Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jan 27 12:26:45.319192 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.9M, max 13.8M, 11.8M free. Jan 27 12:26:45.320653 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:26:45.320714 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:26:45.329918 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:26:45.555133 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system coredump delete all'. Jan 27 12:26:45.812265 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:26:45.918281 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:26:46.028627 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:26:46.176941 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:26:46.237455 osdx ubnt-cfgd[249656]: inactive Jan 27 12:26:46.258718 osdx INFO[249662]: FRR daemons did not change Jan 27 12:26:46.292660 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:26:46.341145 osdx WARNING[249731]: No supported link modes on interface eth0 Jan 27 12:26:46.343510 osdx modulelauncher[249731]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:26:46.343524 osdx modulelauncher[249731]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:26:46.345110 osdx modulelauncher[249731]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:26:46.345118 osdx modulelauncher[249731]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:26:46.387892 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:26:46.400666 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:26:46.417126 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:26:46.583805 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 27 12:26:46.670260 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal show | cat'. Jan 27 12:26:46.846243 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:26:46.910935 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:26:47.003107 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:26:47.076704 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:26:47.187101 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:26:47.291979 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:26:47.347524 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jan 27 12:26:47.444042 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:26:47.523383 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:26:47.619114 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:26:47.693310 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:26:47.798651 osdx ubnt-cfgd[249835]: inactive Jan 27 12:26:47.818158 osdx INFO[249843]: FRR daemons did not change Jan 27 12:26:47.832277 osdx ca-certificates[249859]: Updating certificates in /etc/ssl/certs... Jan 27 12:26:48.368053 osdx ubnt-cfgd[250871]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:26:48.376813 osdx ca-certificates[250877]: 1 added, 0 removed; done. Jan 27 12:26:48.380555 osdx ca-certificates[250883]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:26:48.384276 osdx ca-certificates[250885]: done. Jan 27 12:26:48.453101 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:26:48.455914 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:26:48.459002 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:26:48.482058 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:26:48.482462 osdx dnscrypt-proxy[250889]: dnscrypt-proxy 2.0.45 Jan 27 12:26:48.482534 osdx dnscrypt-proxy[250889]: Network connectivity detected Jan 27 12:26:48.482807 osdx dnscrypt-proxy[250889]: Dropping privileges Jan 27 12:26:48.485726 osdx dnscrypt-proxy[250889]: Network connectivity detected Jan 27 12:26:48.485763 osdx dnscrypt-proxy[250889]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:26:48.485768 osdx dnscrypt-proxy[250889]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:26:48.485788 osdx dnscrypt-proxy[250889]: Firefox workaround initialized Jan 27 12:26:48.485793 osdx dnscrypt-proxy[250889]: Loading the set of cloaking rules from [/tmp/tmp_k9vu0vv] Jan 27 12:26:48.708424 osdx dnscrypt-proxy[250889]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jan 27 12:26:48.708440 osdx dnscrypt-proxy[250889]: [RD] OK (DoH) - rtt: 134ms Jan 27 12:26:48.708449 osdx dnscrypt-proxy[250889]: Server with the lowest initial latency: RD (rtt: 134ms) Jan 27 12:26:48.708453 osdx dnscrypt-proxy[250889]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:26:53.633160 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:27:03.725507 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jan 27 12:27:10.000216 osdx systemd-timedated[215476]: Changed local time to Tue 2026-01-27 12:27:10 UTC Jan 27 12:27:10.000925 osdx systemd-journald[1949]: Time jumped backwards, rotating. Jan 27 12:27:10.001593 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'set date 2026-01-27 12:27:10'. Jan 27 12:27:10.315356 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:27:10.316926 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:27:10.317001 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:27:10.325102 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:27:10.542235 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system coredump delete all'. Jan 27 12:27:10.762243 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:10.844081 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:27:10.952007 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:27:11.078074 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:11.139204 osdx ubnt-cfgd[252616]: inactive Jan 27 12:27:11.162598 osdx INFO[252622]: FRR daemons did not change Jan 27 12:27:11.192934 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:27:11.239205 osdx WARNING[252691]: No supported link modes on interface eth0 Jan 27 12:27:11.240795 osdx modulelauncher[252691]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:27:11.240813 osdx modulelauncher[252691]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:27:11.242212 osdx modulelauncher[252691]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:27:11.242223 osdx modulelauncher[252691]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:27:11.285564 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:11.300530 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:11.324832 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:11.539489 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 27 12:27:11.648472 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal show | cat'. Jan 27 12:27:11.840790 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:11.898236 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:27:12.010509 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:27:12.091730 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:27:12.240453 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:27:12.311069 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:27:12.423854 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jan 27 12:27:12.478950 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:27:12.661350 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:27:12.732305 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:27:12.855143 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:12.931510 osdx ubnt-cfgd[252795]: inactive Jan 27 12:27:12.954322 osdx INFO[252803]: FRR daemons did not change Jan 27 12:27:12.968902 osdx ca-certificates[252819]: Updating certificates in /etc/ssl/certs... Jan 27 12:27:13.510154 osdx ubnt-cfgd[253831]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:27:13.518422 osdx ca-certificates[253836]: 1 added, 0 removed; done. Jan 27 12:27:13.521406 osdx ca-certificates[253843]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:27:13.524301 osdx ca-certificates[253845]: done. Jan 27 12:27:13.605263 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:27:13.606607 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:13.608652 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:13.624814 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:13.634562 osdx dnscrypt-proxy[253849]: dnscrypt-proxy 2.0.45 Jan 27 12:27:13.634650 osdx dnscrypt-proxy[253849]: Network connectivity detected Jan 27 12:27:13.634919 osdx dnscrypt-proxy[253849]: Dropping privileges Jan 27 12:27:13.638246 osdx dnscrypt-proxy[253849]: Network connectivity detected Jan 27 12:27:13.638285 osdx dnscrypt-proxy[253849]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:27:13.638291 osdx dnscrypt-proxy[253849]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:27:13.638312 osdx dnscrypt-proxy[253849]: Firefox workaround initialized Jan 27 12:27:13.638317 osdx dnscrypt-proxy[253849]: Loading the set of cloaking rules from [/tmp/tmpbuq0enom] Jan 27 12:27:13.826364 osdx dnscrypt-proxy[253849]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jan 27 12:27:13.826388 osdx dnscrypt-proxy[253849]: [RD] OK (DoH) - rtt: 123ms Jan 27 12:27:13.826398 