Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Dec 11 19:45:09.327117 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:45:09.329282 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:45:09.329348 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:45:09.338035 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:45:09.540759 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 19:45:09.757716 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:09.938617 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:45:09.993875 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:45:10.122470 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:10.185730 osdx ubnt-cfgd[639305]: inactive
Dec 11 19:45:10.207686 osdx INFO[639311]: FRR daemons did not change
Dec 11 19:45:10.241250 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:45:10.287706 osdx WARNING[639380]: No supported link modes on interface eth0
Dec 11 19:45:10.289516 osdx modulelauncher[639380]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:45:10.289528 osdx modulelauncher[639380]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:45:10.291148 osdx modulelauncher[639380]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:45:10.291158 osdx modulelauncher[639380]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:45:10.330262 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:10.345495 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:10.363367 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:10.534650 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 11 19:45:10.601994 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal show | cat'.
Dec 11 19:45:10.768993 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:10.835572 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:45:10.925025 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:45:10.998631 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:45:11.093949 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:45:11.192576 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:45:11.247755 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 11 19:45:11.345877 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:45:11.526144 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:45:11.610712 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:45:11.723306 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:11.785654 osdx ubnt-cfgd[639484]: inactive
Dec 11 19:45:11.804564 osdx INFO[639492]: FRR daemons did not change
Dec 11 19:45:11.816559 osdx ca-certificates[639508]: Updating certificates in /etc/ssl/certs...
Dec 11 19:45:12.322269 osdx ubnt-cfgd[640520]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:45:12.330045 osdx ca-certificates[640525]: 1 added, 0 removed; done.
Dec 11 19:45:12.332850 osdx ca-certificates[640532]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:45:12.335799 osdx ca-certificates[640534]: done.
Dec 11 19:45:12.409595 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:45:12.410864 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:12.412865 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:12.436104 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:12.437926 osdx dnscrypt-proxy[640538]: dnscrypt-proxy 2.0.45
Dec 11 19:45:12.437986 osdx dnscrypt-proxy[640538]: Network connectivity detected
Dec 11 19:45:12.438202 osdx dnscrypt-proxy[640538]: Dropping privileges
Dec 11 19:45:12.440423 osdx dnscrypt-proxy[640538]: Network connectivity detected
Dec 11 19:45:12.440452 osdx dnscrypt-proxy[640538]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:45:12.440456 osdx dnscrypt-proxy[640538]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:45:12.440469 osdx dnscrypt-proxy[640538]: Firefox workaround initialized
Dec 11 19:45:12.440474 osdx dnscrypt-proxy[640538]: Loading the set of cloaking rules from [/tmp/tmps05yqwfk]
Dec 11 19:45:12.616210 osdx dnscrypt-proxy[640538]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 11 19:45:12.616232 osdx dnscrypt-proxy[640538]: [RD] OK (DoH) - rtt: 116ms
Dec 11 19:45:12.616241 osdx dnscrypt-proxy[640538]: Server with the lowest initial latency: RD (rtt: 116ms)
Dec 11 19:45:12.616245 osdx dnscrypt-proxy[640538]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:45:17.605509 osdx OSDxCLI[544029]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 11 19:45:27.703410 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Dec 11 19:45:35.344053 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:45:35.344686 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:45:35.344726 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:45:35.354803 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:45:35.599508 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 19:45:35.900554 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:36.008104 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:45:36.073019 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:45:36.175441 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:36.234678 osdx ubnt-cfgd[642261]: inactive
Dec 11 19:45:36.304587 osdx INFO[642267]: FRR daemons did not change
Dec 11 19:45:36.340517 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:45:36.386870 osdx WARNING[642336]: No supported link modes on interface eth0
Dec 11 19:45:36.388665 osdx modulelauncher[642336]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:45:36.388677 osdx modulelauncher[642336]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:45:36.390164 osdx modulelauncher[642336]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:45:36.390173 osdx modulelauncher[642336]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:45:36.431492 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:36.443919 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:36.482883 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:36.640985 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 11 19:45:36.736675 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal show | cat'.
Dec 11 19:45:36.868330 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:36.947208 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:45:37.044364 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:45:37.105189 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:45:37.219604 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:45:37.325593 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:45:37.378932 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 11 19:45:37.471549 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:45:37.548620 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:45:37.624905 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:45:37.730369 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:37.830790 osdx ubnt-cfgd[642440]: inactive
Dec 11 19:45:37.854698 osdx INFO[642448]: FRR daemons did not change
Dec 11 19:45:37.867693 osdx ca-certificates[642464]: Updating certificates in /etc/ssl/certs...
Dec 11 19:45:38.447034 osdx ubnt-cfgd[643476]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:45:38.456310 osdx ca-certificates[643481]: 1 added, 0 removed; done.
Dec 11 19:45:38.459280 osdx ca-certificates[643488]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:45:38.462184 osdx ca-certificates[643490]: done.
Dec 11 19:45:38.524840 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:45:38.526055 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:38.528124 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:38.545652 osdx dnscrypt-proxy[643494]: dnscrypt-proxy 2.0.45
Dec 11 19:45:38.545727 osdx dnscrypt-proxy[643494]: Network connectivity detected
Dec 11 19:45:38.545968 osdx dnscrypt-proxy[643494]: Dropping privileges
Dec 11 19:45:38.548948 osdx dnscrypt-proxy[643494]: Network connectivity detected
Dec 11 19:45:38.548983 osdx dnscrypt-proxy[643494]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:45:38.548987 osdx dnscrypt-proxy[643494]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:45:38.549013 osdx dnscrypt-proxy[643494]: Firefox workaround initialized
Dec 11 19:45:38.549021 osdx dnscrypt-proxy[643494]: Loading the set of cloaking rules from [/tmp/tmpsw389scb]
Dec 11 19:45:38.706830 osdx dnscrypt-proxy[643494]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 11 19:45:38.706857 osdx dnscrypt-proxy[643494]: [RD] OK (DoH) - rtt: 100ms
Dec 11 19:45:38.706866 osdx dnscrypt-proxy[643494]: Server with the lowest initial latency: RD (rtt: 100ms)
Dec 11 19:45:38.706872 osdx dnscrypt-proxy[643494]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:45:38.750224 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:38.820787 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Dec 11 19:45:39.026769 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:45:39.028503 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:45:39.028573 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:45:39.037038 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:45:39.313603 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:39.385688 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:45:39.501842 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:45:39.560168 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:39.655678 osdx ubnt-cfgd[643548]: inactive
Dec 11 19:45:39.680989 osdx dnscrypt-proxy[643494]: Stopped.
