Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 06 14:27:58.321054 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:27:58.323401 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:27:58.323458 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:27:58.332695 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:27:58.559901 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 14:27:58.805238 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:27:58.890584 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:27:58.964276 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:27:59.031901 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:27:59.128191 osdx ubnt-cfgd[133863]: inactive
Apr 06 14:27:59.145885 osdx INFO[133869]: FRR daemons did not change
Apr 06 14:27:59.167409 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:27:59.211175 osdx WARNING[133937]: No supported link modes on interface eth0
Apr 06 14:27:59.212531 osdx modulelauncher[133937]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:27:59.212549 osdx modulelauncher[133937]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:27:59.213718 osdx modulelauncher[133937]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:27:59.213727 osdx modulelauncher[133937]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:27:59.249395 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:27:59.260940 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:27:59.277024 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:27:59.417993 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 06 14:27:59.489335 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 06 14:27:59.648183 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:27:59.703489 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:27:59.800554 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:27:59.863458 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:27:59.955082 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:00.017580 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:00.105871 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 06 14:28:00.157168 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:00.298986 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:00.368659 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:00.473789 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:00.535901 osdx ubnt-cfgd[134040]: inactive
Apr 06 14:28:00.556001 osdx INFO[134048]: FRR daemons did not change
Apr 06 14:28:00.567307 osdx ca-certificates[134064]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:01.054748 osdx ubnt-cfgd[135076]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:01.062284 osdx ca-certificates[135082]: 1 added, 0 removed; done.
Apr 06 14:28:01.065023 osdx ca-certificates[135088]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:01.067645 osdx ca-certificates[135090]: done.
Apr 06 14:28:01.143824 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:01.145191 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:01.147466 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:01.169559 osdx dnscrypt-proxy[135094]: dnscrypt-proxy 2.0.45
Apr 06 14:28:01.169615 osdx dnscrypt-proxy[135094]: Network connectivity detected
Apr 06 14:28:01.169818 osdx dnscrypt-proxy[135094]: Dropping privileges
Apr 06 14:28:01.172118 osdx dnscrypt-proxy[135094]: Network connectivity detected
Apr 06 14:28:01.172148 osdx dnscrypt-proxy[135094]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:01.172152 osdx dnscrypt-proxy[135094]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:01.172164 osdx dnscrypt-proxy[135094]: Firefox workaround initialized
Apr 06 14:28:01.172168 osdx dnscrypt-proxy[135094]: Loading the set of cloaking rules from [/tmp/tmp6eipdbu4]
Apr 06 14:28:01.181542 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:01.203070 osdx dnscrypt-proxy[135094]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 06 14:28:01.203096 osdx dnscrypt-proxy[135094]: [RD] OK (DoH) - rtt: 12ms
Apr 06 14:28:01.203107 osdx dnscrypt-proxy[135094]: Server with the lowest initial latency: RD (rtt: 12ms)
Apr 06 14:28:01.203114 osdx dnscrypt-proxy[135094]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:28:01.331616 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 06 14:28:08.316278 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:08.319757 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:08.319826 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:08.329116 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:08.568265 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 14:28:08.833388 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:08.911838 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:08.999755 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:09.111278 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:09.218781 osdx ubnt-cfgd[136805]: inactive
Apr 06 14:28:09.274635 osdx INFO[136811]: FRR daemons did not change
Apr 06 14:28:09.295756 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:09.340590 osdx WARNING[136879]: No supported link modes on interface eth0
Apr 06 14:28:09.341982 osdx modulelauncher[136879]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:09.342000 osdx modulelauncher[136879]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:09.343109 osdx modulelauncher[136879]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:09.343118 osdx modulelauncher[136879]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:09.380099 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:09.391676 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:09.407871 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:09.546572 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 06 14:28:09.632713 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 06 14:28:09.779926 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:09.837895 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:09.931708 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:09.999638 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:10.079714 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:10.136890 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:10.231593 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 06 14:28:10.282278 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:10.397546 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:10.451213 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:10.687279 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:10.752916 osdx ubnt-cfgd[136982]: inactive
Apr 06 14:28:10.774462 osdx INFO[136990]: FRR daemons did not change
Apr 06 14:28:10.788425 osdx ca-certificates[137006]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:11.298351 osdx ubnt-cfgd[138018]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:11.305691 osdx ca-certificates[138024]: 1 added, 0 removed; done.
Apr 06 14:28:11.308399 osdx ca-certificates[138030]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:11.311034 osdx ca-certificates[138032]: done.
Apr 06 14:28:11.392088 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:11.393367 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:11.395786 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:11.411337 osdx dnscrypt-proxy[138036]: dnscrypt-proxy 2.0.45
Apr 06 14:28:11.411414 osdx dnscrypt-proxy[138036]: Network connectivity detected
Apr 06 14:28:11.411674 osdx dnscrypt-proxy[138036]: Dropping privileges
Apr 06 14:28:11.414260 osdx dnscrypt-proxy[138036]: Network connectivity detected
Apr 06 14:28:11.414296 osdx dnscrypt-proxy[138036]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:11.414302 osdx dnscrypt-proxy[138036]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:11.414327 osdx dnscrypt-proxy[138036]: Firefox workaround initialized
Apr 06 14:28:11.414333 osdx dnscrypt-proxy[138036]: Loading the set of cloaking rules from [/tmp/tmpjquy51pj]
Apr 06 14:28:11.422711 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:11.458700 osdx dnscrypt-proxy[138036]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 06 14:28:11.458713 osdx dnscrypt-proxy[138036]: [RD] OK (DoH) - rtt: 11ms
Apr 06 14:28:11.458720 osdx dnscrypt-proxy[138036]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 06 14:28:11.458725 osdx dnscrypt-proxy[138036]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:28:11.555631 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 06 14:28:11.790823 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:11.791742 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:11.791792 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:11.800128 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:12.113232 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:12.171178 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:28:12.303177 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:28:12.379153 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:12.462288 osdx ubnt-cfgd[138089]: inactive
Apr 06 14:28:12.485138 osdx dnscrypt-proxy[138036]: Stopped.