osdx dnscrypt-proxy[253849]: Server with the lowest initial latency: RD (rtt: 123ms) Jan 27 12:27:13.826404 osdx dnscrypt-proxy[253849]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:27:18.797640 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:27:28.882238 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jan 27 12:27:29.094607 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:27:29.096940 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:27:29.097001 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:27:29.105329 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:27:29.349562 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:29.414978 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:27:29.525521 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:27:29.583591 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:29.685408 osdx ubnt-cfgd[253906]: inactive Jan 27 12:27:29.705948 osdx dnscrypt-proxy[253849]: Stopped. Jan 27 12:27:29.705979 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:27:29.706835 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:27:29.706950 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:27:29.766864 osdx WARNING[253971]: No supported link modes on interface eth0 Jan 27 12:27:29.768224 osdx modulelauncher[253971]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:27:29.768237 osdx modulelauncher[253971]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:27:29.769507 osdx modulelauncher[253971]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:27:29.769515 osdx modulelauncher[253971]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:27:29.787502 osdx ca-certificates[253996]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:27:30.074865 osdx ca-certificates[254574]: done. Jan 27 12:27:30.077810 osdx ca-certificates[254582]: Updating certificates in /etc/ssl/certs... Jan 27 12:27:30.546346 osdx ubnt-cfgd[255440]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:27:30.556526 osdx ca-certificates[255446]: 142 added, 0 removed; done. Jan 27 12:27:30.560429 osdx ca-certificates[255452]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:27:30.563387 osdx ca-certificates[255454]: done. Jan 27 12:27:30.578311 osdx INFO[255457]: FRR daemons did not change Jan 27 12:27:30.578595 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:30.580971 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:30.598934 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:31.825324 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:31.879694 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:27:31.984058 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:27:32.046823 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:27:32.138456 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:27:32.195346 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:27:32.293186 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jan 27 12:27:32.343102 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:27:32.471361 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:27:32.537019 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:27:32.658288 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:32.728026 osdx ubnt-cfgd[255490]: inactive Jan 27 12:27:32.752068 osdx INFO[255498]: FRR daemons did not change Jan 27 12:27:32.766827 osdx ca-certificates[255514]: Updating certificates in /etc/ssl/certs... Jan 27 12:27:33.353406 osdx ubnt-cfgd[256526]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:27:33.363878 osdx ca-certificates[256531]: 1 added, 0 removed; done. Jan 27 12:27:33.367747 osdx ca-certificates[256538]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:27:33.371336 osdx ca-certificates[256540]: done. Jan 27 12:27:33.404931 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:27:33.453672 osdx WARNING[256607]: No supported link modes on interface eth0 Jan 27 12:27:33.455663 osdx modulelauncher[256607]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:27:33.455680 osdx modulelauncher[256607]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:27:33.457171 osdx modulelauncher[256607]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:27:33.457181 osdx modulelauncher[256607]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:27:33.593316 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:27:33.594755 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:33.610154 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:33.615942 osdx dnscrypt-proxy[256656]: dnscrypt-proxy 2.0.45 Jan 27 12:27:33.616044 osdx dnscrypt-proxy[256656]: Network connectivity detected Jan 27 12:27:33.616293 osdx dnscrypt-proxy[256656]: Dropping privileges Jan 27 12:27:33.619550 osdx dnscrypt-proxy[256656]: Network connectivity detected Jan 27 12:27:33.619588 osdx dnscrypt-proxy[256656]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:27:33.619598 osdx dnscrypt-proxy[256656]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:27:33.619620 osdx dnscrypt-proxy[256656]: Firefox workaround initialized Jan 27 12:27:33.619626 osdx dnscrypt-proxy[256656]: Loading the set of cloaking rules from [/tmp/tmp0bu_3ouh] Jan 27 12:27:33.642060 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:33.796571 osdx dnscrypt-proxy[256656]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jan 27 12:27:33.796599 osdx dnscrypt-proxy[256656]: [RD] OK (DoH) - rtt: 118ms Jan 27 12:27:33.796608 osdx dnscrypt-proxy[256656]: Server with the lowest initial latency: RD (rtt: 118ms) Jan 27 12:27:33.796613 osdx dnscrypt-proxy[256656]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:27:38.789389 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:27:40.030955 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jan 27 12:27:48.874793 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jan 27 12:27:49.131780 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.9M, max 13.8M, 11.9M free. Jan 27 12:27:49.132959 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:27:49.133031 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:27:49.143948 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:27:49.452264 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:49.515616 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:27:49.634470 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:27:49.696187 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:49.845761 osdx ubnt-cfgd[256735]: inactive Jan 27 12:27:49.872700 osdx dnscrypt-proxy[256656]: Stopped. Jan 27 12:27:49.872702 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:27:49.873807 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:27:49.873958 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:27:49.944403 osdx WARNING[256799]: No supported link modes on interface eth0 Jan 27 12:27:49.946090 osdx modulelauncher[256799]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:27:49.946106 osdx modulelauncher[256799]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:27:49.947526 osdx modulelauncher[256799]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:27:49.947539 osdx modulelauncher[256799]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:27:49.967030 osdx ca-certificates[256824]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:27:50.301475 osdx ca-certificates[257401]: done. Jan 27 12:27:50.305382 osdx ca-certificates[257410]: Updating certificates in /etc/ssl/certs... Jan 27 12:27:50.811458 osdx ubnt-cfgd[258268]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:27:50.819462 osdx ca-certificates[258273]: 142 added, 0 removed; done. Jan 27 12:27:50.822374 osdx ca-certificates[258280]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:27:50.826166 osdx ca-certificates[258282]: done. Jan 27 12:27:50.845419 osdx INFO[258285]: FRR daemons did not change Jan 27 12:27:50.845729 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:50.895381 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:50.918917 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:52.380079 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:27:52.472862 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:27:52.569431 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:27:52.679024 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:27:52.748993 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:27:52.860364 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:27:52.940890 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jan 27 12:27:53.041144 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:27:53.131231 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:27:53.215483 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:27:53.326545 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:27:53.407114 osdx ubnt-cfgd[258318]: inactive Jan 27 12:27:53.432229 osdx INFO[258326]: FRR daemons did not change Jan 27 