Dec 11 19:45:39.681044 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:45:39.681836 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:45:39.681953 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:45:39.740979 osdx WARNING[643612]: No supported link modes on interface eth0
Dec 11 19:45:39.742333 osdx modulelauncher[643612]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:45:39.742346 osdx modulelauncher[643612]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:45:39.743467 osdx modulelauncher[643612]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:45:39.743476 osdx modulelauncher[643612]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:45:39.759643 osdx ca-certificates[643637]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:45:40.054105 osdx ca-certificates[644214]: done.
Dec 11 19:45:40.057151 osdx ca-certificates[644223]: Updating certificates in /etc/ssl/certs...
Dec 11 19:45:40.533963 osdx ubnt-cfgd[645081]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:45:40.543161 osdx ca-certificates[645087]: 142 added, 0 removed; done.
Dec 11 19:45:40.546883 osdx ca-certificates[645093]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:45:40.549658 osdx ca-certificates[645095]: done.
Dec 11 19:45:40.564091 osdx INFO[645098]: FRR daemons did not change
Dec 11 19:45:40.564381 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:40.566488 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:40.584550 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:41.771982 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:41.828836 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:45:41.936318 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:45:41.999798 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:45:42.091700 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:45:42.147096 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:45:42.249035 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 11 19:45:42.306226 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:45:42.472907 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:45:42.533703 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:45:42.631354 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:42.696567 osdx ubnt-cfgd[645131]: inactive
Dec 11 19:45:42.718110 osdx INFO[645139]: FRR daemons did not change
Dec 11 19:45:42.730226 osdx ca-certificates[645155]: Updating certificates in /etc/ssl/certs...
Dec 11 19:45:43.269646 osdx ubnt-cfgd[646167]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:45:43.277561 osdx ca-certificates[646173]: 1 added, 0 removed; done.
Dec 11 19:45:43.281240 osdx ca-certificates[646179]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:45:43.284810 osdx ca-certificates[646181]: done.
Dec 11 19:45:43.316503 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:45:43.358555 osdx WARNING[646248]: No supported link modes on interface eth0
Dec 11 19:45:43.359940 osdx modulelauncher[646248]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:45:43.359952 osdx modulelauncher[646248]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:45:43.361074 osdx modulelauncher[646248]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:45:43.361083 osdx modulelauncher[646248]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:45:43.472836 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:45:43.474156 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:45:43.488440 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:45:43.498608 osdx dnscrypt-proxy[646297]: dnscrypt-proxy 2.0.45
Dec 11 19:45:43.498666 osdx dnscrypt-proxy[646297]: Network connectivity detected
Dec 11 19:45:43.498845 osdx dnscrypt-proxy[646297]: Dropping privileges
Dec 11 19:45:43.501882 osdx dnscrypt-proxy[646297]: Network connectivity detected
Dec 11 19:45:43.501932 osdx dnscrypt-proxy[646297]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:45:43.501937 osdx dnscrypt-proxy[646297]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:45:43.501958 osdx dnscrypt-proxy[646297]: Firefox workaround initialized
Dec 11 19:45:43.501966 osdx dnscrypt-proxy[646297]: Loading the set of cloaking rules from [/tmp/tmp34h1u2fu]
Dec 11 19:45:43.510334 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:45:43.658904 osdx dnscrypt-proxy[646297]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 11 19:45:43.658922 osdx dnscrypt-proxy[646297]: [RD] OK (DoH) - rtt: 100ms
Dec 11 19:45:43.658930 osdx dnscrypt-proxy[646297]: Server with the lowest initial latency: RD (rtt: 100ms)
Dec 11 19:45:43.658933 osdx dnscrypt-proxy[646297]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:45:48.657867 osdx OSDxCLI[544029]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 11 19:45:58.742803 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Dec 11 19:45:58.977637 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:45:58.980506 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:45:58.980575 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:45:58.987540 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:45:59.260671 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:45:59.322455 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:45:59.447211 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:45:59.506294 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:45:59.615456 osdx ubnt-cfgd[646374]: inactive
Dec 11 19:45:59.636217 osdx dnscrypt-proxy[646297]: Stopped.
Dec 11 19:45:59.636255 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:45:59.636938 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:45:59.637053 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:45:59.702225 osdx WARNING[646438]: No supported link modes on interface eth0
Dec 11 19:45:59.703628 osdx modulelauncher[646438]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:45:59.703641 osdx modulelauncher[646438]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:45:59.705173 osdx modulelauncher[646438]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:45:59.705182 osdx modulelauncher[646438]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:45:59.721766 osdx ca-certificates[646463]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:46:00.014438 osdx ca-certificates[647041]: done.
Dec 11 19:46:00.017545 osdx ca-certificates[647051]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:00.529019 osdx ubnt-cfgd[647907]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:00.537469 osdx ca-certificates[647912]: 142 added, 0 removed; done.
Dec 11 19:46:00.540458 osdx ca-certificates[647919]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:00.543362 osdx ca-certificates[647921]: done.
Dec 11 19:46:00.557755 osdx INFO[647924]: FRR daemons did not change
Dec 11 19:46:00.558042 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:00.560288 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:00.579661 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:01.952601 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:02.024512 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:46:02.126168 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:46:02.279772 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:46:02.358555 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:46:02.455261 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:46:02.510071 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 11 19:46:02.612435 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:46:02.698777 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:02.778832 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:02.885107 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:02.964150 osdx ubnt-cfgd[647960]: inactive
Dec 11 19:46:02.987779 osdx INFO[647968]: FRR daemons did not change
Dec 11 19:46:03.001824 osdx ca-certificates[647984]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:03.523385 osdx ubnt-cfgd[648996]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:03.532015 osdx ca-certificates[649001]: 1 added, 0 removed; done.
Dec 11 19:46:03.535847 osdx ca-certificates[649008]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:03.539711 osdx ca-certificates[649010]: done.
