Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 12 17:41:50.314198 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.4M, max 17.2M, 14.8M free.
Feb 12 17:41:50.316596 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:41:50.316676 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:41:50.327668 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:41:50.582541 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 12 17:41:50.813811 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:41:50.913121 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:41:51.014029 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:41:51.091752 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:41:51.210476 osdx ubnt-cfgd[144730]: inactive
Feb 12 17:41:51.232860 osdx INFO[144736]: FRR daemons did not change
Feb 12 17:41:51.260587 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:41:51.304801 osdx WARNING[144805]: No supported link modes on interface eth0
Feb 12 17:41:51.306156 osdx modulelauncher[144805]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:41:51.306168 osdx modulelauncher[144805]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:41:51.307615 osdx modulelauncher[144805]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:41:51.307627 osdx modulelauncher[144805]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:41:51.345572 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:41:51.356341 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:41:51.391607 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:41:51.550604 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 12 17:41:51.629693 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal show | cat'.
Feb 12 17:41:51.856423 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:41:51.976635 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:41:52.107584 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:41:52.201005 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:41:52.353945 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:41:52.435749 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:41:52.534776 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 12 17:41:52.647157 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:41:52.752368 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:41:52.851558 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:41:52.945199 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:41:53.096509 osdx ubnt-cfgd[144909]: inactive
Feb 12 17:41:53.124115 osdx INFO[144917]: FRR daemons did not change
Feb 12 17:41:53.140038 osdx ca-certificates[144933]: Updating certificates in /etc/ssl/certs...
Feb 12 17:41:53.833788 osdx ubnt-cfgd[145945]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:41:53.843432 osdx ca-certificates[145950]: 1 added, 0 removed; done.
Feb 12 17:41:53.846576 osdx ca-certificates[145957]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:41:53.849481 osdx ca-certificates[145959]: done.
Feb 12 17:41:53.917114 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:41:53.919106 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:41:53.922274 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:41:53.939002 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:41:53.949993 osdx dnscrypt-proxy[145963]: dnscrypt-proxy 2.0.45
Feb 12 17:41:53.950099 osdx dnscrypt-proxy[145963]: Network connectivity detected
Feb 12 17:41:53.950447 osdx dnscrypt-proxy[145963]: Dropping privileges
Feb 12 17:41:53.953693 osdx dnscrypt-proxy[145963]: Network connectivity detected
Feb 12 17:41:53.953926 osdx dnscrypt-proxy[145963]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:41:53.954003 osdx dnscrypt-proxy[145963]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:41:53.954071 osdx dnscrypt-proxy[145963]: Firefox workaround initialized
Feb 12 17:41:53.954121 osdx dnscrypt-proxy[145963]: Loading the set of cloaking rules from [/tmp/tmpb_fbdath]
Feb 12 17:41:54.048647 osdx dnscrypt-proxy[145963]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 12 17:41:54.048668 osdx dnscrypt-proxy[145963]: [RD] OK (DoH) - rtt: 69ms
Feb 12 17:41:54.048677 osdx dnscrypt-proxy[145963]: Server with the lowest initial latency: RD (rtt: 69ms)
Feb 12 17:41:54.048682 osdx dnscrypt-proxy[145963]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:41:54.099361 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 12 17:42:02.379836 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:02.383572 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:02.383628 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:02.389551 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:02.621970 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 12 17:42:02.913838 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:03.012180 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:03.079141 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:03.185254 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:03.243496 osdx ubnt-cfgd[147692]: inactive
Feb 12 17:42:03.267639 osdx INFO[147698]: FRR daemons did not change
Feb 12 17:42:03.307575 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:03.358451 osdx WARNING[147767]: No supported link modes on interface eth0
Feb 12 17:42:03.359932 osdx modulelauncher[147767]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:03.359945 osdx modulelauncher[147767]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:03.361100 osdx modulelauncher[147767]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:03.361110 osdx modulelauncher[147767]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:03.398196 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:03.409216 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:03.433831 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:03.623113 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 12 17:42:03.697948 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal show | cat'.
Feb 12 17:42:03.935191 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:04.007889 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:04.123403 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:04.212469 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:04.300141 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:04.402365 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:04.476317 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 12 17:42:04.575385 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:04.707016 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:04.798367 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:04.971172 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:05.042618 osdx ubnt-cfgd[147871]: inactive
Feb 12 17:42:05.070275 osdx INFO[147879]: FRR daemons did not change
Feb 12 17:42:05.084748 osdx ca-certificates[147894]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:05.780427 osdx ubnt-cfgd[148907]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:05.790595 osdx ca-certificates[148914]: 1 added, 0 removed; done.
Feb 12 17:42:05.794563 osdx ca-certificates[148919]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:05.798415 osdx ca-certificates[148921]: done.