12:27:53.444813 osdx ca-certificates[258341]: Updating certificates in /etc/ssl/certs... Jan 27 12:27:54.030962 osdx ubnt-cfgd[259354]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:27:54.040282 osdx ca-certificates[259359]: 1 added, 0 removed; done. Jan 27 12:27:54.043205 osdx ca-certificates[259366]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:27:54.046967 osdx ca-certificates[259368]: done. Jan 27 12:27:54.080933 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:27:54.125042 osdx WARNING[259435]: No supported link modes on interface eth0 Jan 27 12:27:54.126466 osdx modulelauncher[259435]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:27:54.126478 osdx modulelauncher[259435]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:27:54.128096 osdx modulelauncher[259435]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:27:54.128108 osdx modulelauncher[259435]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:27:54.253261 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:27:54.254520 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:27:54.266129 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:27:54.271904 osdx dnscrypt-proxy[259484]: dnscrypt-proxy 2.0.45 Jan 27 12:27:54.271990 osdx dnscrypt-proxy[259484]: Network connectivity detected Jan 27 12:27:54.272173 osdx dnscrypt-proxy[259484]: Dropping privileges Jan 27 12:27:54.274517 osdx dnscrypt-proxy[259484]: Network connectivity detected Jan 27 12:27:54.274545 osdx dnscrypt-proxy[259484]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:27:54.274549 osdx dnscrypt-proxy[259484]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:27:54.274564 osdx dnscrypt-proxy[259484]: Firefox workaround initialized Jan 27 12:27:54.274569 osdx dnscrypt-proxy[259484]: Loading the set of cloaking rules from [/tmp/tmpl917pike] Jan 27 12:27:54.291955 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:27:54.555967 osdx dnscrypt-proxy[259484]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jan 27 12:27:54.555994 osdx dnscrypt-proxy[259484]: [RD] OK (DoH) - rtt: 143ms Jan 27 12:27:54.556003 osdx dnscrypt-proxy[259484]: Server with the lowest initial latency: RD (rtt: 143ms) Jan 27 12:27:54.556009 osdx dnscrypt-proxy[259484]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:27:59.456049 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:28:09.547086 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jan 27 12:28:17.000391 osdx systemd-timedated[261201]: Changed local time to Tue 2026-01-27 12:28:17 UTC Jan 27 12:28:17.001698 osdx systemd-journald[1949]: Time jumped backwards, rotating. Jan 27 12:28:17.001981 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'set date 2026-01-27 12:28:17'. Jan 27 12:28:17.351178 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:28:17.353704 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:28:17.353770 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:28:17.362419 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:28:17.608693 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system coredump delete all'. Jan 27 12:28:17.889156 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:17.985252 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:18.056315 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:18.170495 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:18.247573 osdx ubnt-cfgd[261230]: inactive Jan 27 12:28:18.269257 osdx INFO[261236]: FRR daemons did not change Jan 27 12:28:18.305713 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:28:18.347462 osdx WARNING[261305]: No supported link modes on interface eth0 Jan 27 12:28:18.348879 osdx modulelauncher[261305]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:18.348892 osdx modulelauncher[261305]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:18.350013 osdx modulelauncher[261305]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:18.350022 osdx modulelauncher[261305]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:18.384915 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:18.395601 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:18.411071 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:18.557591 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 27 12:28:18.626908 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal show | cat'. Jan 27 12:28:18.761524 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:18.820261 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:28:18.917186 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:28:18.978879 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:28:19.094362 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:28:19.206831 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:28:19.258490 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:28:19.354009 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:28:19.448996 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:19.508429 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:19.616772 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:19.685153 osdx ubnt-cfgd[261409]: inactive Jan 27 12:28:19.705956 osdx INFO[261417]: FRR daemons did not change Jan 27 12:28:19.722380 osdx ca-certificates[261433]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:20.288711 osdx ubnt-cfgd[262445]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:20.298201 osdx ca-certificates[262450]: 1 added, 0 removed; done. Jan 27 12:28:20.301057 osdx ca-certificates[262457]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:20.304190 osdx ca-certificates[262459]: done. Jan 27 12:28:20.385993 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:20.387086 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:20.389152 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:20.405128 osdx dnscrypt-proxy[262463]: dnscrypt-proxy 2.0.45 Jan 27 12:28:20.405200 osdx dnscrypt-proxy[262463]: Network connectivity detected Jan 27 12:28:20.405425 osdx dnscrypt-proxy[262463]: Dropping privileges Jan 27 12:28:20.407912 osdx dnscrypt-proxy[262463]: Network connectivity detected Jan 27 12:28:20.407946 osdx dnscrypt-proxy[262463]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:28:20.407951 osdx dnscrypt-proxy[262463]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:28:20.407967 osdx dnscrypt-proxy[262463]: Firefox workaround initialized Jan 27 12:28:20.407973 osdx dnscrypt-proxy[262463]: Loading the set of cloaking rules from [/tmp/tmpgjqbitkm] Jan 27 12:28:20.408859 osdx dnscrypt-proxy[262463]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jan 27 12:28:20.426377 osdx OSDxCLI[182842]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jan 27 12:28:29.335888 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.9M, max 13.8M, 11.9M free. Jan 27 12:28:29.336677 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:28:29.336742 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:28:29.347028 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:28:29.587237 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system coredump delete all'. Jan 27 12:28:29.846129 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:29.989297 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:30.044250 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:30.149179 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:30.213190 osdx ubnt-cfgd[264179]: inactive Jan 27 12:28:30.233079 osdx INFO[264185]: FRR daemons did not change Jan 27 12:28:30.260685 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:28:30.306674 osdx WARNING[264254]: No supported link modes on interface eth0 Jan 27 12:28:30.308453 osdx modulelauncher[264254]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:30.308474 osdx modulelauncher[264254]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:30.310095 osdx modulelauncher[264254]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:30.310103 osdx modulelauncher[264254]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:30.350890 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:30.365049 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:30.393150 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:30.554437 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 27 12:28:30.634252 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal show | cat'. Jan 27 12:28:30.806282 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:30.874966 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:28:30.982565 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:28:31.075539 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:28:31.146774 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:28:31.267065 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:28:31.359196 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:28:31.482640 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:28:31.658992 