Dec 11 19:46:03.584514 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:46:03.626974 osdx WARNING[649077]: No supported link modes on interface eth0
Dec 11 19:46:03.628302 osdx modulelauncher[649077]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:03.628314 osdx modulelauncher[649077]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:03.629556 osdx modulelauncher[649077]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:03.629563 osdx modulelauncher[649077]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:03.720878 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:03.722367 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:03.737296 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:03.749130 osdx dnscrypt-proxy[649126]: dnscrypt-proxy 2.0.45
Dec 11 19:46:03.749199 osdx dnscrypt-proxy[649126]: Network connectivity detected
Dec 11 19:46:03.749426 osdx dnscrypt-proxy[649126]: Dropping privileges
Dec 11 19:46:03.751746 osdx dnscrypt-proxy[649126]: Network connectivity detected
Dec 11 19:46:03.751776 osdx dnscrypt-proxy[649126]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:46:03.751780 osdx dnscrypt-proxy[649126]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:46:03.751797 osdx dnscrypt-proxy[649126]: Firefox workaround initialized
Dec 11 19:46:03.751802 osdx dnscrypt-proxy[649126]: Loading the set of cloaking rules from [/tmp/tmpq5e3oiin]
Dec 11 19:46:03.768548 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:03.916264 osdx dnscrypt-proxy[649126]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 11 19:46:03.916279 osdx dnscrypt-proxy[649126]: [RD] OK (DoH) - rtt: 99ms
Dec 11 19:46:03.916286 osdx dnscrypt-proxy[649126]: Server with the lowest initial latency: RD (rtt: 99ms)
Dec 11 19:46:03.916291 osdx dnscrypt-proxy[649126]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:46:05.030270 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Dec 11 19:46:08.923443 osdx OSDxCLI[544029]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 11 19:46:19.002876 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Dec 11 19:46:26.000286 osdx systemd-timedated[650842]: Changed local time to Thu 2025-12-11 19:46:26 UTC
Dec 11 19:46:26.001638 osdx systemd-journald[265387]: Time jumped backwards, rotating.
Dec 11 19:46:26.001953 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'set date 2025-12-11 19:46:26'.
Dec 11 19:46:26.369723 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:46:26.373655 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:46:26.373741 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:46:26.380167 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:46:26.633232 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 19:46:26.903032 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:26.988098 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:27.062355 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:27.229187 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:27.309356 osdx ubnt-cfgd[650871]: inactive
Dec 11 19:46:27.329898 osdx INFO[650877]: FRR daemons did not change
Dec 11 19:46:27.361636 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:46:27.412055 osdx WARNING[650946]: No supported link modes on interface eth0
Dec 11 19:46:27.414153 osdx modulelauncher[650946]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:27.414168 osdx modulelauncher[650946]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:27.415672 osdx modulelauncher[650946]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:27.415681 osdx modulelauncher[650946]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:27.454010 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:27.466094 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:27.484937 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:27.634419 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 11 19:46:27.755730 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal show | cat'.
Dec 11 19:46:27.904670 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:27.965021 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:46:28.077031 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:46:28.162030 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:46:28.261525 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:46:28.351707 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:46:28.410838 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:46:28.514711 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:46:28.614111 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:28.702911 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:28.812951 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:28.884933 osdx ubnt-cfgd[651050]: inactive
Dec 11 19:46:28.914689 osdx INFO[651058]: FRR daemons did not change
Dec 11 19:46:28.931279 osdx ca-certificates[651074]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:29.502008 osdx ubnt-cfgd[652086]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:29.509664 osdx ca-certificates[652091]: 1 added, 0 removed; done.
Dec 11 19:46:29.512724 osdx ca-certificates[652098]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:29.516418 osdx ca-certificates[652100]: done.
Dec 11 19:46:29.586035 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:29.587448 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:29.589753 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:29.604571 osdx dnscrypt-proxy[652104]: dnscrypt-proxy 2.0.45
Dec 11 19:46:29.604655 osdx dnscrypt-proxy[652104]: Network connectivity detected
Dec 11 19:46:29.604873 osdx dnscrypt-proxy[652104]: Dropping privileges
Dec 11 19:46:29.605653 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:29.607458 osdx dnscrypt-proxy[652104]: Network connectivity detected
Dec 11 19:46:29.607497 osdx dnscrypt-proxy[652104]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:46:29.607501 osdx dnscrypt-proxy[652104]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:46:29.607515 osdx dnscrypt-proxy[652104]: Firefox workaround initialized
Dec 11 19:46:29.607520 osdx dnscrypt-proxy[652104]: Loading the set of cloaking rules from [/tmp/tmpm_k07csc]
Dec 11 19:46:29.608277 osdx dnscrypt-proxy[652104]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Dec 11 19:46:38.429632 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.9M, max 13.8M, 11.9M free.
Dec 11 19:46:38.432529 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:46:38.432604 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:46:38.440306 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:46:38.660803 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 19:46:38.991988 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:39.109142 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:39.188070 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:39.306805 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:39.405793 osdx ubnt-cfgd[653818]: inactive
Dec 11 19:46:39.425270 osdx INFO[653824]: FRR daemons did not change
Dec 11 19:46:39.456529 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:46:39.497063 osdx WARNING[653893]: No supported link modes on interface eth0
Dec 11 19:46:39.498438 osdx modulelauncher[653893]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:39.498451 osdx modulelauncher[653893]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:39.499553 osdx modulelauncher[653893]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:39.499562 osdx modulelauncher[653893]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:39.532286 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:39.543571 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:39.572244 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:39.715901 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 11 19:46:39.783388 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal show | cat'.
Dec 11 19:46:39.979576 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:40.057589 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:46:40.198793 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:46:40.284256 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:46:40.382618 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:46:40.443524 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:46:40.568465 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:46:40.673244 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:46:40.815932 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:40.908694 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:41.004711 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:41.105273 osdx ubnt-cfgd[653997]: inactive
Dec 11 19:46:41.129164 osdx INFO[654005]: FRR daemons did not change
Dec 11 19:46:41.143152 osdx ca-certificates[654021]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:41.709453 osdx ubnt-cfgd[655033]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:41.719189 osdx ca-certificates[655038]: 1 added, 0 removed; done.
Dec 11 19:46:41.722854 osdx ca-certificates[655045]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:41.726475 osdx ca-certificates[655047]: done.