Feb 12 17:42:05.875901 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:05.877432 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:05.879896 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:05.896368 osdx dnscrypt-proxy[148925]: dnscrypt-proxy 2.0.45
Feb 12 17:42:05.896462 osdx dnscrypt-proxy[148925]: Network connectivity detected
Feb 12 17:42:05.896688 osdx dnscrypt-proxy[148925]: Dropping privileges
Feb 12 17:42:05.899902 osdx dnscrypt-proxy[148925]: Network connectivity detected
Feb 12 17:42:05.899952 osdx dnscrypt-proxy[148925]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:05.899957 osdx dnscrypt-proxy[148925]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:05.899978 osdx dnscrypt-proxy[148925]: Firefox workaround initialized
Feb 12 17:42:05.899983 osdx dnscrypt-proxy[148925]: Loading the set of cloaking rules from [/tmp/tmpup8quvsk]
Feb 12 17:42:05.914784 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:05.982912 osdx dnscrypt-proxy[148925]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 12 17:42:05.982955 osdx dnscrypt-proxy[148925]: [RD] OK (DoH) - rtt: 58ms
Feb 12 17:42:05.982965 osdx dnscrypt-proxy[148925]: Server with the lowest initial latency: RD (rtt: 58ms)
Feb 12 17:42:05.982971 osdx dnscrypt-proxy[148925]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:42:06.068680 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 12 17:42:06.349332 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:06.351567 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:06.351626 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:06.361803 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:06.684766 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:06.745832 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:42:06.875134 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:42:06.934496 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:07.033417 osdx ubnt-cfgd[148978]: inactive
Feb 12 17:42:07.054033 osdx dnscrypt-proxy[148925]: Stopped.
Feb 12 17:42:07.054135 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:42:07.054953 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:42:07.055078 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:07.118159 osdx WARNING[149042]: No supported link modes on interface eth0
Feb 12 17:42:07.119886 osdx modulelauncher[149042]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:07.119899 osdx modulelauncher[149042]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:07.121100 osdx modulelauncher[149042]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:07.121110 osdx modulelauncher[149042]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:07.137243 osdx ca-certificates[149067]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:42:07.417972 osdx ca-certificates[149644]: done.
Feb 12 17:42:07.423154 osdx ca-certificates[149653]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:07.903665 osdx ubnt-cfgd[150511]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:07.911354 osdx ca-certificates[150517]: 142 added, 0 removed; done.
Feb 12 17:42:07.914160 osdx ca-certificates[150523]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:07.916814 osdx ca-certificates[150525]: done.
Feb 12 17:42:07.931173 osdx INFO[150528]: FRR daemons did not change
Feb 12 17:42:07.931429 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:07.982409 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:08.036167 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:09.350850 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:09.424450 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:09.535142 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:09.613822 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:09.704762 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:09.775498 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:09.869544 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 12 17:42:09.930839 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:10.071071 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:10.132086 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:10.235507 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:10.302001 osdx ubnt-cfgd[150561]: inactive
Feb 12 17:42:10.326945 osdx INFO[150569]: FRR daemons did not change
Feb 12 17:42:10.342678 osdx ca-certificates[150585]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:10.924418 osdx ubnt-cfgd[151597]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:10.933047 osdx ca-certificates[151603]: 1 added, 0 removed; done.
Feb 12 17:42:10.936642 osdx ca-certificates[151609]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:10.939688 osdx ca-certificates[151611]: done.
Feb 12 17:42:10.975579 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:11.021798 osdx WARNING[151678]: No supported link modes on interface eth0
Feb 12 17:42:11.023691 osdx modulelauncher[151678]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:11.023704 osdx modulelauncher[151678]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:11.025193 osdx modulelauncher[151678]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:11.025201 osdx modulelauncher[151678]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:11.131943 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:11.133455 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:11.146451 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:11.161143 osdx dnscrypt-proxy[151727]: dnscrypt-proxy 2.0.45
Feb 12 17:42:11.161204 osdx dnscrypt-proxy[151727]: Network connectivity detected
Feb 12 17:42:11.161499 osdx dnscrypt-proxy[151727]: Dropping privileges
Feb 12 17:42:11.164106 osdx dnscrypt-proxy[151727]: Network connectivity detected
Feb 12 17:42:11.164144 osdx dnscrypt-proxy[151727]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:11.164149 osdx dnscrypt-proxy[151727]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:11.164166 osdx dnscrypt-proxy[151727]: Firefox workaround initialized
Feb 12 17:42:11.164170 osdx dnscrypt-proxy[151727]: Loading the set of cloaking rules from [/tmp/tmp9_dikt89]
Feb 12 17:42:11.169706 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:11.253639 osdx dnscrypt-proxy[151727]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 12 17:42:11.253660 osdx dnscrypt-proxy[151727]: [RD] OK (DoH) - rtt: 72ms
Feb 12 17:42:11.253670 osdx dnscrypt-proxy[151727]: Server with the lowest initial latency: RD (rtt: 72ms)
Feb 12 17:42:11.253675 osdx dnscrypt-proxy[151727]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:42:11.422034 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 12 17:42:11.640906 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:11.643573 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:11.643646 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:11.651643 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:12.022445 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:12.077423 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:42:12.202224 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:42:12.261385 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:12.350145 osdx ubnt-cfgd[151799]: inactive
Feb 12 17:42:12.374440 osdx dnscrypt-proxy[151727]: Stopped.