Apr 06 14:28:12.485175 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:28:12.485808 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:28:12.485917 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:12.544055 osdx WARNING[138154]: No supported link modes on interface eth0
Apr 06 14:28:12.545651 osdx modulelauncher[138154]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:12.545670 osdx modulelauncher[138154]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:12.547080 osdx modulelauncher[138154]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:12.547089 osdx modulelauncher[138154]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:12.566317 osdx ca-certificates[138179]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:28:12.848562 osdx ca-certificates[138756]: done.
Apr 06 14:28:12.851788 osdx ca-certificates[138766]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:13.302715 osdx ubnt-cfgd[139623]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:13.312022 osdx ca-certificates[139628]: 142 added, 0 removed; done.
Apr 06 14:28:13.314894 osdx ca-certificates[139635]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:13.318618 osdx ca-certificates[139637]: done.
Apr 06 14:28:13.337077 osdx INFO[139640]: FRR daemons did not change
Apr 06 14:28:13.337368 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:13.339654 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:13.359410 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:14.511468 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:14.565518 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:14.659748 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:14.729243 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:14.815580 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:14.873154 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:14.963670 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 06 14:28:15.014458 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:15.130152 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:15.183024 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:15.286206 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:15.356818 osdx ubnt-cfgd[139674]: inactive
Apr 06 14:28:15.377005 osdx INFO[139682]: FRR daemons did not change
Apr 06 14:28:15.389892 osdx ca-certificates[139698]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:15.902098 osdx ubnt-cfgd[140710]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:15.909731 osdx ca-certificates[140715]: 1 added, 0 removed; done.
Apr 06 14:28:15.912906 osdx ca-certificates[140722]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:15.915653 osdx ca-certificates[140724]: done.
Apr 06 14:28:15.935746 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:15.979495 osdx WARNING[140790]: No supported link modes on interface eth0
Apr 06 14:28:15.980854 osdx modulelauncher[140790]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:15.980871 osdx modulelauncher[140790]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:15.981967 osdx modulelauncher[140790]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:15.981975 osdx modulelauncher[140790]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:16.116148 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:16.117408 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:16.128093 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:16.143312 osdx dnscrypt-proxy[140839]: dnscrypt-proxy 2.0.45
Apr 06 14:28:16.143390 osdx dnscrypt-proxy[140839]: Network connectivity detected
Apr 06 14:28:16.143623 osdx dnscrypt-proxy[140839]: Dropping privileges
Apr 06 14:28:16.145817 osdx dnscrypt-proxy[140839]: Network connectivity detected
Apr 06 14:28:16.145853 osdx dnscrypt-proxy[140839]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:16.145858 osdx dnscrypt-proxy[140839]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:16.145877 osdx dnscrypt-proxy[140839]: Firefox workaround initialized
Apr 06 14:28:16.145883 osdx dnscrypt-proxy[140839]: Loading the set of cloaking rules from [/tmp/tmprh5b4s6b]
Apr 06 14:28:16.155887 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:16.177355 osdx dnscrypt-proxy[140839]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 06 14:28:16.177367 osdx dnscrypt-proxy[140839]: [RD] OK (DoH) - rtt: 10ms
Apr 06 14:28:16.177373 osdx dnscrypt-proxy[140839]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 06 14:28:16.177377 osdx dnscrypt-proxy[140839]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:28:16.305487 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 06 14:28:16.541837 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:16.543741 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:16.543787 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:16.551137 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:16.782431 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:16.836651 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:28:16.946550 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:28:17.003507 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:17.108971 osdx ubnt-cfgd[140912]: inactive
Apr 06 14:28:17.128871 osdx dnscrypt-proxy[140839]: Stopped.
Apr 06 14:28:17.128945 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:28:17.129526 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:28:17.129648 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:17.183839 osdx WARNING[140976]: No supported link modes on interface eth0
Apr 06 14:28:17.185153 osdx modulelauncher[140976]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:17.185172 osdx modulelauncher[140976]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:17.186356 osdx modulelauncher[140976]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:17.186365 osdx modulelauncher[140976]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:17.203348 osdx ca-certificates[141001]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:28:17.457859 osdx ca-certificates[141578]: done.
Apr 06 14:28:17.461411 osdx ca-certificates[141587]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:17.927638 osdx ubnt-cfgd[142445]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:17.936407 osdx ca-certificates[142451]: 142 added, 0 removed; done.
Apr 06 14:28:17.939186 osdx ca-certificates[142457]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:17.941750 osdx ca-certificates[142459]: done.
Apr 06 14:28:17.957003 osdx INFO[142462]: FRR daemons did not change
Apr 06 14:28:17.957257 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:17.959335 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:17.988222 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:19.156758 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:19.213795 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:19.304274 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:19.365770 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:19.450931 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:19.506733 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:19.612617 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 06 14:28:19.673121 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:19.799439 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:19.853615 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:19.951550 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:20.014147 osdx ubnt-cfgd[142496]: inactive
Apr 06 14:28:20.033724 osdx INFO[142504]: FRR daemons did not change
Apr 06 14:28:20.045261 osdx ca-certificates[142520]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:20.519471 osdx ubnt-cfgd[143532]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:20.526712 osdx ca-certificates[143538]: 1 added, 0 removed; done.
Apr 06 14:28:20.529541 osdx ca-certificates[143544]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:20.532222 osdx ca-certificates[143546]: done.