Dec 11 19:46:41.788888 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:41.790266 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:41.792639 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:41.813055 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:41.818048 osdx dnscrypt-proxy[655051]: dnscrypt-proxy 2.0.45
Dec 11 19:46:41.818110 osdx dnscrypt-proxy[655051]: Network connectivity detected
Dec 11 19:46:41.818316 osdx dnscrypt-proxy[655051]: Dropping privileges
Dec 11 19:46:41.820726 osdx dnscrypt-proxy[655051]: Network connectivity detected
Dec 11 19:46:41.820758 osdx dnscrypt-proxy[655051]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:46:41.820763 osdx dnscrypt-proxy[655051]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:46:41.820783 osdx dnscrypt-proxy[655051]: Firefox workaround initialized
Dec 11 19:46:41.820789 osdx dnscrypt-proxy[655051]: Loading the set of cloaking rules from [/tmp/tmp55adhhkw]
Dec 11 19:46:41.821654 osdx dnscrypt-proxy[655051]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Dec 11 19:46:42.063556 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:46:42.064517 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:46:42.064566 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:46:42.076637 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:46:42.335091 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:42.396072 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:46:42.509845 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:46:42.570261 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:42.664845 osdx ubnt-cfgd[655100]: inactive
Dec 11 19:46:42.686523 osdx dnscrypt-proxy[655051]: Stopped.
Dec 11 19:46:42.686609 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:46:42.687381 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:46:42.687507 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:42.743286 osdx WARNING[655164]: No supported link modes on interface eth0
Dec 11 19:46:42.745043 osdx modulelauncher[655164]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:42.745056 osdx modulelauncher[655164]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:42.746262 osdx modulelauncher[655164]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:42.746269 osdx modulelauncher[655164]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:42.762854 osdx ca-certificates[655189]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:46:43.060816 osdx ca-certificates[655766]: done.
Dec 11 19:46:43.064054 osdx ca-certificates[655777]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:43.555320 osdx ubnt-cfgd[656633]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:43.563785 osdx ca-certificates[656638]: 142 added, 0 removed; done.
Dec 11 19:46:43.567637 osdx ca-certificates[656645]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:43.571535 osdx ca-certificates[656647]: done.
Dec 11 19:46:43.589435 osdx INFO[656650]: FRR daemons did not change
Dec 11 19:46:43.589699 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:43.648792 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:43.678313 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:44.987144 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:45.063006 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:46:45.186922 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:46:45.274645 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:46:45.374434 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:46:45.455926 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:46:45.570041 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 11 19:46:45.641095 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:46:45.772531 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:45.826798 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:45.947606 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:46.017852 osdx ubnt-cfgd[656683]: inactive
Dec 11 19:46:46.045728 osdx INFO[656691]: FRR daemons did not change
Dec 11 19:46:46.060470 osdx ca-certificates[656707]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:46.645479 osdx ubnt-cfgd[657719]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:46.654458 osdx ca-certificates[657725]: 1 added, 0 removed; done.
Dec 11 19:46:46.658450 osdx ca-certificates[657731]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:46.662280 osdx ca-certificates[657733]: done.
Dec 11 19:46:46.692526 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:46:46.737837 osdx WARNING[657800]: No supported link modes on interface eth0
Dec 11 19:46:46.739515 osdx modulelauncher[657800]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:46.739528 osdx modulelauncher[657800]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:46.740660 osdx modulelauncher[657800]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:46.740669 osdx modulelauncher[657800]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:46.840798 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:46.842276 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:46.853501 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:46.859375 osdx dnscrypt-proxy[657849]: dnscrypt-proxy 2.0.45
Dec 11 19:46:46.859448 osdx dnscrypt-proxy[657849]: Network connectivity detected
Dec 11 19:46:46.859687 osdx dnscrypt-proxy[657849]: Dropping privileges
Dec 11 19:46:46.862285 osdx dnscrypt-proxy[657849]: Network connectivity detected
Dec 11 19:46:46.862315 osdx dnscrypt-proxy[657849]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:46:46.862319 osdx dnscrypt-proxy[657849]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:46:46.862336 osdx dnscrypt-proxy[657849]: Firefox workaround initialized
Dec 11 19:46:46.862341 osdx dnscrypt-proxy[657849]: Loading the set of cloaking rules from [/tmp/tmppo0xgciq]
Dec 11 19:46:46.863153 osdx dnscrypt-proxy[657849]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Dec 11 19:46:46.884988 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:47.038315 osdx dnscrypt-proxy[657849]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 11 19:46:47.038338 osdx dnscrypt-proxy[657849]: [RD] OK (DoH) - rtt: 114ms
Dec 11 19:46:47.038348 osdx dnscrypt-proxy[657849]: Server with the lowest initial latency: RD (rtt: 114ms)
Dec 11 19:46:47.038352 osdx dnscrypt-proxy[657849]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Dec 11 19:46:47.183649 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:46:47.184545 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:46:47.184612 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:46:47.197137 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:46:47.450378 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:47.515407 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:46:47.666834 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:46:47.737610 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:47.830657 osdx ubnt-cfgd[657916]: inactive
Dec 11 19:46:48.020603 osdx dnscrypt-proxy[657849]: Stopped.
Dec 11 19:46:48.020627 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:46:48.021267 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:46:48.021379 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:48.078849 osdx WARNING[657980]: No supported link modes on interface eth0
Dec 11 19:46:48.080162 osdx modulelauncher[657980]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:48.080173 osdx modulelauncher[657980]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:48.081266 osdx modulelauncher[657980]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:48.081274 osdx modulelauncher[657980]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:48.097871 osdx ca-certificates[658005]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:46:48.429946 osdx ca-certificates[658582]: done.
Dec 11 19:46:48.432866 osdx ca-certificates[658591]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:48.909628 osdx ubnt-cfgd[659449]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:48.917420 osdx ca-certificates[659454]: 142 added, 0 removed; done.
Dec 11 19:46:48.921212 osdx ca-certificates[659461]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:48.924890 osdx ca-certificates[659463]: done.
Dec 11 19:46:48.943036 osdx INFO[659466]: FRR daemons did not change
Dec 11 19:46:48.943333 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:48.945568 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:48.973397 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:46:50.335268 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:46:50.408367 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:46:50.523467 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:46:50.621661 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:46:50.704091 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:46:50.796538 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:46:50.888569 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:46:50.947873 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 11 19:46:51.098820 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:46:51.237639 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:46:51.344087 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:46:51.454792 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:46:51.677238 osdx ubnt-cfgd[659500]: inactive
Dec 11 19:46:51.698638 osdx INFO[659508]: FRR daemons did not change
Dec 11 19:46:51.712422 osdx ca-certificates[659524]: Updating certificates in /etc/ssl/certs...