Feb 12 17:42:12.374444 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:42:12.375804 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:42:12.375953 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:12.433792 osdx WARNING[151863]: No supported link modes on interface eth0
Feb 12 17:42:12.435115 osdx modulelauncher[151863]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:12.435125 osdx modulelauncher[151863]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:12.436295 osdx modulelauncher[151863]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:12.436303 osdx modulelauncher[151863]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:12.454821 osdx ca-certificates[151888]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:42:12.736501 osdx ca-certificates[152465]: done.
Feb 12 17:42:12.739928 osdx ca-certificates[152474]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:13.228435 osdx ubnt-cfgd[153332]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:13.238023 osdx ca-certificates[153338]: 142 added, 0 removed; done.
Feb 12 17:42:13.241146 osdx ca-certificates[153344]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:13.245036 osdx ca-certificates[153346]: done.
Feb 12 17:42:13.264110 osdx INFO[153349]: FRR daemons did not change
Feb 12 17:42:13.264401 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:13.301256 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:13.330867 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:14.757750 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:14.813208 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:14.936876 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:15.022091 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:15.137539 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:15.283028 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:15.430574 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 12 17:42:15.566724 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:15.721928 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:15.811588 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:15.936528 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:16.035701 osdx ubnt-cfgd[153382]: inactive
Feb 12 17:42:16.060916 osdx INFO[153390]: FRR daemons did not change
Feb 12 17:42:16.076227 osdx ca-certificates[153406]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:16.649806 osdx ubnt-cfgd[154418]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:16.658630 osdx ca-certificates[154424]: 1 added, 0 removed; done.
Feb 12 17:42:16.661833 osdx ca-certificates[154430]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:16.664828 osdx ca-certificates[154432]: done.
Feb 12 17:42:16.695575 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:16.744017 osdx WARNING[154499]: No supported link modes on interface eth0
Feb 12 17:42:16.745516 osdx modulelauncher[154499]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:16.745529 osdx modulelauncher[154499]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:16.746812 osdx modulelauncher[154499]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:16.746825 osdx modulelauncher[154499]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:16.876066 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:16.877638 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:16.892169 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:16.896127 osdx dnscrypt-proxy[154548]: dnscrypt-proxy 2.0.45
Feb 12 17:42:16.896201 osdx dnscrypt-proxy[154548]: Network connectivity detected
Feb 12 17:42:16.896479 osdx dnscrypt-proxy[154548]: Dropping privileges
Feb 12 17:42:16.900885 osdx dnscrypt-proxy[154548]: Network connectivity detected
Feb 12 17:42:16.900973 osdx dnscrypt-proxy[154548]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:16.900978 osdx dnscrypt-proxy[154548]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:16.901004 osdx dnscrypt-proxy[154548]: Firefox workaround initialized
Feb 12 17:42:16.901010 osdx dnscrypt-proxy[154548]: Loading the set of cloaking rules from [/tmp/tmp77_c0bvb]
Feb 12 17:42:16.920938 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:16.967341 osdx dnscrypt-proxy[154548]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:42:16.967368 osdx dnscrypt-proxy[154548]: [RD] OK (DoH) - rtt: 47ms
Feb 12 17:42:16.967378 osdx dnscrypt-proxy[154548]: Server with the lowest initial latency: RD (rtt: 47ms)
Feb 12 17:42:16.967383 osdx dnscrypt-proxy[154548]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:42:17.067754 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 12 17:42:25.401391 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:25.402460 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:25.402515 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:25.411759 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:25.736696 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 12 17:42:26.054285 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:26.163672 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:26.251825 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:26.327667 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:26.422561 osdx ubnt-cfgd[156295]: inactive
Feb 12 17:42:26.440479 osdx INFO[156301]: FRR daemons did not change
Feb 12 17:42:26.470464 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:26.518840 osdx WARNING[156370]: No supported link modes on interface eth0
Feb 12 17:42:26.520162 osdx modulelauncher[156370]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:26.520173 osdx modulelauncher[156370]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:26.521636 osdx modulelauncher[156370]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:26.521644 osdx modulelauncher[156370]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:26.560016 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:26.571168 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:26.587973 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:26.743133 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 12 17:42:26.813778 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal show | cat'.
Feb 12 17:42:26.996312 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:27.068201 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:27.184029 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:27.261798 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:27.365421 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:27.465037 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:27.527215 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:42:27.625018 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:27.704172 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:27.810670 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:27.904577 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:28.075720 osdx ubnt-cfgd[156474]: inactive
Feb 12 17:42:28.098320 osdx INFO[156482]: FRR daemons did not change
Feb 12 17:42:28.111830 osdx ca-certificates[156498]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:28.656883 osdx ubnt-cfgd[157510]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:28.665711 osdx ca-certificates[157516]: 1 added, 0 removed; done.