Apr 06 14:28:20.551754 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:20.593277 osdx WARNING[143612]: No supported link modes on interface eth0
Apr 06 14:28:20.594571 osdx modulelauncher[143612]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:20.594587 osdx modulelauncher[143612]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:20.595693 osdx modulelauncher[143612]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:20.595702 osdx modulelauncher[143612]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:20.696033 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:20.697223 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:20.709230 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:20.716012 osdx dnscrypt-proxy[143661]: dnscrypt-proxy 2.0.45
Apr 06 14:28:20.716082 osdx dnscrypt-proxy[143661]: Network connectivity detected
Apr 06 14:28:20.716286 osdx dnscrypt-proxy[143661]: Dropping privileges
Apr 06 14:28:20.718385 osdx dnscrypt-proxy[143661]: Network connectivity detected
Apr 06 14:28:20.718419 osdx dnscrypt-proxy[143661]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:20.718424 osdx dnscrypt-proxy[143661]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:20.718443 osdx dnscrypt-proxy[143661]: Firefox workaround initialized
Apr 06 14:28:20.718449 osdx dnscrypt-proxy[143661]: Loading the set of cloaking rules from [/tmp/tmpmx3c2sqg]
Apr 06 14:28:20.726292 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:20.749383 osdx dnscrypt-proxy[143661]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:28:20.749403 osdx dnscrypt-proxy[143661]: [RD] OK (DoH) - rtt: 14ms
Apr 06 14:28:20.749412 osdx dnscrypt-proxy[143661]: Server with the lowest initial latency: RD (rtt: 14ms)
Apr 06 14:28:20.749416 osdx dnscrypt-proxy[143661]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:28:20.872553 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 06 14:28:28.287255 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:28.287847 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:28.287891 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:28.297867 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:28.541559 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 14:28:28.866711 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:28.952651 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:29.019157 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:29.122644 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:29.196163 osdx ubnt-cfgd[145390]: inactive
Apr 06 14:28:29.217939 osdx INFO[145396]: FRR daemons did not change
Apr 06 14:28:29.243671 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:29.286071 osdx WARNING[145464]: No supported link modes on interface eth0
Apr 06 14:28:29.287824 osdx modulelauncher[145464]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:29.287842 osdx modulelauncher[145464]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:29.289442 osdx modulelauncher[145464]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:29.289454 osdx modulelauncher[145464]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:29.330159 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:29.341808 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:29.358272 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:29.510865 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 06 14:28:29.631939 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 06 14:28:29.775969 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:29.856240 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:29.961880 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:30.064391 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:30.165710 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:30.258571 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:30.335349 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:28:30.422211 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:30.500481 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:30.593074 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:30.666021 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:30.765108 osdx ubnt-cfgd[145567]: inactive
Apr 06 14:28:30.785389 osdx INFO[145575]: FRR daemons did not change
Apr 06 14:28:30.797291 osdx ca-certificates[145591]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:31.300286 osdx ubnt-cfgd[146603]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:31.307394 osdx ca-certificates[146609]: 1 added, 0 removed; done.
Apr 06 14:28:31.310152 osdx ca-certificates[146615]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:31.312681 osdx ca-certificates[146617]: done.
Apr 06 14:28:31.371939 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:31.373210 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:31.375445 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:31.398071 osdx dnscrypt-proxy[146621]: dnscrypt-proxy 2.0.45
Apr 06 14:28:31.398142 osdx dnscrypt-proxy[146621]: Network connectivity detected
Apr 06 14:28:31.398373 osdx dnscrypt-proxy[146621]: Dropping privileges
Apr 06 14:28:31.400820 osdx dnscrypt-proxy[146621]: Network connectivity detected
Apr 06 14:28:31.400855 osdx dnscrypt-proxy[146621]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:31.400859 osdx dnscrypt-proxy[146621]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:31.400877 osdx dnscrypt-proxy[146621]: Firefox workaround initialized
Apr 06 14:28:31.400882 osdx dnscrypt-proxy[146621]: Loading the set of cloaking rules from [/tmp/tmp1fho51zd]
Apr 06 14:28:31.401582 osdx dnscrypt-proxy[146621]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 06 14:28:31.427368 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:31.429934 osdx dnscrypt-proxy[146621]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:28:31.429954 osdx dnscrypt-proxy[146621]: [RD] OK (DoH) - rtt: 10ms
Apr 06 14:28:31.429962 osdx dnscrypt-proxy[146621]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 06 14:28:31.429968 osdx dnscrypt-proxy[146621]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 06 14:28:37.000222 osdx systemd-timedated[35302]: Changed local time to Mon 2026-04-06 14:28:37 UTC
Apr 06 14:28:37.001424 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'set date 2026-04-06 14:28:37'.
Apr 06 14:28:37.001831 osdx systemd-journald[1969]: Time jumped backwards, rotating.
Apr 06 14:28:37.280757 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:37.281847 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:37.281893 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:37.291191 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:37.500784 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 14:28:37.764868 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:37.841248 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:37.921894 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:37.990769 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:38.079157 osdx ubnt-cfgd[148326]: inactive
Apr 06 14:28:38.098137 osdx INFO[148332]: FRR daemons did not change
Apr 06 14:28:38.117852 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:38.166366 osdx WARNING[148400]: No supported link modes on interface eth0
Apr 06 14:28:38.168110 osdx modulelauncher[148400]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:38.168127 osdx modulelauncher[148400]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:38.169557 osdx modulelauncher[148400]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:38.169565 osdx modulelauncher[148400]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:38.207032 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:38.221293 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:38.237024 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:38.393044 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 06 14:28:38.471758 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 06 14:28:38.652300 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:38.731513 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:38.788992 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:38.895809 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:38.960528 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:39.086066 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:39.142458 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:28:39.235480 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:39.309791 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:39.384962 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:39.463241 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:39.552900 osdx ubnt-cfgd[148503]: inactive
Apr 06 14:28:39.573110 osdx INFO[148511]: FRR daemons did not change
Apr 06 14:28:39.586505 osdx ca-certificates[148527]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:40.098144 osdx ubnt-cfgd[149539]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:40.105688 osdx ca-certificates[149545]: 1 added, 0 removed; done.
Apr 06 14:28:40.109093 osdx ca-certificates[149551]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:40.111911 osdx ca-certificates[149553]: done.
Apr 06 14:28:40.186128 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:40.187219 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:40.189138 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:40.209113 osdx dnscrypt-proxy[149557]: dnscrypt-proxy 2.0.45
Apr 06 14:28:40.209179 osdx dnscrypt-proxy[149557]: Network connectivity detected
Apr 06 14:28:40.209375 osdx dnscrypt-proxy[149557]: Dropping privileges
Apr 06 14:28:40.211537 osdx dnscrypt-proxy[149557]: Network connectivity detected
Apr 06 14:28:40.211566 osdx dnscrypt-proxy[149557]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:40.211570 osdx dnscrypt-proxy[149557]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:40.211584 osdx dnscrypt-proxy[149557]: Firefox workaround initialized
Apr 06 14:28:40.211589 osdx dnscrypt-proxy[149557]: Loading the set of cloaking rules from [/tmp/tmpc5ebacm0]
Apr 06 14:28:40.212324 osdx dnscrypt-proxy[149557]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 06 14:28:40.239898 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:40.243296 osdx dnscrypt-proxy[149557]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:28:40.243317 osdx dnscrypt-proxy[149557]: [RD] OK (DoH) - rtt: 10ms
Apr 06 14:28:40.243327 osdx dnscrypt-proxy[149557]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 06 14:28:40.243333 osdx dnscrypt-proxy[149557]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 06 14:28:40.541832 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:40.545835 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:40.545900 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:40.552217 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:40.845957 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:40.907705 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:28:41.017164 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:28:41.092752 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:41.203974 osdx ubnt-cfgd[149606]: inactive
Apr 06 14:28:41.228130 osdx dnscrypt-proxy[149557]: Stopped.