Dec 11 19:46:52.276031 osdx ubnt-cfgd[660536]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:46:52.285853 osdx ca-certificates[660542]: 1 added, 0 removed; done.
Dec 11 19:46:52.288791 osdx ca-certificates[660548]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:46:52.291498 osdx ca-certificates[660550]: done.
Dec 11 19:46:52.324547 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:46:52.369781 osdx WARNING[660617]: No supported link modes on interface eth0
Dec 11 19:46:52.371140 osdx modulelauncher[660617]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:46:52.371151 osdx modulelauncher[660617]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:46:52.372292 osdx modulelauncher[660617]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:46:52.372300 osdx modulelauncher[660617]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:46:52.480967 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:46:52.482710 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:46:52.501952 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:46:52.506289 osdx dnscrypt-proxy[660666]: dnscrypt-proxy 2.0.45
Dec 11 19:46:52.506358 osdx dnscrypt-proxy[660666]: Network connectivity detected
Dec 11 19:46:52.506725 osdx dnscrypt-proxy[660666]: Dropping privileges
Dec 11 19:46:52.512918 osdx dnscrypt-proxy[660666]: Network connectivity detected
Dec 11 19:46:52.512955 osdx dnscrypt-proxy[660666]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:46:52.512960 osdx dnscrypt-proxy[660666]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:46:52.512983 osdx dnscrypt-proxy[660666]: Firefox workaround initialized
Dec 11 19:46:52.512990 osdx dnscrypt-proxy[660666]: Loading the set of cloaking rules from [/tmp/tmpr9tf_ovo]
Dec 11 19:46:52.522097 osdx dnscrypt-proxy[660666]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Dec 11 19:46:52.535289 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Dec 11 19:47:00.293576 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:00.297356 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:00.297443 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:00.304983 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:00.622065 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system coredump delete all'.
Dec 11 19:47:00.894285 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:01.004002 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:01.073982 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:01.174134 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:01.275782 osdx ubnt-cfgd[662400]: inactive
Dec 11 19:47:01.297061 osdx INFO[662406]: FRR daemons did not change
Dec 11 19:47:01.333395 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:01.388125 osdx WARNING[662475]: No supported link modes on interface eth0
Dec 11 19:47:01.389701 osdx modulelauncher[662475]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:01.389713 osdx modulelauncher[662475]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:01.391051 osdx modulelauncher[662475]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:01.391061 osdx modulelauncher[662475]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:01.434659 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:01.447439 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:01.480960 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:01.696407 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Dec 11 19:47:01.801005 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal show | cat'.
Dec 11 19:47:01.998513 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:02.779184 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:02.877940 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:03.005275 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:03.086229 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:03.226752 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:03.290255 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:47:03.390430 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 11 19:47:03.445241 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:03.593374 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:03.673303 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:03.767004 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:03.890744 osdx ubnt-cfgd[662583]: inactive
Dec 11 19:47:03.910737 osdx INFO[662591]: FRR daemons did not change
Dec 11 19:47:03.923603 osdx ca-certificates[662607]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:04.545909 osdx ubnt-cfgd[663619]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:04.555782 osdx ca-certificates[663624]: 1 added, 0 removed; done.
Dec 11 19:47:04.559131 osdx ca-certificates[663631]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:04.562633 osdx ca-certificates[663633]: done.
Dec 11 19:47:04.625680 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:04.627001 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:04.629565 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:04.644934 osdx dnscrypt-proxy[663637]: dnscrypt-proxy 2.0.45
Dec 11 19:47:04.644992 osdx dnscrypt-proxy[663637]: Network connectivity detected
Dec 11 19:47:04.645006 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:04.645194 osdx dnscrypt-proxy[663637]: Dropping privileges
Dec 11 19:47:04.647985 osdx dnscrypt-proxy[663637]: Network connectivity detected
Dec 11 19:47:04.648024 osdx dnscrypt-proxy[663637]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:04.648029 osdx dnscrypt-proxy[663637]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:04.648047 osdx dnscrypt-proxy[663637]: Firefox workaround initialized
Dec 11 19:47:04.648053 osdx dnscrypt-proxy[663637]: Loading the set of cloaking rules from [/tmp/tmp787og03_]
Dec 11 19:47:04.816149 osdx dnscrypt-proxy[663637]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 11 19:47:04.816170 osdx dnscrypt-proxy[663637]: [RD] OK (DoH) - rtt: 107ms
Dec 11 19:47:04.816180 osdx dnscrypt-proxy[663637]: Server with the lowest initial latency: RD (rtt: 107ms)
Dec 11 19:47:04.816185 osdx dnscrypt-proxy[663637]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:04.924064 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Dec 11 19:47:05.192938 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:05.193416 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:05.193454 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:05.202642 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:05.454707 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:05.514320 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:47:05.620083 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:47:05.704118 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:05.774928 osdx ubnt-cfgd[663691]: inactive
Dec 11 19:47:05.799574 osdx dnscrypt-proxy[663637]: Stopped.
Dec 11 19:47:05.799578 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:47:05.800391 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:47:05.800501 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:05.860813 osdx WARNING[663755]: No supported link modes on interface eth0
Dec 11 19:47:05.862232 osdx modulelauncher[663755]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:05.862245 osdx modulelauncher[663755]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:05.863402 osdx modulelauncher[663755]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:05.863412 osdx modulelauncher[663755]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:05.879253 osdx ca-certificates[663780]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:47:06.164589 osdx ca-certificates[664357]: done.
Dec 11 19:47:06.167628 osdx ca-certificates[664366]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:06.659073 osdx ubnt-cfgd[665224]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:06.669304 osdx ca-certificates[665229]: 142 added, 0 removed; done.
Dec 11 19:47:06.672191 osdx ca-certificates[665236]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:06.674944 osdx ca-certificates[665238]: done.
Dec 11 19:47:06.692022 osdx INFO[665241]: FRR daemons did not change
Dec 11 19:47:06.692418 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:06.695507 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:06.715663 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:08.240233 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:08.961306 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:09.030331 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:09.173532 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:09.237889 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:09.359366 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:09.434544 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:47:09.550441 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 11 19:47:09.608209 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:09.733718 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:09.786608 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:09.887029 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:09.958308 osdx ubnt-cfgd[665275]: inactive
Dec 11 19:47:09.985612 osdx INFO[665283]: FRR daemons did not change
Dec 11 19:47:09.999458 osdx ca-certificates[665299]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:10.576943 osdx ubnt-cfgd[666311]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:10.584639 osdx ca-certificates[666317]: 1 added, 0 removed; done.