Feb 12 17:42:28.669784 osdx ca-certificates[157522]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:28.673740 osdx ca-certificates[157524]: done.
Feb 12 17:42:28.754800 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:28.756149 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:28.758680 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:28.776154 osdx dnscrypt-proxy[157528]: dnscrypt-proxy 2.0.45
Feb 12 17:42:28.776244 osdx dnscrypt-proxy[157528]: Network connectivity detected
Feb 12 17:42:28.776451 osdx dnscrypt-proxy[157528]: Dropping privileges
Feb 12 17:42:28.779354 osdx dnscrypt-proxy[157528]: Network connectivity detected
Feb 12 17:42:28.779390 osdx dnscrypt-proxy[157528]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:28.779395 osdx dnscrypt-proxy[157528]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:28.779415 osdx dnscrypt-proxy[157528]: Firefox workaround initialized
Feb 12 17:42:28.779422 osdx dnscrypt-proxy[157528]: Loading the set of cloaking rules from [/tmp/tmpxysib4_6]
Feb 12 17:42:28.780313 osdx dnscrypt-proxy[157528]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 12 17:42:28.788098 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:28.918385 osdx dnscrypt-proxy[157528]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:42:28.918400 osdx dnscrypt-proxy[157528]: [RD] OK (DoH) - rtt: 122ms
Feb 12 17:42:28.918407 osdx dnscrypt-proxy[157528]: Server with the lowest initial latency: RD (rtt: 122ms)
Feb 12 17:42:28.918411 osdx dnscrypt-proxy[157528]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 12 17:42:36.334799 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:36.338387 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:36.338462 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:36.346223 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:36.584711 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 12 17:42:36.830789 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:36.963194 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:37.050256 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:37.201199 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:37.293890 osdx ubnt-cfgd[159253]: inactive
Feb 12 17:42:37.311818 osdx INFO[159259]: FRR daemons did not change
Feb 12 17:42:37.346385 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:37.386552 osdx WARNING[159328]: No supported link modes on interface eth0
Feb 12 17:42:37.387874 osdx modulelauncher[159328]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:37.387886 osdx modulelauncher[159328]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:37.388953 osdx modulelauncher[159328]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:37.388961 osdx modulelauncher[159328]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:37.427867 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:37.439027 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:37.455236 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:37.597552 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 12 17:42:37.829673 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal show | cat'.
Feb 12 17:42:37.970713 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:38.027561 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:38.155981 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:38.216632 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:38.321003 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:38.409313 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:38.461882 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:42:38.555070 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:38.644206 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:38.741086 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:38.885779 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:38.985808 osdx ubnt-cfgd[159432]: inactive
Feb 12 17:42:39.005860 osdx INFO[159440]: FRR daemons did not change
Feb 12 17:42:39.019399 osdx ca-certificates[159456]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:39.606169 osdx ubnt-cfgd[160468]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:39.617475 osdx ca-certificates[160474]: 1 added, 0 removed; done.
Feb 12 17:42:39.622232 osdx ca-certificates[160480]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:39.626730 osdx ca-certificates[160482]: done.
Feb 12 17:42:39.698858 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:39.700393 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:39.704444 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:39.718191 osdx dnscrypt-proxy[160486]: dnscrypt-proxy 2.0.45
Feb 12 17:42:39.718248 osdx dnscrypt-proxy[160486]: Network connectivity detected
Feb 12 17:42:39.718464 osdx dnscrypt-proxy[160486]: Dropping privileges
Feb 12 17:42:39.721055 osdx dnscrypt-proxy[160486]: Network connectivity detected
Feb 12 17:42:39.721287 osdx dnscrypt-proxy[160486]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:39.721294 osdx dnscrypt-proxy[160486]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:39.721316 osdx dnscrypt-proxy[160486]: Firefox workaround initialized
Feb 12 17:42:39.721322 osdx dnscrypt-proxy[160486]: Loading the set of cloaking rules from [/tmp/tmpr3ar77bl]
Feb 12 17:42:39.721446 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:39.722333 osdx dnscrypt-proxy[160486]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 12 17:42:39.974768 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:39.978388 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:39.978472 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:39.985095 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:40.249687 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:40.320843 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:42:40.432464 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:42:40.538282 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:40.615241 osdx ubnt-cfgd[160535]: inactive
Feb 12 17:42:40.656578 osdx dnscrypt-proxy[160486]: Stopped.
Feb 12 17:42:40.656614 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:42:40.657424 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:42:40.657528 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:40.714571 osdx WARNING[160599]: No supported link modes on interface eth0
Feb 12 17:42:40.716298 osdx modulelauncher[160599]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:40.716312 osdx modulelauncher[160599]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:40.717554 osdx modulelauncher[160599]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:40.717562 osdx modulelauncher[160599]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:40.735131 osdx ca-certificates[160624]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:42:41.013683 osdx ca-certificates[161201]: done.