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:31.729001 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:31.854658 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:31.951344 osdx ubnt-cfgd[264358]: inactive Jan 27 12:28:32.022472 osdx INFO[264366]: FRR daemons did not change Jan 27 12:28:32.035108 osdx ca-certificates[264382]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:32.738462 osdx ubnt-cfgd[265394]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:32.754267 osdx ca-certificates[265400]: 1 added, 0 removed; done. Jan 27 12:28:32.758876 osdx ca-certificates[265406]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:32.763422 osdx ca-certificates[265408]: done. Jan 27 12:28:32.857055 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:32.858535 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:32.860970 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:32.882515 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:32.885465 osdx dnscrypt-proxy[265412]: dnscrypt-proxy 2.0.45 Jan 27 12:28:32.885544 osdx dnscrypt-proxy[265412]: Network connectivity detected Jan 27 12:28:32.885899 osdx dnscrypt-proxy[265412]: Dropping privileges Jan 27 12:28:32.890060 osdx dnscrypt-proxy[265412]: Network connectivity detected Jan 27 12:28:32.890104 osdx dnscrypt-proxy[265412]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:28:32.890109 osdx dnscrypt-proxy[265412]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:28:32.890133 osdx dnscrypt-proxy[265412]: Firefox workaround initialized Jan 27 12:28:32.890138 osdx dnscrypt-proxy[265412]: Loading the set of cloaking rules from [/tmp/tmphlqttp_n] Jan 27 12:28:32.891599 osdx dnscrypt-proxy[265412]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jan 27 12:28:33.278323 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:28:33.280674 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:28:33.280744 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:28:33.288807 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:28:33.653339 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:33.710109 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:28:33.852988 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:28:33.936433 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:34.089442 osdx ubnt-cfgd[265461]: inactive Jan 27 12:28:34.117434 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:28:34.117916 osdx dnscrypt-proxy[265412]: Stopped. Jan 27 12:28:34.119252 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:28:34.119451 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:34.197255 osdx WARNING[265525]: No supported link modes on interface eth0 Jan 27 12:28:34.198694 osdx modulelauncher[265525]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:34.198706 osdx modulelauncher[265525]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:34.200260 osdx modulelauncher[265525]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:34.200270 osdx modulelauncher[265525]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:34.221519 osdx ca-certificates[265550]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:28:34.619651 osdx ca-certificates[266128]: done. Jan 27 12:28:34.624749 osdx ca-certificates[266135]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:35.142214 osdx ubnt-cfgd[266994]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:35.150083 osdx ca-certificates[266999]: 142 added, 0 removed; done. Jan 27 12:28:35.153031 osdx ca-certificates[267006]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:35.156124 osdx ca-certificates[267008]: done. Jan 27 12:28:35.174389 osdx INFO[267011]: FRR daemons did not change Jan 27 12:28:35.174679 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:35.176783 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:35.200897 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:36.657035 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:36.732968 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:28:36.823736 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:28:36.887596 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:28:37.028801 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:28:37.101787 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:28:37.202272 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jan 27 12:28:37.273466 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:28:37.436102 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:37.492122 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:37.606694 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:37.703175 osdx ubnt-cfgd[267044]: inactive Jan 27 12:28:37.746770 osdx INFO[267052]: FRR daemons did not change Jan 27 12:28:37.761469 osdx ca-certificates[267067]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:38.310403 osdx ubnt-cfgd[268080]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:38.318488 osdx ca-certificates[268085]: 1 added, 0 removed; done. Jan 27 12:28:38.321860 osdx ca-certificates[268092]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:38.325104 osdx ca-certificates[268094]: done. Jan 27 12:28:38.360690 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:28:38.406009 osdx WARNING[268161]: No supported link modes on interface eth0 Jan 27 12:28:38.407352 osdx modulelauncher[268161]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:38.407364 osdx modulelauncher[268161]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:38.408546 osdx modulelauncher[268161]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:38.408558 osdx modulelauncher[268161]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:38.525056 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:38.526600 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:38.541647 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:38.544886 osdx dnscrypt-proxy[268210]: dnscrypt-proxy 2.0.45 Jan 27 12:28:38.544949 osdx dnscrypt-proxy[268210]: Network connectivity detected Jan 27 12:28:38.545152 osdx dnscrypt-proxy[268210]: Dropping privileges Jan 27 12:28:38.549007 osdx dnscrypt-proxy[268210]: Network connectivity detected Jan 27 12:28:38.549077 osdx dnscrypt-proxy[268210]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:28:38.549083 osdx dnscrypt-proxy[268210]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:28:38.549132 osdx dnscrypt-proxy[268210]: Firefox workaround initialized Jan 27 12:28:38.549139 osdx dnscrypt-proxy[268210]: Loading the set of cloaking rules from [/tmp/tmpaax32npn] Jan 27 12:28:38.550246 osdx dnscrypt-proxy[268210]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jan 27 12:28:38.565450 osdx OSDxCLI[182842]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Jan 27 12:28:38.824133 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:28:38.824672 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:28:38.824716 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:28:38.837647 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:28:39.151333 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:39.229450 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:28:39.442921 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:28:39.527151 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:39.621903 osdx ubnt-cfgd[268279]: inactive Jan 27 12:28:39.659780 osdx dnscrypt-proxy[268210]: Stopped. Jan 27 12:28:39.659912 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:28:39.660735 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:28:39.660866 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:39.748604 osdx WARNING[268343]: No supported link modes on interface eth0 Jan 27 12:28:39.750776 osdx modulelauncher[268343]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:39.750789 osdx modulelauncher[268343]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:39.753072 osdx modulelauncher[268343]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:39.753083 osdx modulelauncher[268343]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:39.773751 osdx ca-certificates[268368]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:28:40.147588 osdx ca-certificates[268946]: done. Jan 27 12:28:40.151511 osdx ca-certificates[268955]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:40.787588 osdx ubnt-cfgd[269812]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:40.797909 osdx ca-certificates[269817]: 142 added, 0 removed; done. Jan 27 12:28:40.800997 osdx ca-certificates[269824]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:40.804807 osdx ca-certificates[269826]: done. Jan 27 12:28:40.824452 osdx INFO[269829]: FRR daemons did not change Jan 27 12:28:40.824803 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:40.827990 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:40.858301 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:42.450003 