Dec 11 19:47:10.587484 osdx ca-certificates[666323]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:10.590212 osdx ca-certificates[666325]: done.
Dec 11 19:47:10.621364 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:10.666204 osdx WARNING[666392]: No supported link modes on interface eth0
Dec 11 19:47:10.667620 osdx modulelauncher[666392]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:10.667633 osdx modulelauncher[666392]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:10.668746 osdx modulelauncher[666392]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:10.668754 osdx modulelauncher[666392]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:10.781694 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:10.782879 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:10.797281 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:10.800163 osdx dnscrypt-proxy[666441]: dnscrypt-proxy 2.0.45
Dec 11 19:47:10.800217 osdx dnscrypt-proxy[666441]: Network connectivity detected
Dec 11 19:47:10.800399 osdx dnscrypt-proxy[666441]: Dropping privileges
Dec 11 19:47:10.802533 osdx dnscrypt-proxy[666441]: Network connectivity detected
Dec 11 19:47:10.802563 osdx dnscrypt-proxy[666441]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:10.802566 osdx dnscrypt-proxy[666441]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:10.802579 osdx dnscrypt-proxy[666441]: Firefox workaround initialized
Dec 11 19:47:10.802583 osdx dnscrypt-proxy[666441]: Loading the set of cloaking rules from [/tmp/tmptemplwo0]
Dec 11 19:47:10.823039 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:10.976231 osdx dnscrypt-proxy[666441]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 11 19:47:10.976250 osdx dnscrypt-proxy[666441]: [RD] OK (DoH) - rtt: 117ms
Dec 11 19:47:10.976263 osdx dnscrypt-proxy[666441]: Server with the lowest initial latency: RD (rtt: 117ms)
Dec 11 19:47:10.976268 osdx dnscrypt-proxy[666441]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:11.004459 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Dec 11 19:47:11.242705 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:11.245358 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:11.245413 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:11.254877 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:11.533062 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:11.629699 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:47:11.726907 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:47:11.812277 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:11.902460 osdx ubnt-cfgd[666512]: inactive
Dec 11 19:47:11.923768 osdx dnscrypt-proxy[666441]: Stopped.
Dec 11 19:47:11.923796 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:47:11.924683 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:47:11.924809 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:11.985749 osdx WARNING[666576]: No supported link modes on interface eth0
Dec 11 19:47:11.987354 osdx modulelauncher[666576]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:11.987368 osdx modulelauncher[666576]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:11.988649 osdx modulelauncher[666576]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:11.988659 osdx modulelauncher[666576]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:12.009193 osdx ca-certificates[666601]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:47:12.364564 osdx ca-certificates[667179]: done.
Dec 11 19:47:12.368505 osdx ca-certificates[667187]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:12.823407 osdx ubnt-cfgd[668045]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:12.831375 osdx ca-certificates[668050]: 142 added, 0 removed; done.
Dec 11 19:47:12.835123 osdx ca-certificates[668057]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:12.837871 osdx ca-certificates[668059]: done.
Dec 11 19:47:12.855912 osdx INFO[668062]: FRR daemons did not change
Dec 11 19:47:12.856520 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:12.859318 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:12.875914 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:14.146097 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:14.820360 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:14.879666 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:14.992674 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:15.096036 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:15.209711 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:15.275435 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Dec 11 19:47:15.413229 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 11 19:47:15.475167 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:15.614182 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:15.677663 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:15.790460 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:15.880323 osdx ubnt-cfgd[668096]: inactive
Dec 11 19:47:15.912122 osdx INFO[668104]: FRR daemons did not change
Dec 11 19:47:15.924317 osdx ca-certificates[668120]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:16.523992 osdx ubnt-cfgd[669132]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:16.533194 osdx ca-certificates[669137]: 1 added, 0 removed; done.
Dec 11 19:47:16.536141 osdx ca-certificates[669144]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:16.538973 osdx ca-certificates[669146]: done.
Dec 11 19:47:16.577362 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:16.624368 osdx WARNING[669213]: No supported link modes on interface eth0
Dec 11 19:47:16.626196 osdx modulelauncher[669213]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:16.626208 osdx modulelauncher[669213]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:16.627760 osdx modulelauncher[669213]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:16.627772 osdx modulelauncher[669213]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:16.733702 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:16.735018 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:16.752170 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:16.762228 osdx dnscrypt-proxy[669262]: dnscrypt-proxy 2.0.45
Dec 11 19:47:16.762303 osdx dnscrypt-proxy[669262]: Network connectivity detected
Dec 11 19:47:16.762609 osdx dnscrypt-proxy[669262]: Dropping privileges
Dec 11 19:47:16.766062 osdx dnscrypt-proxy[669262]: Network connectivity detected
Dec 11 19:47:16.766111 osdx dnscrypt-proxy[669262]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:16.766156 osdx dnscrypt-proxy[669262]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:16.766178 osdx dnscrypt-proxy[669262]: Firefox workaround initialized
Dec 11 19:47:16.766187 osdx dnscrypt-proxy[669262]: Loading the set of cloaking rules from [/tmp/tmp9jn60d81]
Dec 11 19:47:16.782078 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:16.932438 osdx dnscrypt-proxy[669262]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 11 19:47:16.932453 osdx dnscrypt-proxy[669262]: [RD] OK (DoH) - rtt: 111ms
Dec 11 19:47:16.932461 osdx dnscrypt-proxy[669262]: Server with the lowest initial latency: RD (rtt: 111ms)
Dec 11 19:47:16.932471 osdx dnscrypt-proxy[669262]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:16.943136 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Dec 11 19:47:17.234835 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:17.237342 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:17.237403 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:17.245616 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:17.522021 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:17.581533 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:47:17.696928 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:47:17.756092 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:17.851093 osdx ubnt-cfgd[669333]: inactive
Dec 11 19:47:17.873377 osdx dnscrypt-proxy[669262]: Stopped.
Dec 11 19:47:17.873408 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:47:17.874026 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:47:17.874138 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:17.933216 osdx WARNING[669397]: No supported link modes on interface eth0
Dec 11 19:47:17.935010 osdx modulelauncher[669397]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:17.935023 osdx modulelauncher[669397]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:17.936233 osdx modulelauncher[669397]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:17.936242 osdx modulelauncher[669397]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:17.951752 osdx ca-certificates[669422]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:47:18.248977 osdx ca-certificates[670000]: done.