Feb 12 17:42:41.016925 osdx ca-certificates[161210]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:41.534008 osdx ubnt-cfgd[162068]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:41.544720 osdx ca-certificates[162074]: 142 added, 0 removed; done.
Feb 12 17:42:41.550280 osdx ca-certificates[162080]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:41.555164 osdx ca-certificates[162082]: done.
Feb 12 17:42:41.577660 osdx INFO[162085]: FRR daemons did not change
Feb 12 17:42:41.578058 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:41.580912 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:41.604612 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:43.242895 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:43.349449 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:43.422772 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:43.545578 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:43.660893 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:43.776924 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:43.923055 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 12 17:42:43.993560 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:44.151583 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:44.207932 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:44.324821 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:44.391029 osdx ubnt-cfgd[162118]: inactive
Feb 12 17:42:44.417149 osdx INFO[162126]: FRR daemons did not change
Feb 12 17:42:44.432019 osdx ca-certificates[162142]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:45.080008 osdx ubnt-cfgd[163154]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:45.089992 osdx ca-certificates[163159]: 1 added, 0 removed; done.
Feb 12 17:42:45.093292 osdx ca-certificates[163166]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:45.097241 osdx ca-certificates[163168]: done.
Feb 12 17:42:45.146485 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:45.197128 osdx WARNING[163235]: No supported link modes on interface eth0
Feb 12 17:42:45.198768 osdx modulelauncher[163235]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:45.198782 osdx modulelauncher[163235]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:45.199984 osdx modulelauncher[163235]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:45.199994 osdx modulelauncher[163235]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:45.322859 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:45.325077 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:45.341312 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:45.352228 osdx dnscrypt-proxy[163284]: dnscrypt-proxy 2.0.45
Feb 12 17:42:45.352285 osdx dnscrypt-proxy[163284]: Network connectivity detected
Feb 12 17:42:45.352482 osdx dnscrypt-proxy[163284]: Dropping privileges
Feb 12 17:42:45.356125 osdx dnscrypt-proxy[163284]: Network connectivity detected
Feb 12 17:42:45.356163 osdx dnscrypt-proxy[163284]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:45.356168 osdx dnscrypt-proxy[163284]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:45.356195 osdx dnscrypt-proxy[163284]: Firefox workaround initialized
Feb 12 17:42:45.356201 osdx dnscrypt-proxy[163284]: Loading the set of cloaking rules from [/tmp/tmprcr1itkd]
Feb 12 17:42:45.358025 osdx dnscrypt-proxy[163284]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 12 17:42:45.374806 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:45.439498 osdx dnscrypt-proxy[163284]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:42:45.439520 osdx dnscrypt-proxy[163284]: [RD] OK (DoH) - rtt: 53ms
Feb 12 17:42:45.439528 osdx dnscrypt-proxy[163284]: Server with the lowest initial latency: RD (rtt: 53ms)
Feb 12 17:42:45.439532 osdx dnscrypt-proxy[163284]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Feb 12 17:42:45.743886 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:45.746386 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:45.746457 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:45.757599 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:46.117786 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:46.191614 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:42:46.422230 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:42:46.540391 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:46.652991 osdx ubnt-cfgd[163351]: inactive
Feb 12 17:42:46.681816 osdx dnscrypt-proxy[163284]: Stopped.
Feb 12 17:42:46.682074 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:42:46.683223 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:42:46.683371 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:46.757681 osdx WARNING[163415]: No supported link modes on interface eth0
Feb 12 17:42:46.759201 osdx modulelauncher[163415]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:46.759214 osdx modulelauncher[163415]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:46.760452 osdx modulelauncher[163415]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:46.760467 osdx modulelauncher[163415]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:46.778560 osdx ca-certificates[163440]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:42:47.151447 osdx ca-certificates[164018]: done.
Feb 12 17:42:47.155605 osdx ca-certificates[164026]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:47.781825 osdx ubnt-cfgd[164884]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:47.790831 osdx ca-certificates[164889]: 142 added, 0 removed; done.
Feb 12 17:42:47.794034 osdx ca-certificates[164896]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:47.797883 osdx ca-certificates[164898]: done.
Feb 12 17:42:47.812205 osdx INFO[164901]: FRR daemons did not change
Feb 12 17:42:47.812503 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:47.824392 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:47.841357 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:49.373245 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:42:49.461799 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:42:49.640826 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:42:49.730353 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:42:49.868139 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:42:49.968156 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:42:50.093001 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:42:50.166422 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 12 17:42:50.323164 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:42:50.480434 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:42:50.555361 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:42:50.669364 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:42:50.808154 osdx ubnt-cfgd[164935]: inactive
Feb 12 17:42:50.853059 osdx INFO[164943]: FRR daemons did not change
Feb 12 17:42:50.867555 osdx ca-certificates[164959]: Updating certificates in /etc/ssl/certs...