Apr 06 14:28:41.228170 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:28:41.229324 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:28:41.229460 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:41.295054 osdx WARNING[149670]: No supported link modes on interface eth0
Apr 06 14:28:41.296589 osdx modulelauncher[149670]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:41.296612 osdx modulelauncher[149670]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:41.297886 osdx modulelauncher[149670]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:41.297897 osdx modulelauncher[149670]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:41.322080 osdx ca-certificates[149695]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:28:41.594650 osdx ca-certificates[150272]: done.
Apr 06 14:28:41.597954 osdx ca-certificates[150281]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:42.050735 osdx ubnt-cfgd[151139]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:42.058639 osdx ca-certificates[151145]: 142 added, 0 removed; done.
Apr 06 14:28:42.061463 osdx ca-certificates[151151]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:42.064188 osdx ca-certificates[151153]: done.
Apr 06 14:28:42.078198 osdx INFO[151156]: FRR daemons did not change
Apr 06 14:28:42.078484 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:42.080689 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:42.117322 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:43.418135 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:43.478938 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:43.572993 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:43.643972 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:43.731515 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:43.796787 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:43.885016 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 06 14:28:43.933406 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:44.058462 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:44.122402 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:44.224182 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:44.287068 osdx ubnt-cfgd[151190]: inactive
Apr 06 14:28:44.309610 osdx INFO[151198]: FRR daemons did not change
Apr 06 14:28:44.324240 osdx ca-certificates[151214]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:44.830649 osdx ubnt-cfgd[152226]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:44.838738 osdx ca-certificates[152232]: 1 added, 0 removed; done.
Apr 06 14:28:44.841494 osdx ca-certificates[152238]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:44.844108 osdx ca-certificates[152240]: done.
Apr 06 14:28:44.873836 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:44.914104 osdx WARNING[152306]: No supported link modes on interface eth0
Apr 06 14:28:44.915425 osdx modulelauncher[152306]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:44.915444 osdx modulelauncher[152306]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:44.916711 osdx modulelauncher[152306]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:44.916722 osdx modulelauncher[152306]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:45.022128 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:45.023219 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:45.036466 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:45.045255 osdx dnscrypt-proxy[152355]: dnscrypt-proxy 2.0.45
Apr 06 14:28:45.045308 osdx dnscrypt-proxy[152355]: Network connectivity detected
Apr 06 14:28:45.045476 osdx dnscrypt-proxy[152355]: Dropping privileges
Apr 06 14:28:45.048387 osdx dnscrypt-proxy[152355]: Network connectivity detected
Apr 06 14:28:45.048421 osdx dnscrypt-proxy[152355]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:45.048426 osdx dnscrypt-proxy[152355]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:45.048443 osdx dnscrypt-proxy[152355]: Firefox workaround initialized
Apr 06 14:28:45.048448 osdx dnscrypt-proxy[152355]: Loading the set of cloaking rules from [/tmp/tmpb6ptghe2]
Apr 06 14:28:45.049240 osdx dnscrypt-proxy[152355]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 06 14:28:45.053519 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:45.077321 osdx dnscrypt-proxy[152355]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:28:45.077430 osdx dnscrypt-proxy[152355]: [RD] OK (DoH) - rtt: 10ms
Apr 06 14:28:45.077470 osdx dnscrypt-proxy[152355]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 06 14:28:45.077510 osdx dnscrypt-proxy[152355]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 06 14:28:45.297220 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.9M, max 13.8M, 11.9M free.
Apr 06 14:28:45.297830 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:45.297878 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:45.306509 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:45.547122 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:45.599574 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:28:45.708986 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:28:45.770263 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:45.860430 osdx ubnt-cfgd[152422]: inactive
Apr 06 14:28:45.904302 osdx dnscrypt-proxy[152355]: Stopped.
Apr 06 14:28:45.904341 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:28:45.904964 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:28:45.905061 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:45.956464 osdx WARNING[152486]: No supported link modes on interface eth0
Apr 06 14:28:45.957706 osdx modulelauncher[152486]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:45.957722 osdx modulelauncher[152486]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:45.958785 osdx modulelauncher[152486]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:45.958791 osdx modulelauncher[152486]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:45.974927 osdx ca-certificates[152511]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:28:46.238511 osdx ca-certificates[153089]: done.
Apr 06 14:28:46.242186 osdx ca-certificates[153096]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:46.671525 osdx ubnt-cfgd[153955]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:46.679381 osdx ca-certificates[153960]: 142 added, 0 removed; done.
Apr 06 14:28:46.682086 osdx ca-certificates[153967]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:46.684640 osdx ca-certificates[153969]: done.
Apr 06 14:28:46.699005 osdx INFO[153972]: FRR daemons did not change
Apr 06 14:28:46.699285 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:46.701379 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:46.724444 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:47.878222 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:47.932530 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:48.025584 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:48.083468 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:48.170982 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:48.226127 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:48.316206 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:28:48.374010 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 06 14:28:48.464647 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:48.533914 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:48.614258 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:48.686580 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:48.778015 osdx ubnt-cfgd[154009]: inactive
Apr 06 14:28:48.797152 osdx INFO[154017]: FRR daemons did not change
Apr 06 14:28:48.809121 osdx ca-certificates[154032]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:49.283094 osdx ubnt-cfgd[155045]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:49.290260 osdx ca-certificates[155050]: 1 added, 0 removed; done.
Apr 06 14:28:49.292950 osdx ca-certificates[155057]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:49.295745 osdx ca-certificates[155059]: done.