Dec 11 19:47:18.252738 osdx ca-certificates[670009]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:18.708119 osdx ubnt-cfgd[670866]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:18.716947 osdx ca-certificates[670871]: 142 added, 0 removed; done.
Dec 11 19:47:18.719933 osdx ca-certificates[670878]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:18.722785 osdx ca-certificates[670880]: done.
Dec 11 19:47:18.737213 osdx INFO[670883]: FRR daemons did not change
Dec 11 19:47:18.737508 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:18.739391 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:18.755093 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:20.049978 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:20.729811 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:20.785762 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:20.894167 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:20.949815 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:21.051366 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:21.131764 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 11 19:47:21.195359 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Dec 11 19:47:21.296867 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:21.400497 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:21.472266 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:21.601787 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:21.704385 osdx ubnt-cfgd[670917]: inactive
Dec 11 19:47:21.727348 osdx INFO[670925]: FRR daemons did not change
Dec 11 19:47:21.740981 osdx ca-certificates[670941]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:22.290065 osdx ubnt-cfgd[671953]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:22.299564 osdx ca-certificates[671959]: 1 added, 0 removed; done.
Dec 11 19:47:22.303357 osdx ca-certificates[671965]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:22.307007 osdx ca-certificates[671967]: done.
Dec 11 19:47:22.369352 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:22.415700 osdx WARNING[672034]: No supported link modes on interface eth0
Dec 11 19:47:22.417127 osdx modulelauncher[672034]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:22.417140 osdx modulelauncher[672034]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:22.418371 osdx modulelauncher[672034]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:22.418380 osdx modulelauncher[672034]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:22.521658 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:22.523040 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:22.538747 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:22.540988 osdx dnscrypt-proxy[672083]: dnscrypt-proxy 2.0.45
Dec 11 19:47:22.541040 osdx dnscrypt-proxy[672083]: Network connectivity detected
Dec 11 19:47:22.541403 osdx dnscrypt-proxy[672083]: Dropping privileges
Dec 11 19:47:22.544110 osdx dnscrypt-proxy[672083]: Network connectivity detected
Dec 11 19:47:22.544149 osdx dnscrypt-proxy[672083]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:22.544154 osdx dnscrypt-proxy[672083]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:22.544175 osdx dnscrypt-proxy[672083]: Firefox workaround initialized
Dec 11 19:47:22.544180 osdx dnscrypt-proxy[672083]: Loading the set of cloaking rules from [/tmp/tmpsfvt12hu]
Dec 11 19:47:22.564748 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:22.703007 osdx dnscrypt-proxy[672083]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Dec 11 19:47:22.703027 osdx dnscrypt-proxy[672083]: [RD] OK (DoH) - rtt: 102ms
Dec 11 19:47:22.703037 osdx dnscrypt-proxy[672083]: Server with the lowest initial latency: RD (rtt: 102ms)
Dec 11 19:47:22.703042 osdx dnscrypt-proxy[672083]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:22.721421 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Dec 11 19:47:23.000211 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:23.001480 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:23.001554 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:23.012795 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:23.292522 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:23.347284 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:47:23.485504 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:47:23.542855 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:23.649296 osdx ubnt-cfgd[672154]: inactive
Dec 11 19:47:23.675191 osdx dnscrypt-proxy[672083]: Stopped.
Dec 11 19:47:23.675282 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:47:23.676163 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:47:23.676288 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:23.738775 osdx WARNING[672218]: No supported link modes on interface eth0
Dec 11 19:47:23.740392 osdx modulelauncher[672218]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:23.740405 osdx modulelauncher[672218]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:23.741862 osdx modulelauncher[672218]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:23.741871 osdx modulelauncher[672218]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:23.758610 osdx ca-certificates[672243]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:47:24.022277 osdx ca-certificates[672820]: done.
Dec 11 19:47:24.025621 osdx ca-certificates[672830]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:24.461807 osdx ubnt-cfgd[673687]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:24.471469 osdx ca-certificates[673692]: 142 added, 0 removed; done.
Dec 11 19:47:24.475206 osdx ca-certificates[673699]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:24.477938 osdx ca-certificates[673701]: done.
Dec 11 19:47:24.492129 osdx INFO[673704]: FRR daemons did not change
Dec 11 19:47:24.492407 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:24.505380 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:24.556145 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:25.723555 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:26.427986 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:26.485884 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:26.590682 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:26.648542 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:26.769828 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:26.826493 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 11 19:47:26.930243 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Dec 11 19:47:26.985015 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:27.115459 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:27.169705 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:27.337362 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:27.418959 osdx ubnt-cfgd[673738]: inactive
Dec 11 19:47:27.445786 osdx INFO[673746]: FRR daemons did not change
Dec 11 19:47:27.460514 osdx ca-certificates[673762]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:28.010553 osdx ubnt-cfgd[674774]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:28.019175 osdx ca-certificates[674780]: 1 added, 0 removed; done.
Dec 11 19:47:28.022109 osdx ca-certificates[674786]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:28.025503 osdx ca-certificates[674788]: done.
Dec 11 19:47:28.053349 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:28.093678 osdx WARNING[674855]: No supported link modes on interface eth0
Dec 11 19:47:28.095021 osdx modulelauncher[674855]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:28.095032 osdx modulelauncher[674855]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:28.096167 osdx modulelauncher[674855]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:28.096174 osdx modulelauncher[674855]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:28.193620 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:28.194781 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:28.211664 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:28.230344 osdx dnscrypt-proxy[674904]: dnscrypt-proxy 2.0.45
Dec 11 19:47:28.230411 osdx dnscrypt-proxy[674904]: Network connectivity detected
Dec 11 19:47:28.230639 osdx dnscrypt-proxy[674904]: Dropping privileges
Dec 11 19:47:28.233423 osdx dnscrypt-proxy[674904]: Network connectivity detected
Dec 11 19:47:28.233465 osdx dnscrypt-proxy[674904]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:28.233472 osdx dnscrypt-proxy[674904]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:28.233496 osdx dnscrypt-proxy[674904]: Firefox workaround initialized
Dec 11 19:47:28.233506 osdx dnscrypt-proxy[674904]: Loading the set of cloaking rules from [/tmp/tmpcr1n7pa3]
Dec 11 19:47:28.234576 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:28.398000 osdx dnscrypt-proxy[674904]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Dec 11 19:47:28.398022 osdx dnscrypt-proxy[674904]: [RD] OK (DoH) - rtt: 103ms
Dec 11 19:47:28.398033 osdx dnscrypt-proxy[674904]: Server with the lowest initial latency: RD (rtt: 103ms)
Dec 11 19:47:28.398039 osdx dnscrypt-proxy[674904]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:30.030980 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Dec 11 19:47:33.376816 osdx OSDxCLI[544029]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 11 19:47:43.497214 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Dec 11 19:47:43.704180 osdx systemd-journald[265387]: Runtime Journal (/run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9) is 1.8M, max 13.8M, 11.9M free.