Feb 12 17:42:51.567397 osdx ubnt-cfgd[165971]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:42:51.578641 osdx ca-certificates[165976]: 1 added, 0 removed; done.
Feb 12 17:42:51.581557 osdx ca-certificates[165983]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:42:51.584655 osdx ca-certificates[165985]: done.
Feb 12 17:42:51.630392 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:42:51.681931 osdx WARNING[166052]: No supported link modes on interface eth0
Feb 12 17:42:51.683367 osdx modulelauncher[166052]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:42:51.683378 osdx modulelauncher[166052]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:42:51.684556 osdx modulelauncher[166052]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:42:51.684565 osdx modulelauncher[166052]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:42:51.778772 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:42:51.780544 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:42:51.797486 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:42:51.807093 osdx dnscrypt-proxy[166101]: dnscrypt-proxy 2.0.45
Feb 12 17:42:51.807168 osdx dnscrypt-proxy[166101]: Network connectivity detected
Feb 12 17:42:51.807374 osdx dnscrypt-proxy[166101]: Dropping privileges
Feb 12 17:42:51.809751 osdx dnscrypt-proxy[166101]: Network connectivity detected
Feb 12 17:42:51.809783 osdx dnscrypt-proxy[166101]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:42:51.809788 osdx dnscrypt-proxy[166101]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:42:51.809803 osdx dnscrypt-proxy[166101]: Firefox workaround initialized
Feb 12 17:42:51.809807 osdx dnscrypt-proxy[166101]: Loading the set of cloaking rules from [/tmp/tmp47x0trx8]
Feb 12 17:42:51.810726 osdx dnscrypt-proxy[166101]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Feb 12 17:42:51.828234 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:42:51.878985 osdx dnscrypt-proxy[166101]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:42:51.879004 osdx dnscrypt-proxy[166101]: [RD] OK (DoH) - rtt: 47ms
Feb 12 17:42:51.879013 osdx dnscrypt-proxy[166101]: Server with the lowest initial latency: RD (rtt: 47ms)
Feb 12 17:42:51.879018 osdx dnscrypt-proxy[166101]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 12 17:42:59.379679 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:42:59.381057 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:42:59.381144 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:42:59.390911 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:42:59.648713 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system coredump delete all'.
Feb 12 17:43:00.011248 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:00.101452 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:00.202823 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:00.324710 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:00.396052 osdx ubnt-cfgd[167845]: inactive
Feb 12 17:43:00.417906 osdx INFO[167851]: FRR daemons did not change
Feb 12 17:43:00.457148 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:00.508812 osdx WARNING[167920]: No supported link modes on interface eth0
Feb 12 17:43:00.511215 osdx modulelauncher[167920]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:00.511228 osdx modulelauncher[167920]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:00.512713 osdx modulelauncher[167920]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:00.512725 osdx modulelauncher[167920]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:00.560229 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:00.575664 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:00.613514 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:00.804669 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Feb 12 17:43:00.914728 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal show | cat'.
Feb 12 17:43:01.132110 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:01.890817 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:01.988102 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:02.072598 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:02.176024 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:02.277956 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:02.377528 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:43:02.494049 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 12 17:43:02.573995 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:02.740156 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:02.829619 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:02.970027 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:03.083932 osdx ubnt-cfgd[168028]: inactive
Feb 12 17:43:03.108384 osdx INFO[168036]: FRR daemons did not change
Feb 12 17:43:03.121645 osdx ca-certificates[168051]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:03.683586 osdx ubnt-cfgd[169064]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:03.691999 osdx ca-certificates[169070]: 1 added, 0 removed; done.
Feb 12 17:43:03.695816 osdx ca-certificates[169076]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:03.699919 osdx ca-certificates[169078]: done.
Feb 12 17:43:03.765456 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:03.766924 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:03.769748 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:03.794062 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:03.794881 osdx dnscrypt-proxy[169082]: dnscrypt-proxy 2.0.45
Feb 12 17:43:03.794951 osdx dnscrypt-proxy[169082]: Network connectivity detected
Feb 12 17:43:03.795178 osdx dnscrypt-proxy[169082]: Dropping privileges
Feb 12 17:43:03.798213 osdx dnscrypt-proxy[169082]: Network connectivity detected
Feb 12 17:43:03.798251 osdx dnscrypt-proxy[169082]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:03.798256 osdx dnscrypt-proxy[169082]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:03.798279 osdx dnscrypt-proxy[169082]: Firefox workaround initialized
Feb 12 17:43:03.798285 osdx dnscrypt-proxy[169082]: Loading the set of cloaking rules from [/tmp/tmplvamp3vu]
Feb 12 17:43:03.907968 osdx dnscrypt-proxy[169082]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 12 17:43:03.907991 osdx dnscrypt-proxy[169082]: [RD] OK (DoH) - rtt: 87ms
Feb 12 17:43:03.908001 osdx dnscrypt-proxy[169082]: Server with the lowest initial latency: RD (rtt: 87ms)
Feb 12 17:43:03.908006 osdx dnscrypt-proxy[169082]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:03.958880 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 12 17:43:04.288048 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:43:04.289065 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:43:04.289123 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:43:04.315890 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:43:04.759157 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:04.841915 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:43:04.979920 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:43:05.070945 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:05.180118 osdx ubnt-cfgd[169134]: inactive
Feb 12 17:43:05.210473 osdx dnscrypt-proxy[169082]: Stopped.