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:42.519044 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:28:42.626093 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:28:42.694542 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:28:42.781300 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:28:42.850713 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:28:42.940416 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:28:43.016071 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jan 27 12:28:43.101903 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:28:43.203783 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:43.282931 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:43.401330 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:43.460552 osdx ubnt-cfgd[269863]: inactive Jan 27 12:28:43.481288 osdx INFO[269871]: FRR daemons did not change Jan 27 12:28:43.493706 osdx ca-certificates[269887]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:44.045435 osdx ubnt-cfgd[270899]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:44.052959 osdx ca-certificates[270904]: 1 added, 0 removed; done. Jan 27 12:28:44.055676 osdx ca-certificates[270911]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:44.058455 osdx ca-certificates[270913]: done. Jan 27 12:28:44.088678 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:28:44.140955 osdx WARNING[270980]: No supported link modes on interface eth0 Jan 27 12:28:44.142721 osdx modulelauncher[270980]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:44.142737 osdx modulelauncher[270980]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:44.144189 osdx modulelauncher[270980]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:44.144198 osdx modulelauncher[270980]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:44.264978 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:44.266273 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:44.280869 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:44.290519 osdx dnscrypt-proxy[271029]: dnscrypt-proxy 2.0.45 Jan 27 12:28:44.290653 osdx dnscrypt-proxy[271029]: Network connectivity detected Jan 27 12:28:44.290918 osdx dnscrypt-proxy[271029]: Dropping privileges Jan 27 12:28:44.293794 osdx dnscrypt-proxy[271029]: Network connectivity detected Jan 27 12:28:44.293828 osdx dnscrypt-proxy[271029]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:28:44.293832 osdx dnscrypt-proxy[271029]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:28:44.293848 osdx dnscrypt-proxy[271029]: Firefox workaround initialized Jan 27 12:28:44.293852 osdx dnscrypt-proxy[271029]: Loading the set of cloaking rules from [/tmp/tmp5is6h8zy] Jan 27 12:28:44.294711 osdx dnscrypt-proxy[271029]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jan 27 12:28:44.300473 osdx OSDxCLI[182842]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jan 27 12:28:52.422482 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:28:52.424562 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:28:52.424626 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:28:52.434594 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:28:52.710172 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system coredump delete all'. Jan 27 12:28:52.966518 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:53.056433 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:53.126099 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:53.233576 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:53.298260 osdx ubnt-cfgd[272761]: inactive Jan 27 12:28:53.322231 osdx INFO[272767]: FRR daemons did not change Jan 27 12:28:53.356553 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:28:53.400839 osdx WARNING[272836]: No supported link modes on interface eth0 Jan 27 12:28:53.402501 osdx modulelauncher[272836]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:28:53.402518 osdx modulelauncher[272836]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:28:53.403778 osdx modulelauncher[272836]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:28:53.403787 osdx modulelauncher[272836]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:28:53.441282 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:53.453118 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:53.476609 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:53.664276 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jan 27 12:28:53.738287 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal show | cat'. Jan 27 12:28:53.906563 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:28:54.466787 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:28:54.526022 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:28:54.631682 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:28:54.685594 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:28:54.778075 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:28:54.833247 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:28:54.950425 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jan 27 12:28:55.013176 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:28:55.151068 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:28:55.204376 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:28:55.338961 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:28:55.398550 osdx ubnt-cfgd[272941]: inactive Jan 27 12:28:55.418222 osdx INFO[272949]: FRR daemons did not change Jan 27 12:28:55.431590 osdx ca-certificates[272965]: Updating certificates in /etc/ssl/certs... Jan 27 12:28:55.978924 osdx ubnt-cfgd[273977]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:28:55.986832 osdx ca-certificates[273982]: 1 added, 0 removed; done. Jan 27 12:28:55.990368 osdx ca-certificates[273989]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:28:55.994015 osdx ca-certificates[273991]: done. Jan 27 12:28:56.064878 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:28:56.066408 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:28:56.069073 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:28:56.084212 osdx dnscrypt-proxy[273995]: dnscrypt-proxy 2.0.45 Jan 27 12:28:56.084281 osdx dnscrypt-proxy[273995]: Network connectivity detected Jan 27 12:28:56.084495 osdx dnscrypt-proxy[273995]: Dropping privileges Jan 27 12:28:56.086875 osdx dnscrypt-proxy[273995]: Network connectivity detected Jan 27 12:28:56.086910 osdx dnscrypt-proxy[273995]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:28:56.086915 osdx dnscrypt-proxy[273995]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:28:56.086931 osdx dnscrypt-proxy[273995]: Firefox workaround initialized Jan 27 12:28:56.086936 osdx dnscrypt-proxy[273995]: Loading the set of cloaking rules from [/tmp/tmpyv9_jv2b] Jan 27 12:28:56.090030 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:28:56.355461 osdx dnscrypt-proxy[273995]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jan 27 12:28:56.355489 osdx dnscrypt-proxy[273995]: [RD] OK (DoH) - rtt: 211ms Jan 27 12:28:56.355502 osdx dnscrypt-proxy[273995]: Server with the lowest initial latency: RD (rtt: 211ms) Jan 27 12:28:56.355513 osdx dnscrypt-proxy[273995]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:29:01.244835 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:29:11.347449 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jan 27 12:29:11.620920 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:29:11.624553 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:29:11.624624 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:29:11.632801 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:29:11.914784 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:11.971263 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:29:12.082671 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:29:12.156054 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:12.284676 osdx ubnt-cfgd[274056]: inactive Jan 27 12:29:12.306757 osdx dnscrypt-proxy[273995]: Stopped. Jan 27 12:29:12.306848 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:29:12.307775 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:29:12.307907 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:12.366178 osdx WARNING[274120]: No supported link modes on interface eth0 Jan 27 12:29:12.367707 osdx modulelauncher[274120]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:12.367720 osdx modulelauncher[274120]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:12.369199 osdx modulelauncher[274120]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:12.369208 osdx modulelauncher[274120]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:12.386713 osdx ca-certificates[274145]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:29:12.685545 osdx ca-certificates[274722]: done. Jan 27 12:29:12.688750 osdx ca-certificates[274731]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:13.146727 