Dec 11 19:47:43.705341 osdx systemd-journald[265387]: Received client request to rotate journal, rotating.
Dec 11 19:47:43.705406 osdx systemd-journald[265387]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ff8de1b7feed4cd0a923a6e53f75b1b9.
Dec 11 19:47:43.715850 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'system journal clear'.
Dec 11 19:47:43.956617 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:44.009938 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'delete '.
Dec 11 19:47:44.117756 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Dec 11 19:47:44.173441 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:44.275772 osdx ubnt-cfgd[674983]: inactive
Dec 11 19:47:44.351040 osdx dnscrypt-proxy[674904]: Stopped.
Dec 11 19:47:44.351078 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Dec 11 19:47:44.352321 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Dec 11 19:47:44.352445 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:44.406182 osdx WARNING[675047]: No supported link modes on interface eth0
Dec 11 19:47:44.407492 osdx modulelauncher[675047]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:44.407502 osdx modulelauncher[675047]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:44.408649 osdx modulelauncher[675047]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:44.408659 osdx modulelauncher[675047]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:44.424029 osdx ca-certificates[675072]: Clearing symlinks in /etc/ssl/certs...
Dec 11 19:47:44.705114 osdx ca-certificates[675649]: done.
Dec 11 19:47:44.708260 osdx ca-certificates[675658]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:45.164588 osdx ubnt-cfgd[676516]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:45.172738 osdx ca-certificates[676521]: 142 added, 0 removed; done.
Dec 11 19:47:45.176385 osdx ca-certificates[676528]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:45.180098 osdx ca-certificates[676530]: done.
Dec 11 19:47:45.197497 osdx INFO[676533]: FRR daemons did not change
Dec 11 19:47:45.197730 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:45.199969 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:45.215543 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:46.450577 osdx OSDxCLI[544029]: User 'admin' entered the configuration menu.
Dec 11 19:47:47.063589 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Dec 11 19:47:47.128985 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Dec 11 19:47:47.249934 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Dec 11 19:47:47.317204 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Dec 11 19:47:47.430064 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 94bd2423f228aa7789fc9c7f10d73f124a6a1a9a67ac61539e0489970e64183c'.
Dec 11 19:47:47.496025 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Dec 11 19:47:47.626048 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Dec 11 19:47:47.706371 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Dec 11 19:47:47.997462 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Dec 11 19:47:48.051280 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Dec 11 19:47:48.166574 osdx OSDxCLI[544029]: User 'admin' added a new cfg line: 'show working'.
Dec 11 19:47:48.231637 osdx ubnt-cfgd[676567]: inactive
Dec 11 19:47:48.251849 osdx INFO[676575]: FRR daemons did not change
Dec 11 19:47:48.265664 osdx ca-certificates[676591]: Updating certificates in /etc/ssl/certs...
Dec 11 19:47:48.858548 osdx ubnt-cfgd[677603]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Dec 11 19:47:48.867166 osdx ca-certificates[677608]: 1 added, 0 removed; done.
Dec 11 19:47:48.870072 osdx ca-certificates[677615]: Running hooks in /etc/ca-certificates/update.d...
Dec 11 19:47:48.872732 osdx ca-certificates[677617]: done.
Dec 11 19:47:48.901343 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Dec 11 19:47:48.941967 osdx WARNING[677684]: No supported link modes on interface eth0
Dec 11 19:47:48.943542 osdx modulelauncher[677684]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Dec 11 19:47:48.943556 osdx modulelauncher[677684]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Dec 11 19:47:48.944648 osdx modulelauncher[677684]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Dec 11 19:47:48.944657 osdx modulelauncher[677684]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Dec 11 19:47:49.041667 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Dec 11 19:47:49.042806 osdx cfgd[1647]: [544029]Completed change to active configuration
Dec 11 19:47:49.054200 osdx OSDxCLI[544029]: User 'admin' committed the configuration.
Dec 11 19:47:49.069411 osdx dnscrypt-proxy[677733]: dnscrypt-proxy 2.0.45
Dec 11 19:47:49.069480 osdx dnscrypt-proxy[677733]: Network connectivity detected
Dec 11 19:47:49.069664 osdx dnscrypt-proxy[677733]: Dropping privileges
Dec 11 19:47:49.072249 osdx dnscrypt-proxy[677733]: Network connectivity detected
Dec 11 19:47:49.072299 osdx dnscrypt-proxy[677733]: Now listening to 127.0.0.1:53 [UDP]
Dec 11 19:47:49.072304 osdx dnscrypt-proxy[677733]: Now listening to 127.0.0.1:53 [TCP]
Dec 11 19:47:49.072326 osdx dnscrypt-proxy[677733]: Firefox workaround initialized
Dec 11 19:47:49.072348 osdx dnscrypt-proxy[677733]: Loading the set of cloaking rules from [/tmp/tmpzcqpdj0j]
Dec 11 19:47:49.076768 osdx OSDxCLI[544029]: User 'admin' left the configuration menu.
Dec 11 19:47:49.236726 osdx dnscrypt-proxy[677733]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Dec 11 19:47:49.236740 osdx dnscrypt-proxy[677733]: [RD] OK (DoH) - rtt: 104ms
Dec 11 19:47:49.236747 osdx dnscrypt-proxy[677733]: Server with the lowest initial latency: RD (rtt: 104ms)
Dec 11 19:47:49.236751 osdx dnscrypt-proxy[677733]: dnscrypt-proxy is ready - live servers: 1
Dec 11 19:47:54.240861 osdx OSDxCLI[544029]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Dec 11 19:48:04.327301 osdx OSDxCLI[544029]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---