Apr 06 14:28:49.401840 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:49.442050 osdx WARNING[155125]: No supported link modes on interface eth0
Apr 06 14:28:49.443342 osdx modulelauncher[155125]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:49.443359 osdx modulelauncher[155125]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:49.444462 osdx modulelauncher[155125]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:49.444472 osdx modulelauncher[155125]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:49.534351 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:49.536763 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:49.555495 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:49.562337 osdx dnscrypt-proxy[155174]: dnscrypt-proxy 2.0.45
Apr 06 14:28:49.562389 osdx dnscrypt-proxy[155174]: Network connectivity detected
Apr 06 14:28:49.562564 osdx dnscrypt-proxy[155174]: Dropping privileges
Apr 06 14:28:49.564521 osdx dnscrypt-proxy[155174]: Network connectivity detected
Apr 06 14:28:49.564551 osdx dnscrypt-proxy[155174]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:49.564555 osdx dnscrypt-proxy[155174]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:49.564573 osdx dnscrypt-proxy[155174]: Firefox workaround initialized
Apr 06 14:28:49.564578 osdx dnscrypt-proxy[155174]: Loading the set of cloaking rules from [/tmp/tmp8qmoqcjk]
Apr 06 14:28:49.565460 osdx dnscrypt-proxy[155174]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 06 14:28:49.571263 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:49.608895 osdx dnscrypt-proxy[155174]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:28:49.608917 osdx dnscrypt-proxy[155174]: [RD] OK (DoH) - rtt: 27ms
Apr 06 14:28:49.608928 osdx dnscrypt-proxy[155174]: Server with the lowest initial latency: RD (rtt: 27ms)
Apr 06 14:28:49.608935 osdx dnscrypt-proxy[155174]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 06 14:28:56.334502 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:28:56.334952 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:28:56.334988 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:28:56.344023 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:28:56.552822 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 06 14:28:56.801518 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:56.873295 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:56.951415 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:57.010526 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:57.100712 osdx ubnt-cfgd[156896]: inactive
Apr 06 14:28:57.117461 osdx INFO[156902]: FRR daemons did not change
Apr 06 14:28:57.138641 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:28:57.181252 osdx WARNING[156970]: No supported link modes on interface eth0
Apr 06 14:28:57.182675 osdx modulelauncher[156970]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:28:57.182693 osdx modulelauncher[156970]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:28:57.183852 osdx modulelauncher[156970]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:28:57.183861 osdx modulelauncher[156970]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:28:57.222405 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:57.233835 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:57.249889 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:57.388820 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 06 14:28:57.459169 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 06 14:28:57.629657 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:28:58.168519 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:28:58.230605 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:28:58.331937 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:28:58.393790 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:28:58.489665 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:28:58.552501 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:28:58.649836 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 06 14:28:58.701335 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:28:58.822742 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:28:58.876323 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:28:58.985665 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:28:59.066609 osdx ubnt-cfgd[157076]: inactive
Apr 06 14:28:59.090121 osdx INFO[157084]: FRR daemons did not change
Apr 06 14:28:59.106696 osdx ca-certificates[157100]: Updating certificates in /etc/ssl/certs...
Apr 06 14:28:59.622329 osdx ubnt-cfgd[158112]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:28:59.630837 osdx ca-certificates[158118]: 1 added, 0 removed; done.
Apr 06 14:28:59.634445 osdx ca-certificates[158124]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:28:59.637932 osdx ca-certificates[158126]: done.
Apr 06 14:28:59.710953 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:28:59.712247 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:28:59.714336 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:28:59.730849 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:28:59.731201 osdx dnscrypt-proxy[158130]: dnscrypt-proxy 2.0.45
Apr 06 14:28:59.731270 osdx dnscrypt-proxy[158130]: Network connectivity detected
Apr 06 14:28:59.731494 osdx dnscrypt-proxy[158130]: Dropping privileges
Apr 06 14:28:59.734398 osdx dnscrypt-proxy[158130]: Network connectivity detected
Apr 06 14:28:59.734435 osdx dnscrypt-proxy[158130]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:28:59.734440 osdx dnscrypt-proxy[158130]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:28:59.734475 osdx dnscrypt-proxy[158130]: Firefox workaround initialized
Apr 06 14:28:59.734483 osdx dnscrypt-proxy[158130]: Loading the set of cloaking rules from [/tmp/tmpza57eryz]
Apr 06 14:28:59.765542 osdx dnscrypt-proxy[158130]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 06 14:28:59.765562 osdx dnscrypt-proxy[158130]: [RD] OK (DoH) - rtt: 11ms
Apr 06 14:28:59.765571 osdx dnscrypt-proxy[158130]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 06 14:28:59.765576 osdx dnscrypt-proxy[158130]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:28:59.865949 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 06 14:29:00.063224 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:29:00.066677 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:29:00.066732 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:29:00.073047 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:29:00.342387 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:00.397761 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:29:00.533963 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:29:00.605723 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:00.696816 osdx ubnt-cfgd[158185]: inactive
Apr 06 14:29:00.745414 osdx dnscrypt-proxy[158130]: Stopped.
Apr 06 14:29:00.745469 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:29:00.746391 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:29:00.746492 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:00.805307 osdx WARNING[158249]: No supported link modes on interface eth0
Apr 06 14:29:00.806666 osdx modulelauncher[158249]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:00.806685 osdx modulelauncher[158249]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:00.807864 osdx modulelauncher[158249]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:00.807874 osdx modulelauncher[158249]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:00.827944 osdx ca-certificates[158274]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:29:01.118206 osdx ca-certificates[158851]: done.
Apr 06 14:29:01.121882 osdx ca-certificates[158860]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:01.591694 osdx ubnt-cfgd[159718]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:01.600258 osdx ca-certificates[159723]: 142 added, 0 removed; done.
Apr 06 14:29:01.603352 osdx ca-certificates[159730]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:01.606340 osdx ca-certificates[159732]: done.
Apr 06 14:29:01.621430 osdx INFO[159735]: FRR daemons did not change
Apr 06 14:29:01.621719 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:01.623737 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:01.651496 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:02.839033 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:03.422608 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:29:03.479435 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:29:03.580745 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:29:03.636047 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:29:03.731610 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:29:03.793940 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:29:03.914631 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 06 14:29:03.964855 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:29:04.081613 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:29:04.135841 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:29:04.265887 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:04.330923 osdx ubnt-cfgd[159775]: inactive
Apr 06 14:29:04.350526 osdx INFO[159783]: FRR daemons did not change
Apr 06 14:29:04.365308 osdx ca-certificates[159799]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:04.852679 osdx ubnt-cfgd[160811]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:04.859975 osdx ca-certificates[160817]: 1 added, 0 removed; done.