osdx ubnt-cfgd[275589]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:13.154917 osdx ca-certificates[275594]: 142 added, 0 removed; done. Jan 27 12:29:13.158637 osdx ca-certificates[275601]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:13.162223 osdx ca-certificates[275603]: done. Jan 27 12:29:13.180101 osdx INFO[275606]: FRR daemons did not change Jan 27 12:29:13.180388 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:13.204673 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:13.221394 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:14.607442 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:15.316158 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:29:15.391756 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:29:15.528129 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:29:15.598282 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:29:15.704694 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:29:15.775477 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:29:15.880898 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jan 27 12:29:15.955310 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:29:16.116730 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:29:16.177156 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:29:16.340924 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:16.444405 osdx ubnt-cfgd[275640]: inactive Jan 27 12:29:16.467652 osdx INFO[275648]: FRR daemons did not change Jan 27 12:29:16.483649 osdx ca-certificates[275664]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:17.117721 osdx ubnt-cfgd[276676]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:17.125254 osdx ca-certificates[276681]: 1 added, 0 removed; done. Jan 27 12:29:17.128119 osdx ca-certificates[276688]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:17.130952 osdx ca-certificates[276690]: done. Jan 27 12:29:17.164556 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:29:17.207991 osdx WARNING[276757]: No supported link modes on interface eth0 Jan 27 12:29:17.209341 osdx modulelauncher[276757]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:17.209353 osdx modulelauncher[276757]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:17.210587 osdx modulelauncher[276757]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:17.210595 osdx modulelauncher[276757]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:17.324936 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:17.326464 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:17.342099 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:17.355234 osdx dnscrypt-proxy[276806]: dnscrypt-proxy 2.0.45 Jan 27 12:29:17.355304 osdx dnscrypt-proxy[276806]: Network connectivity detected Jan 27 12:29:17.355525 osdx dnscrypt-proxy[276806]: Dropping privileges Jan 27 12:29:17.357486 osdx dnscrypt-proxy[276806]: Network connectivity detected Jan 27 12:29:17.357526 osdx dnscrypt-proxy[276806]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:29:17.357530 osdx dnscrypt-proxy[276806]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:29:17.357546 osdx dnscrypt-proxy[276806]: Firefox workaround initialized Jan 27 12:29:17.357551 osdx dnscrypt-proxy[276806]: Loading the set of cloaking rules from [/tmp/tmptwesrvre] Jan 27 12:29:17.378954 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:17.543201 osdx dnscrypt-proxy[276806]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jan 27 12:29:17.543219 osdx dnscrypt-proxy[276806]: [RD] OK (DoH) - rtt: 127ms Jan 27 12:29:17.543227 osdx dnscrypt-proxy[276806]: Server with the lowest initial latency: RD (rtt: 127ms) Jan 27 12:29:17.543231 osdx dnscrypt-proxy[276806]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:29:22.030420 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Jan 27 12:29:22.553447 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:29:32.632754 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jan 27 12:29:32.867550 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:29:32.868552 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:29:32.868618 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:29:32.877265 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:29:33.138495 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:33.192271 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:29:33.299498 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:29:33.358300 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:33.451546 osdx ubnt-cfgd[276884]: inactive Jan 27 12:29:33.475744 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:29:33.475770 osdx dnscrypt-proxy[276806]: Stopped. Jan 27 12:29:33.476794 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:29:33.476892 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:33.541253 osdx WARNING[276948]: No supported link modes on interface eth0 Jan 27 12:29:33.542856 osdx modulelauncher[276948]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:33.542867 osdx modulelauncher[276948]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:33.544095 osdx modulelauncher[276948]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:33.544105 osdx modulelauncher[276948]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:33.560777 osdx ca-certificates[276973]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:29:33.843075 osdx ca-certificates[277550]: done. Jan 27 12:29:33.846993 osdx ca-certificates[277558]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:34.330740 osdx ubnt-cfgd[278417]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:34.338994 osdx ca-certificates[278423]: 142 added, 0 removed; done. Jan 27 12:29:34.342844 osdx ca-certificates[278429]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:34.346650 osdx ca-certificates[278431]: done. Jan 27 12:29:34.362118 osdx INFO[278434]: FRR daemons did not change Jan 27 12:29:34.362426 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:34.364676 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:34.381501 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:35.640606 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:36.255092 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:29:36.311268 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:29:36.436219 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:29:36.508280 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:29:36.620247 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:29:36.678916 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jan 27 12:29:36.768852 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jan 27 12:29:36.834858 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:29:36.991225 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:29:37.055104 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:29:37.166800 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:37.247400 osdx ubnt-cfgd[278468]: inactive Jan 27 12:29:37.270256 osdx INFO[278476]: FRR daemons did not change Jan 27 12:29:37.282304 osdx ca-certificates[278491]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:37.829479 osdx ubnt-cfgd[279504]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:37.837851 osdx ca-certificates[279509]: 1 added, 0 removed; done. Jan 27 12:29:37.841899 osdx ca-certificates[279516]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:37.844771 osdx ca-certificates[279518]: done. Jan 27 12:29:37.880632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:29:37.926240 osdx WARNING[279585]: No supported link modes on interface eth0 Jan 27 12:29:37.927953 osdx modulelauncher[279585]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:37.927968 osdx modulelauncher[279585]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:37.929688 osdx modulelauncher[279585]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:37.929697 osdx modulelauncher[279585]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:38.036952 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:38.038353 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:38.050410 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:38.066134 osdx dnscrypt-proxy[279634]: dnscrypt-proxy 2.0.45 Jan 27 12:29:38.066210 osdx dnscrypt-proxy[279634]: Network connectivity detected Jan 27 12:29:38.066444 osdx dnscrypt-proxy[279634]: Dropping privileges Jan 27 12:29:38.069260 osdx dnscrypt-proxy[279634]: Network connectivity detected Jan 27 12:29:38.069291 osdx dnscrypt-proxy[279634]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:29:38.069297 osdx dnscrypt-proxy[279634]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:29:38.069321 osdx dnscrypt-proxy[279634]: Firefox workaround initialized Jan 27 12:29:38.069326 osdx dnscrypt-proxy[279634]: Loading the set of cloaking rules from [/tmp/tmptdx6lyxv] Jan 27 12:29:38.076614 