Feb 12 17:43:05.210535 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:43:05.211972 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:43:05.212105 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:05.287894 osdx WARNING[169198]: No supported link modes on interface eth0
Feb 12 17:43:05.289618 osdx modulelauncher[169198]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:05.289632 osdx modulelauncher[169198]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:05.290779 osdx modulelauncher[169198]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:05.290789 osdx modulelauncher[169198]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:05.309144 osdx ca-certificates[169223]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:43:05.626244 osdx ca-certificates[169800]: done.
Feb 12 17:43:05.630133 osdx ca-certificates[169810]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:06.132647 osdx ubnt-cfgd[170667]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:06.144188 osdx ca-certificates[170673]: 142 added, 0 removed; done.
Feb 12 17:43:06.148670 osdx ca-certificates[170679]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:06.152553 osdx ca-certificates[170681]: done.
Feb 12 17:43:06.170795 osdx INFO[170684]: FRR daemons did not change
Feb 12 17:43:06.171111 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:06.173406 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:06.195938 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:07.554852 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:08.298120 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:08.412463 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:08.507733 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:08.618498 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:08.722180 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:08.833425 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:43:08.906891 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 12 17:43:09.003045 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:09.084909 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:09.192292 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:09.302727 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:09.368594 osdx ubnt-cfgd[170718]: inactive
Feb 12 17:43:09.392747 osdx INFO[170726]: FRR daemons did not change
Feb 12 17:43:09.407614 osdx ca-certificates[170741]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:09.991136 osdx ubnt-cfgd[171754]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:09.999558 osdx ca-certificates[171760]: 1 added, 0 removed; done.
Feb 12 17:43:10.003457 osdx ca-certificates[171766]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:10.007164 osdx ca-certificates[171768]: done.
Feb 12 17:43:10.045058 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:10.101144 osdx WARNING[171835]: No supported link modes on interface eth0
Feb 12 17:43:10.103131 osdx modulelauncher[171835]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:10.103147 osdx modulelauncher[171835]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:10.104814 osdx modulelauncher[171835]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:10.104824 osdx modulelauncher[171835]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:10.245438 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:10.246718 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:10.261350 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:10.266089 osdx dnscrypt-proxy[171884]: dnscrypt-proxy 2.0.45
Feb 12 17:43:10.266170 osdx dnscrypt-proxy[171884]: Network connectivity detected
Feb 12 17:43:10.266456 osdx dnscrypt-proxy[171884]: Dropping privileges
Feb 12 17:43:10.268846 osdx dnscrypt-proxy[171884]: Network connectivity detected
Feb 12 17:43:10.268890 osdx dnscrypt-proxy[171884]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:10.268895 osdx dnscrypt-proxy[171884]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:10.268914 osdx dnscrypt-proxy[171884]: Firefox workaround initialized
Feb 12 17:43:10.268920 osdx dnscrypt-proxy[171884]: Loading the set of cloaking rules from [/tmp/tmp67bw282m]
Feb 12 17:43:10.303824 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:10.336951 osdx dnscrypt-proxy[171884]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 12 17:43:10.336976 osdx dnscrypt-proxy[171884]: [RD] OK (DoH) - rtt: 47ms
Feb 12 17:43:10.336985 osdx dnscrypt-proxy[171884]: Server with the lowest initial latency: RD (rtt: 47ms)
Feb 12 17:43:10.336991 osdx dnscrypt-proxy[171884]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:10.430976 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 12 17:43:10.669368 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:43:10.673061 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:43:10.673128 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:43:10.680736 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:43:10.984220 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:11.054439 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:43:11.169830 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:43:11.245475 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:11.346049 osdx ubnt-cfgd[171957]: inactive
Feb 12 17:43:11.403134 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:43:11.403146 osdx dnscrypt-proxy[171884]: Stopped.
Feb 12 17:43:11.404054 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:43:11.404167 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:11.467188 osdx WARNING[172021]: No supported link modes on interface eth0
Feb 12 17:43:11.468683 osdx modulelauncher[172021]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:11.468694 osdx modulelauncher[172021]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:11.470020 osdx modulelauncher[172021]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:11.470028 osdx modulelauncher[172021]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:11.487588 osdx ca-certificates[172046]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:43:11.803139 osdx ca-certificates[172624]: done.