Apr 06 14:29:04.862869 osdx ca-certificates[160823]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:04.866457 osdx ca-certificates[160825]: done.
Apr 06 14:29:04.886612 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:29:04.929147 osdx WARNING[160891]: No supported link modes on interface eth0
Apr 06 14:29:04.930406 osdx modulelauncher[160891]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:04.930423 osdx modulelauncher[160891]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:04.931846 osdx modulelauncher[160891]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:04.931854 osdx modulelauncher[160891]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:05.042890 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:05.044104 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:05.058298 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:05.061221 osdx dnscrypt-proxy[160940]: dnscrypt-proxy 2.0.45
Apr 06 14:29:05.061291 osdx dnscrypt-proxy[160940]: Network connectivity detected
Apr 06 14:29:05.061507 osdx dnscrypt-proxy[160940]: Dropping privileges
Apr 06 14:29:05.063663 osdx dnscrypt-proxy[160940]: Network connectivity detected
Apr 06 14:29:05.063700 osdx dnscrypt-proxy[160940]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:29:05.063705 osdx dnscrypt-proxy[160940]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:29:05.063724 osdx dnscrypt-proxy[160940]: Firefox workaround initialized
Apr 06 14:29:05.063730 osdx dnscrypt-proxy[160940]: Loading the set of cloaking rules from [/tmp/tmpnlo3buug]
Apr 06 14:29:05.079727 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:05.091310 osdx dnscrypt-proxy[160940]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 06 14:29:05.091322 osdx dnscrypt-proxy[160940]: [RD] OK (DoH) - rtt: 11ms
Apr 06 14:29:05.091329 osdx dnscrypt-proxy[160940]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 06 14:29:05.091332 osdx dnscrypt-proxy[160940]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:29:05.231675 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 06 14:29:05.438023 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:29:05.438604 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:29:05.438658 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:29:05.448048 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:29:05.741295 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:05.795023 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:29:05.906099 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:29:05.964017 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:06.073095 osdx ubnt-cfgd[161012]: inactive
Apr 06 14:29:06.093967 osdx dnscrypt-proxy[160940]: Stopped.
Apr 06 14:29:06.094068 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:29:06.095010 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:29:06.095134 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:06.148912 osdx WARNING[161076]: No supported link modes on interface eth0
Apr 06 14:29:06.150418 osdx modulelauncher[161076]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:06.150437 osdx modulelauncher[161076]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:06.151731 osdx modulelauncher[161076]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:06.151741 osdx modulelauncher[161076]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:06.167545 osdx ca-certificates[161101]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:29:06.429822 osdx ca-certificates[161679]: done.
Apr 06 14:29:06.433242 osdx ca-certificates[161691]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:06.852846 osdx ubnt-cfgd[162545]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:06.860999 osdx ca-certificates[162551]: 142 added, 0 removed; done.
Apr 06 14:29:06.863833 osdx ca-certificates[162557]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:06.866649 osdx ca-certificates[162559]: done.
Apr 06 14:29:06.883322 osdx INFO[162562]: FRR daemons did not change
Apr 06 14:29:06.883617 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:06.885890 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:06.902115 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:08.039808 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:08.565314 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:29:08.617984 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:29:08.716234 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:29:08.769384 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:29:08.863342 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:29:08.915001 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 06 14:29:09.020744 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 06 14:29:09.069720 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:29:09.181945 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:29:09.235304 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:29:09.342666 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:09.411290 osdx ubnt-cfgd[162599]: inactive
Apr 06 14:29:09.433082 osdx INFO[162607]: FRR daemons did not change
Apr 06 14:29:09.447994 osdx ca-certificates[162623]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:09.960626 osdx ubnt-cfgd[163635]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:09.968127 osdx ca-certificates[163640]: 1 added, 0 removed; done.
Apr 06 14:29:09.970896 osdx ca-certificates[163647]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:09.973460 osdx ca-certificates[163649]: done.
Apr 06 14:29:09.994611 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:29:10.033695 osdx WARNING[163715]: No supported link modes on interface eth0
Apr 06 14:29:10.034995 osdx modulelauncher[163715]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:10.035011 osdx modulelauncher[163715]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:10.036096 osdx modulelauncher[163715]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:10.036104 osdx modulelauncher[163715]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:10.142967 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:10.144280 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:10.156262 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:10.166163 osdx dnscrypt-proxy[163764]: dnscrypt-proxy 2.0.45
Apr 06 14:29:10.166218 osdx dnscrypt-proxy[163764]: Network connectivity detected
Apr 06 14:29:10.166413 osdx dnscrypt-proxy[163764]: Dropping privileges
Apr 06 14:29:10.168593 osdx dnscrypt-proxy[163764]: Network connectivity detected
Apr 06 14:29:10.168630 osdx dnscrypt-proxy[163764]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:29:10.168634 osdx dnscrypt-proxy[163764]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:29:10.168657 osdx dnscrypt-proxy[163764]: Firefox workaround initialized
Apr 06 14:29:10.168662 osdx dnscrypt-proxy[163764]: Loading the set of cloaking rules from [/tmp/tmpvs61e2ba]
Apr 06 14:29:10.172713 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:10.200057 osdx dnscrypt-proxy[163764]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:29:10.200075 osdx dnscrypt-proxy[163764]: [RD] OK (DoH) - rtt: 12ms
Apr 06 14:29:10.200084 osdx dnscrypt-proxy[163764]: Server with the lowest initial latency: RD (rtt: 12ms)
Apr 06 14:29:10.200090 osdx dnscrypt-proxy[163764]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:29:10.338006 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 06 14:29:10.610271 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:29:10.610700 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:29:10.610731 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:29:10.620146 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:29:10.866423 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:10.932530 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:29:11.064020 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:29:11.132689 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:11.213839 osdx ubnt-cfgd[163836]: inactive
Apr 06 14:29:11.234370 osdx dnscrypt-proxy[163764]: Stopped.