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:38.313663 osdx dnscrypt-proxy[279634]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jan 27 12:29:38.313687 osdx dnscrypt-proxy[279634]: [RD] OK (DoH) - rtt: 170ms Jan 27 12:29:38.313696 osdx dnscrypt-proxy[279634]: Server with the lowest initial latency: RD (rtt: 170ms) Jan 27 12:29:38.313701 osdx dnscrypt-proxy[279634]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:29:43.254676 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:29:53.336981 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Jan 27 12:29:53.561046 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:29:53.564548 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:29:53.564607 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:29:53.570876 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:29:53.853550 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:53.922944 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:29:54.026080 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:29:54.121835 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:54.192130 osdx ubnt-cfgd[279711]: inactive Jan 27 12:29:54.213108 osdx dnscrypt-proxy[279634]: Stopped. Jan 27 12:29:54.213179 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:29:54.214422 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:29:54.214550 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:54.286476 osdx WARNING[279775]: No supported link modes on interface eth0 Jan 27 12:29:54.288075 osdx modulelauncher[279775]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:54.288103 osdx modulelauncher[279775]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:54.289766 osdx modulelauncher[279775]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:54.289776 osdx modulelauncher[279775]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:54.309485 osdx ca-certificates[279800]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:29:54.635864 osdx ca-certificates[280377]: done. Jan 27 12:29:54.639010 osdx ca-certificates[280386]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:55.158141 osdx ubnt-cfgd[281244]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:55.166540 osdx ca-certificates[281249]: 142 added, 0 removed; done. Jan 27 12:29:55.169523 osdx ca-certificates[281256]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:55.173283 osdx ca-certificates[281258]: done. Jan 27 12:29:55.190830 osdx INFO[281261]: FRR daemons did not change Jan 27 12:29:55.191134 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:55.193178 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:55.219888 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:56.578238 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:29:57.171806 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:29:57.240806 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:29:57.352868 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:29:57.408284 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:29:57.506833 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:29:57.559233 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jan 27 12:29:57.657096 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jan 27 12:29:57.708836 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:29:57.828987 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:29:57.894280 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:29:58.005425 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:29:58.072924 osdx ubnt-cfgd[281295]: inactive Jan 27 12:29:58.095573 osdx INFO[281303]: FRR daemons did not change Jan 27 12:29:58.109860 osdx ca-certificates[281319]: Updating certificates in /etc/ssl/certs... Jan 27 12:29:58.644706 osdx ubnt-cfgd[282331]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:29:58.651948 osdx ca-certificates[282336]: 1 added, 0 removed; done. Jan 27 12:29:58.654754 osdx ca-certificates[282343]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:29:58.657601 osdx ca-certificates[282345]: done. Jan 27 12:29:58.728554 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:29:58.772880 osdx WARNING[282412]: No supported link modes on interface eth0 Jan 27 12:29:58.774253 osdx modulelauncher[282412]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:29:58.774266 osdx modulelauncher[282412]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:29:58.775426 osdx modulelauncher[282412]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:29:58.775435 osdx modulelauncher[282412]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:29:58.884932 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:29:58.886189 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:29:58.897700 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:29:58.913595 osdx dnscrypt-proxy[282461]: dnscrypt-proxy 2.0.45 Jan 27 12:29:58.913666 osdx dnscrypt-proxy[282461]: Network connectivity detected Jan 27 12:29:58.913938 osdx dnscrypt-proxy[282461]: Dropping privileges Jan 27 12:29:58.914881 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:29:58.917416 osdx dnscrypt-proxy[282461]: Network connectivity detected Jan 27 12:29:58.917471 osdx dnscrypt-proxy[282461]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:29:58.917477 osdx dnscrypt-proxy[282461]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:29:58.917533 osdx dnscrypt-proxy[282461]: Firefox workaround initialized Jan 27 12:29:58.917539 osdx dnscrypt-proxy[282461]: Loading the set of cloaking rules from [/tmp/tmpvif993_b] Jan 27 12:29:59.247440 osdx dnscrypt-proxy[282461]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jan 27 12:29:59.247453 osdx dnscrypt-proxy[282461]: [RD] OK (DoH) - rtt: 193ms Jan 27 12:29:59.247461 osdx dnscrypt-proxy[282461]: Server with the lowest initial latency: RD (rtt: 193ms) Jan 27 12:29:59.247465 osdx dnscrypt-proxy[282461]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:30:04.063736 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:30:14.152045 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Jan 27 12:30:14.398698 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:30:14.400554 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:30:14.400673 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:30:14.411498 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:30:14.727681 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:30:14.820297 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:30:14.934578 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:30:15.024804 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:30:15.086417 osdx ubnt-cfgd[282540]: inactive Jan 27 12:30:15.114030 osdx dnscrypt-proxy[282461]: Stopped. Jan 27 12:30:15.114150 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:30:15.115356 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:30:15.115492 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:30:15.181985 osdx WARNING[282604]: No supported link modes on interface eth0 Jan 27 12:30:15.183578 osdx modulelauncher[282604]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:30:15.183592 osdx modulelauncher[282604]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:30:15.184884 osdx modulelauncher[282604]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:30:15.184895 osdx modulelauncher[282604]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:30:15.204533 osdx ca-certificates[282629]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:30:15.541293 osdx ca-certificates[283207]: done. Jan 27 12:30:15.544734 osdx ca-certificates[283214]: Updating certificates in /etc/ssl/certs... Jan 27 12:30:16.054413 osdx ubnt-cfgd[284073]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:30:16.062637 osdx ca-certificates[284078]: 142 added, 0 removed; done. Jan 27 12:30:16.065533 osdx ca-certificates[284085]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:30:16.068311 osdx ca-certificates[284087]: done. Jan 27 12:30:16.083495 osdx INFO[284090]: FRR daemons did not change Jan 27 12:30:16.083758 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:30:16.282267 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:30:16.307678 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:30:17.901459 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:30:18.535325 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:30:18.596229 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:30:18.704052 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:30:18.760768 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:30:18.872966 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:30:18.938188 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jan 27 12:30:19.032544 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jan 27 12:30:19.086157 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:30:19.211739 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:30:19.277351 