[603760]: inactive Oct 10 22:51:36.278045 osdx dnscrypt-proxy[603684]: Stopped. Oct 10 22:51:36.278103 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Oct 10 22:51:36.278893 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Oct 10 22:51:36.278996 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:36.331334 osdx WARNING[603824]: No supported link modes on interface eth0 Oct 10 22:51:36.332606 osdx modulelauncher[603824]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:36.332617 osdx modulelauncher[603824]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:36.333684 osdx modulelauncher[603824]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:36.333691 osdx modulelauncher[603824]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:36.351185 osdx ca-certificates[603849]: Clearing symlinks in /etc/ssl/certs... Oct 10 22:51:36.655772 osdx ca-certificates[604426]: done. Oct 10 22:51:36.658775 osdx ca-certificates[604436]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:37.102375 osdx ubnt-cfgd[605293]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:37.110093 osdx ca-certificates[605299]: 142 added, 0 removed; done. Oct 10 22:51:37.112901 osdx ca-certificates[605305]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:37.115631 osdx ca-certificates[605307]: done. Oct 10 22:51:37.130549 osdx INFO[605310]: FRR daemons did not change Oct 10 22:51:37.130830 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:37.133452 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:37.155104 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:38.387848 osdx OSDxCLI[472467]: User 'admin' entered the configuration menu. Oct 10 22:51:39.221323 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Oct 10 22:51:39.331200 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Oct 10 22:51:39.406420 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Oct 10 22:51:39.493858 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Oct 10 22:51:39.558503 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash fbde9ec8b61083045636daed938e6ac3eb5836b9a6063993d8620d69f6a6c58c'. Oct 10 22:51:39.642318 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Oct 10 22:51:39.707838 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Oct 10 22:51:39.798963 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Oct 10 22:51:39.931271 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Oct 10 22:51:40.015524 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Oct 10 22:51:40.143889 osdx OSDxCLI[472467]: User 'admin' added a new cfg line: 'show working'. Oct 10 22:51:40.216323 osdx ubnt-cfgd[605347]: inactive Oct 10 22:51:40.241575 osdx INFO[605355]: FRR daemons did not change Oct 10 22:51:40.259698 osdx ca-certificates[605371]: Updating certificates in /etc/ssl/certs... Oct 10 22:51:40.772490 osdx ubnt-cfgd[606383]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Oct 10 22:51:40.781252 osdx ca-certificates[606389]: 1 added, 0 removed; done. Oct 10 22:51:40.784900 osdx ca-certificates[606395]: Running hooks in /etc/ca-certificates/update.d... Oct 10 22:51:40.788446 osdx ca-certificates[606397]: done. Oct 10 22:51:40.811370 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 10 22:51:40.854635 osdx WARNING[606463]: No supported link modes on interface eth0 Oct 10 22:51:40.855965 osdx modulelauncher[606463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Oct 10 22:51:40.855976 osdx modulelauncher[606463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Oct 10 22:51:40.857099 osdx modulelauncher[606463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Oct 10 22:51:40.857106 osdx modulelauncher[606463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Oct 10 22:51:40.955665 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Oct 10 22:51:40.956893 osdx cfgd[1464]: [472467]Completed change to active configuration Oct 10 22:51:40.968073 osdx OSDxCLI[472467]: User 'admin' committed the configuration. Oct 10 22:51:40.983505 osdx dnscrypt-proxy[606512]: dnscrypt-proxy 2.0.45 Oct 10 22:51:40.983576 osdx dnscrypt-proxy[606512]: Network connectivity detected Oct 10 22:51:40.983750 osdx OSDxCLI[472467]: User 'admin' left the configuration menu. Oct 10 22:51:40.983949 osdx dnscrypt-proxy[606512]: Dropping privileges Oct 10 22:51:40.986500 osdx dnscrypt-proxy[606512]: Network connectivity detected Oct 10 22:51:40.986587 osdx dnscrypt-proxy[606512]: Now listening to 127.0.0.1:53 [UDP] Oct 10 22:51:40.986591 osdx dnscrypt-proxy[606512]: Now listening to 127.0.0.1:53 [TCP] Oct 10 22:51:40.986608 osdx dnscrypt-proxy[606512]: Firefox workaround initialized Oct 10 22:51:40.986612 osdx dnscrypt-proxy[606512]: Loading the set of cloaking rules from [/tmp/tmp5rmbhn_8] Oct 10 22:51:41.191318 osdx dnscrypt-proxy[606512]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Oct 10 22:51:41.191385 osdx dnscrypt-proxy[606512]: [RD] OK (DoH) - rtt: 127ms Oct 10 22:51:41.191407 osdx dnscrypt-proxy[606512]: Server with the lowest initial latency: RD (rtt: 127ms) Oct 10 22:51:41.191423 osdx dnscrypt-proxy[606512]: dnscrypt-proxy is ready - live servers: 1 Oct 10 22:51:46.135569 osdx OSDxCLI[472467]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Oct 10 22:51:48.230009 osdx OSDxCLI[472467]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.