Apr 06 14:29:11.234388 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:29:11.235156 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:29:11.235269 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:11.299405 osdx WARNING[163900]: No supported link modes on interface eth0
Apr 06 14:29:11.300848 osdx modulelauncher[163900]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:11.300868 osdx modulelauncher[163900]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:11.301997 osdx modulelauncher[163900]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:11.302005 osdx modulelauncher[163900]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:11.319302 osdx ca-certificates[163925]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:29:11.593513 osdx ca-certificates[164502]: done.
Apr 06 14:29:11.596196 osdx ca-certificates[164511]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:11.981540 osdx ubnt-cfgd[165369]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:11.989065 osdx ca-certificates[165374]: 142 added, 0 removed; done.
Apr 06 14:29:11.991744 osdx ca-certificates[165381]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:11.994393 osdx ca-certificates[165383]: done.
Apr 06 14:29:12.008191 osdx INFO[165386]: FRR daemons did not change
Apr 06 14:29:12.008443 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:12.010328 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:12.025436 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:13.177145 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:13.707562 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:29:13.769408 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:29:13.859714 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:29:13.912774 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:29:14.015006 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:29:14.069144 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 06 14:29:14.164874 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 06 14:29:14.218354 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:29:14.331225 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:29:14.385310 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:29:14.489727 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:14.580457 osdx ubnt-cfgd[165424]: inactive
Apr 06 14:29:14.612603 osdx INFO[165432]: FRR daemons did not change
Apr 06 14:29:14.626219 osdx ca-certificates[165447]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:15.156322 osdx ubnt-cfgd[166460]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:15.166531 osdx ca-certificates[166466]: 1 added, 0 removed; done.
Apr 06 14:29:15.169839 osdx ca-certificates[166472]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:15.173119 osdx ca-certificates[166474]: done.
Apr 06 14:29:15.194611 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:29:15.237330 osdx WARNING[166540]: No supported link modes on interface eth0
Apr 06 14:29:15.238626 osdx modulelauncher[166540]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:15.238643 osdx modulelauncher[166540]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:15.239755 osdx modulelauncher[166540]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:15.239762 osdx modulelauncher[166540]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:15.350941 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:15.352266 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:15.366769 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:15.370802 osdx dnscrypt-proxy[166589]: dnscrypt-proxy 2.0.45
Apr 06 14:29:15.370868 osdx dnscrypt-proxy[166589]: Network connectivity detected
Apr 06 14:29:15.371074 osdx dnscrypt-proxy[166589]: Dropping privileges
Apr 06 14:29:15.373662 osdx dnscrypt-proxy[166589]: Network connectivity detected
Apr 06 14:29:15.373694 osdx dnscrypt-proxy[166589]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:29:15.373699 osdx dnscrypt-proxy[166589]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:29:15.373717 osdx dnscrypt-proxy[166589]: Firefox workaround initialized
Apr 06 14:29:15.373722 osdx dnscrypt-proxy[166589]: Loading the set of cloaking rules from [/tmp/tmp5xc819m8]
Apr 06 14:29:15.384773 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:15.406496 osdx dnscrypt-proxy[166589]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 06 14:29:15.406508 osdx dnscrypt-proxy[166589]: [RD] OK (DoH) - rtt: 14ms
Apr 06 14:29:15.406523 osdx dnscrypt-proxy[166589]: Server with the lowest initial latency: RD (rtt: 14ms)
Apr 06 14:29:15.406527 osdx dnscrypt-proxy[166589]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:29:15.532605 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 06 14:29:15.750022 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:29:15.750616 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:29:15.750685 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:29:15.761231 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:29:16.050877 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:16.101958 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:29:16.210013 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:29:16.266466 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:16.354828 osdx ubnt-cfgd[166661]: inactive
Apr 06 14:29:16.374256 osdx dnscrypt-proxy[166589]: Stopped.
Apr 06 14:29:16.374304 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:29:16.374875 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:29:16.374984 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:16.426079 osdx WARNING[166725]: No supported link modes on interface eth0
Apr 06 14:29:16.427511 osdx modulelauncher[166725]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:16.427533 osdx modulelauncher[166725]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:16.428655 osdx modulelauncher[166725]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:16.428662 osdx modulelauncher[166725]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:16.443974 osdx ca-certificates[166750]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:29:16.715220 osdx ca-certificates[167327]: done.
Apr 06 14:29:16.719843 osdx ca-certificates[167338]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:17.162998 osdx ubnt-cfgd[168194]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:17.170514 osdx ca-certificates[168200]: 142 added, 0 removed; done.
Apr 06 14:29:17.173228 osdx ca-certificates[168206]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:17.175797 osdx ca-certificates[168208]: done.
Apr 06 14:29:17.189126 osdx INFO[168211]: FRR daemons did not change
Apr 06 14:29:17.189370 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:17.337623 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:17.369008 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:18.488392 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:19.022527 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:29:19.075396 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:29:19.172635 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:29:19.226443 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:29:19.322996 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:29:19.376845 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 06 14:29:19.475049 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 06 14:29:19.526550 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:29:19.632273 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:29:19.687391 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:29:19.816016 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:19.886587 osdx ubnt-cfgd[168248]: inactive
Apr 06 14:29:19.908211 osdx INFO[168256]: FRR daemons did not change
Apr 06 14:29:19.922608 osdx ca-certificates[168272]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:20.475329 osdx ubnt-cfgd[169284]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:20.484475 osdx ca-certificates[169289]: 1 added, 0 removed; done.
Apr 06 14:29:20.487540 osdx ca-certificates[169296]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:20.490507 osdx ca-certificates[169298]: done.
Apr 06 14:29:20.510614 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:29:20.552845 osdx WARNING[169364]: No supported link modes on interface eth0
Apr 06 14:29:20.554142 osdx modulelauncher[169364]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:20.554159 osdx modulelauncher[169364]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:20.555243 osdx modulelauncher[169364]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:20.555250 osdx modulelauncher[169364]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:20.658874 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:20.659886 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:20.671115 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:20.678441 osdx dnscrypt-proxy[169413]: dnscrypt-proxy 2.0.45
Apr 06 14:29:20.678497 osdx dnscrypt-proxy[169413]: Network connectivity detected
Apr 06 14:29:20.678688 osdx dnscrypt-proxy[169413]: Dropping privileges
Apr 06 14:29:20.680747 osdx dnscrypt-proxy[169413]: Network connectivity detected
Apr 06 14:29:20.680777 osdx dnscrypt-proxy[169413]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:29:20.680780 osdx dnscrypt-proxy[169413]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:29:20.680795 osdx dnscrypt-proxy[169413]: Firefox workaround initialized
Apr 06 14:29:20.680802 osdx dnscrypt-proxy[169413]: Loading the set of cloaking rules from [/tmp/tmpirovipm9]
Apr 06 14:29:20.695497 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:20.710885 osdx dnscrypt-proxy[169413]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 06 14:29:20.710898 osdx dnscrypt-proxy[169413]: [RD] OK (DoH) - rtt: 11ms
Apr 06 14:29:20.710905 osdx dnscrypt-proxy[169413]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 06 14:29:20.710909 osdx dnscrypt-proxy[169413]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:29:20.855105 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 06 14:29:21.065930 osdx systemd-journald[1969]: Runtime Journal (/run/log/journal/8555dfc266884f30a3544832475c4d6c) is 1.8M, max 13.8M, 11.9M free.