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:30:19.381595 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:30:19.449145 osdx ubnt-cfgd[284124]: inactive Jan 27 12:30:19.471770 osdx INFO[284132]: FRR daemons did not change Jan 27 12:30:19.484949 osdx ca-certificates[284148]: Updating certificates in /etc/ssl/certs... Jan 27 12:30:20.084230 osdx ubnt-cfgd[285160]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:30:20.094577 osdx ca-certificates[285166]: 1 added, 0 removed; done. Jan 27 12:30:20.097512 osdx ca-certificates[285172]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:30:20.100313 osdx ca-certificates[285174]: done. Jan 27 12:30:20.136578 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:30:20.179538 osdx WARNING[285241]: No supported link modes on interface eth0 Jan 27 12:30:20.180973 osdx modulelauncher[285241]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:30:20.180985 osdx modulelauncher[285241]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:30:20.182177 osdx modulelauncher[285241]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:30:20.182185 osdx modulelauncher[285241]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:30:20.301113 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:30:20.303669 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:30:20.322829 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:30:20.331650 osdx dnscrypt-proxy[285290]: dnscrypt-proxy 2.0.45 Jan 27 12:30:20.331724 osdx dnscrypt-proxy[285290]: Network connectivity detected Jan 27 12:30:20.331982 osdx dnscrypt-proxy[285290]: Dropping privileges Jan 27 12:30:20.334788 osdx dnscrypt-proxy[285290]: Network connectivity detected Jan 27 12:30:20.334826 osdx dnscrypt-proxy[285290]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:30:20.334831 osdx dnscrypt-proxy[285290]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:30:20.334851 osdx dnscrypt-proxy[285290]: Firefox workaround initialized Jan 27 12:30:20.334857 osdx dnscrypt-proxy[285290]: Loading the set of cloaking rules from [/tmp/tmpwwrcffm8] Jan 27 12:30:20.461664 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:30:20.665040 osdx dnscrypt-proxy[285290]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jan 27 12:30:20.665062 osdx dnscrypt-proxy[285290]: [RD] OK (DoH) - rtt: 181ms Jan 27 12:30:20.665071 osdx dnscrypt-proxy[285290]: Server with the lowest initial latency: RD (rtt: 181ms) Jan 27 12:30:20.665076 osdx dnscrypt-proxy[285290]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:30:25.556324 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:30:35.654226 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Jan 27 12:30:35.963675 osdx systemd-journald[1949]: Runtime Journal (/run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4) is 1.8M, max 13.8M, 11.9M free. Jan 27 12:30:35.964545 osdx systemd-journald[1949]: Received client request to rotate journal, rotating. Jan 27 12:30:35.964597 osdx systemd-journald[1949]: Vacuuming done, freed 0B of archived journals from /run/log/journal/19d27b7fd9034c15b59c452d6ca2fcd4. Jan 27 12:30:35.974340 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'system journal clear'. Jan 27 12:30:36.355809 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:30:36.434113 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'delete '. Jan 27 12:30:36.558772 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jan 27 12:30:36.627001 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:30:36.744315 osdx ubnt-cfgd[285365]: inactive Jan 27 12:30:36.765874 osdx dnscrypt-proxy[285290]: Stopped. Jan 27 12:30:36.765970 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Jan 27 12:30:36.766785 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Jan 27 12:30:36.766914 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:30:36.821790 osdx WARNING[285429]: No supported link modes on interface eth0 Jan 27 12:30:36.823062 osdx modulelauncher[285429]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:30:36.823072 osdx modulelauncher[285429]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:30:36.824128 osdx modulelauncher[285429]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:30:36.824134 osdx modulelauncher[285429]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:30:36.841025 osdx ca-certificates[285454]: Clearing symlinks in /etc/ssl/certs... Jan 27 12:30:37.107011 osdx ca-certificates[286032]: done. Jan 27 12:30:37.111543 osdx ca-certificates[286040]: Updating certificates in /etc/ssl/certs... Jan 27 12:30:37.572660 osdx ubnt-cfgd[286898]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:30:37.580762 osdx ca-certificates[286904]: 142 added, 0 removed; done. Jan 27 12:30:37.583659 osdx ca-certificates[286910]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:30:37.586489 osdx ca-certificates[286912]: done. Jan 27 12:30:37.602296 osdx INFO[286915]: FRR daemons did not change Jan 27 12:30:37.602638 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:30:37.695609 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:30:37.716022 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:30:39.072129 osdx OSDxCLI[182842]: User 'admin' entered the configuration menu. Jan 27 12:30:39.708865 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jan 27 12:30:39.780897 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jan 27 12:30:39.884052 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jan 27 12:30:39.944435 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jan 27 12:30:40.046941 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash cadda5fb1405a6b43b17519900de566b425483c229c767ababeecce534770074'. Jan 27 12:30:40.110467 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jan 27 12:30:40.211975 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jan 27 12:30:40.278933 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jan 27 12:30:40.430279 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jan 27 12:30:40.486109 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jan 27 12:30:40.587829 osdx OSDxCLI[182842]: User 'admin' added a new cfg line: 'show working'. Jan 27 12:30:40.666333 osdx ubnt-cfgd[286950]: inactive Jan 27 12:30:40.686539 osdx INFO[286958]: FRR daemons did not change Jan 27 12:30:40.699819 osdx ca-certificates[286973]: Updating certificates in /etc/ssl/certs... Jan 27 12:30:41.241265 osdx ubnt-cfgd[287986]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Jan 27 12:30:41.249965 osdx ca-certificates[287992]: 1 added, 0 removed; done. Jan 27 12:30:41.252964 osdx ca-certificates[287998]: Running hooks in /etc/ca-certificates/update.d... Jan 27 12:30:41.256897 osdx ca-certificates[288000]: done. Jan 27 12:30:41.288556 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jan 27 12:30:41.338197 osdx WARNING[288067]: No supported link modes on interface eth0 Jan 27 12:30:41.339737 osdx modulelauncher[288067]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jan 27 12:30:41.339751 osdx modulelauncher[288067]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jan 27 12:30:41.340983 osdx modulelauncher[288067]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jan 27 12:30:41.340993 osdx modulelauncher[288067]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jan 27 12:30:41.452996 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Jan 27 12:30:41.454630 osdx cfgd[1624]: [182842]Completed change to active configuration Jan 27 12:30:41.470245 osdx OSDxCLI[182842]: User 'admin' committed the configuration. Jan 27 12:30:41.476063 osdx dnscrypt-proxy[288116]: dnscrypt-proxy 2.0.45 Jan 27 12:30:41.476141 osdx dnscrypt-proxy[288116]: Network connectivity detected Jan 27 12:30:41.476438 osdx dnscrypt-proxy[288116]: Dropping privileges Jan 27 12:30:41.479796 osdx dnscrypt-proxy[288116]: Network connectivity detected Jan 27 12:30:41.479833 osdx dnscrypt-proxy[288116]: Now listening to 127.0.0.1:53 [UDP] Jan 27 12:30:41.479838 osdx dnscrypt-proxy[288116]: Now listening to 127.0.0.1:53 [TCP] Jan 27 12:30:41.479858 osdx dnscrypt-proxy[288116]: Firefox workaround initialized Jan 27 12:30:41.479864 osdx dnscrypt-proxy[288116]: Loading the set of cloaking rules from [/tmp/tmpnz07h9e_] Jan 27 12:30:41.497839 osdx OSDxCLI[182842]: User 'admin' left the configuration menu. Jan 27 12:30:41.694310 osdx dnscrypt-proxy[288116]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jan 27 12:30:41.694330 osdx dnscrypt-proxy[288116]: [RD] OK (DoH) - rtt: 137ms Jan 27 12:30:41.694339 osdx dnscrypt-proxy[288116]: Server with the lowest initial latency: RD (rtt: 137ms) Jan 27 12:30:41.694345 osdx dnscrypt-proxy[288116]: dnscrypt-proxy is ready - live servers: 1 Jan 27 12:30:46.659681 osdx OSDxCLI[182842]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Jan 27 12:30:56.782166 osdx OSDxCLI[182842]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.