Apr 06 14:29:21.066606 osdx systemd-journald[1969]: Received client request to rotate journal, rotating.
Apr 06 14:29:21.066643 osdx systemd-journald[1969]: Vacuuming done, freed 0B of archived journals from /run/log/journal/8555dfc266884f30a3544832475c4d6c.
Apr 06 14:29:21.075467 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'system journal clear'.
Apr 06 14:29:21.342010 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:21.434766 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'delete '.
Apr 06 14:29:21.545110 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 06 14:29:21.612626 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:21.718324 osdx ubnt-cfgd[169486]: inactive
Apr 06 14:29:21.743721 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 06 14:29:21.743738 osdx dnscrypt-proxy[169413]: Stopped.
Apr 06 14:29:21.744869 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 06 14:29:21.744978 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:21.805098 osdx WARNING[169550]: No supported link modes on interface eth0
Apr 06 14:29:21.806599 osdx modulelauncher[169550]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:21.806617 osdx modulelauncher[169550]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:21.807782 osdx modulelauncher[169550]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:21.807794 osdx modulelauncher[169550]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:21.823073 osdx ca-certificates[169575]: Clearing symlinks in /etc/ssl/certs...
Apr 06 14:29:22.076429 osdx ca-certificates[170152]: done.
Apr 06 14:29:22.079809 osdx ca-certificates[170161]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:22.528229 osdx ubnt-cfgd[171019]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:22.537287 osdx ca-certificates[171025]: 142 added, 0 removed; done.
Apr 06 14:29:22.540240 osdx ca-certificates[171031]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:22.543007 osdx ca-certificates[171033]: done.
Apr 06 14:29:22.558788 osdx INFO[171036]: FRR daemons did not change
Apr 06 14:29:22.559067 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:22.686736 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:22.710652 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:24.026159 osdx OSDxCLI[10275]: User 'admin' entered the configuration menu.
Apr 06 14:29:24.555035 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 06 14:29:24.618782 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 06 14:29:24.727142 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 06 14:29:24.782324 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 06 14:29:24.876078 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f012756fda3a0f7b545bee800131852f93b004603c72fb7b24f62cc68bdd865c'.
Apr 06 14:29:24.931145 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 06 14:29:25.052215 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 06 14:29:25.108474 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 06 14:29:25.219416 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 06 14:29:25.272200 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 06 14:29:25.379592 osdx OSDxCLI[10275]: User 'admin' added a new cfg line: 'show working'.
Apr 06 14:29:25.442659 osdx ubnt-cfgd[171073]: inactive
Apr 06 14:29:25.463590 osdx INFO[171081]: FRR daemons did not change
Apr 06 14:29:25.476170 osdx ca-certificates[171097]: Updating certificates in /etc/ssl/certs...
Apr 06 14:29:25.960190 osdx ubnt-cfgd[172109]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 06 14:29:25.967770 osdx ca-certificates[172115]: 1 added, 0 removed; done.
Apr 06 14:29:25.970469 osdx ca-certificates[172121]: Running hooks in /etc/ca-certificates/update.d...
Apr 06 14:29:25.972996 osdx ca-certificates[172123]: done.
Apr 06 14:29:26.018616 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 06 14:29:26.030729 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Apr 06 14:29:26.064711 osdx WARNING[172191]: No supported link modes on interface eth0
Apr 06 14:29:26.066399 osdx modulelauncher[172191]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 06 14:29:26.066417 osdx modulelauncher[172191]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 06 14:29:26.067913 osdx modulelauncher[172191]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Apr 06 14:29:26.067928 osdx modulelauncher[172191]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Apr 06 14:29:26.170921 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 06 14:29:26.172123 osdx cfgd[1666]: [10275]Completed change to active configuration
Apr 06 14:29:26.183642 osdx OSDxCLI[10275]: User 'admin' committed the configuration.
Apr 06 14:29:26.190688 osdx dnscrypt-proxy[172240]: dnscrypt-proxy 2.0.45
Apr 06 14:29:26.190758 osdx dnscrypt-proxy[172240]: Network connectivity detected
Apr 06 14:29:26.190987 osdx dnscrypt-proxy[172240]: Dropping privileges
Apr 06 14:29:26.193796 osdx dnscrypt-proxy[172240]: Network connectivity detected
Apr 06 14:29:26.193832 osdx dnscrypt-proxy[172240]: Now listening to 127.0.0.1:53 [UDP]
Apr 06 14:29:26.193837 osdx dnscrypt-proxy[172240]: Now listening to 127.0.0.1:53 [TCP]
Apr 06 14:29:26.193854 osdx dnscrypt-proxy[172240]: Firefox workaround initialized
Apr 06 14:29:26.193862 osdx dnscrypt-proxy[172240]: Loading the set of cloaking rules from [/tmp/tmpdryldsvo]
Apr 06 14:29:26.201520 osdx OSDxCLI[10275]: User 'admin' left the configuration menu.
Apr 06 14:29:26.224755 osdx dnscrypt-proxy[172240]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 06 14:29:26.224772 osdx dnscrypt-proxy[172240]: [RD] OK (DoH) - rtt: 10ms
Apr 06 14:29:26.224780 osdx dnscrypt-proxy[172240]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 06 14:29:26.224785 osdx dnscrypt-proxy[172240]: dnscrypt-proxy is ready - live servers: 1
Apr 06 14:29:26.344846 osdx OSDxCLI[10275]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---