Feb 12 17:43:11.806256 osdx ca-certificates[172632]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:12.303626 osdx ubnt-cfgd[173490]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:12.311781 osdx ca-certificates[173495]: 142 added, 0 removed; done.
Feb 12 17:43:12.314892 osdx ca-certificates[173502]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:12.317903 osdx ca-certificates[173504]: done.
Feb 12 17:43:12.332346 osdx INFO[173507]: FRR daemons did not change
Feb 12 17:43:12.332597 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:12.334890 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:12.360569 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:13.606832 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:14.169556 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:14.226060 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:14.330318 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:14.398026 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:14.464469 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:14.554075 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Feb 12 17:43:14.612786 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 12 17:43:14.709092 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:14.799155 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:14.887625 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:14.969311 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:15.080160 osdx ubnt-cfgd[173543]: inactive
Feb 12 17:43:15.100046 osdx INFO[173551]: FRR daemons did not change
Feb 12 17:43:15.115591 osdx ca-certificates[173566]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:15.789082 osdx ubnt-cfgd[174579]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:15.801137 osdx ca-certificates[174586]: 1 added, 0 removed; done.
Feb 12 17:43:15.805351 osdx ca-certificates[174589]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:15.809774 osdx ca-certificates[174593]: done.
Feb 12 17:43:15.849065 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:15.901634 osdx WARNING[174660]: No supported link modes on interface eth0
Feb 12 17:43:15.903171 osdx modulelauncher[174660]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:15.903188 osdx modulelauncher[174660]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:15.904675 osdx modulelauncher[174660]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:15.904686 osdx modulelauncher[174660]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:16.017479 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:16.019160 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:16.031476 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:16.044734 osdx dnscrypt-proxy[174709]: dnscrypt-proxy 2.0.45
Feb 12 17:43:16.044875 osdx dnscrypt-proxy[174709]: Network connectivity detected
Feb 12 17:43:16.045162 osdx dnscrypt-proxy[174709]: Dropping privileges
Feb 12 17:43:16.048783 osdx dnscrypt-proxy[174709]: Network connectivity detected
Feb 12 17:43:16.048823 osdx dnscrypt-proxy[174709]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:16.048829 osdx dnscrypt-proxy[174709]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:16.048852 osdx dnscrypt-proxy[174709]: Firefox workaround initialized
Feb 12 17:43:16.048857 osdx dnscrypt-proxy[174709]: Loading the set of cloaking rules from [/tmp/tmp_nq7z4m6]
Feb 12 17:43:16.053068 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:16.142524 osdx dnscrypt-proxy[174709]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:43:16.142547 osdx dnscrypt-proxy[174709]: [RD] OK (DoH) - rtt: 71ms
Feb 12 17:43:16.142556 osdx dnscrypt-proxy[174709]: Server with the lowest initial latency: RD (rtt: 71ms)
Feb 12 17:43:16.142561 osdx dnscrypt-proxy[174709]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:16.247216 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Feb 12 17:43:16.468385 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:43:16.469053 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:43:16.469104 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:43:16.478888 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:43:16.811107 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:16.874809 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:43:17.020148 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:43:17.082920 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:17.177330 osdx ubnt-cfgd[174781]: inactive
Feb 12 17:43:17.198807 osdx dnscrypt-proxy[174709]: Stopped.
Feb 12 17:43:17.198864 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:43:17.200056 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:43:17.200163 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:17.256706 osdx WARNING[174845]: No supported link modes on interface eth0
Feb 12 17:43:17.258171 osdx modulelauncher[174845]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:17.258183 osdx modulelauncher[174845]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:17.259684 osdx modulelauncher[174845]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:17.259695 osdx modulelauncher[174845]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:17.276453 osdx ca-certificates[174870]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:43:17.574277 osdx ca-certificates[175447]: done.
Feb 12 17:43:17.577187 osdx ca-certificates[175455]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:18.051934 osdx ubnt-cfgd[176314]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:18.061856 osdx ca-certificates[176320]: 142 added, 0 removed; done.
Feb 12 17:43:18.065598 osdx ca-certificates[176326]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:18.069487 osdx ca-certificates[176328]: done.
Feb 12 17:43:18.089706 osdx INFO[176331]: FRR daemons did not change
Feb 12 17:43:18.090316 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:18.149833 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:18.175213 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:19.636369 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:20.328585 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:20.413613 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:20.547533 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:20.659184 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:20.762580 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:20.878245 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 12 17:43:20.936143 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Feb 12 17:43:21.030622 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:21.118798 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:21.214073 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:21.299976 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:21.397501 osdx ubnt-cfgd[176365]: inactive
Feb 12 17:43:21.421874 osdx INFO[176373]: FRR daemons did not change
Feb 12 17:43:21.436025 osdx ca-certificates[176389]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:22.045643 osdx ubnt-cfgd[177401]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:22.058047 osdx ca-certificates[177406]: 1 added, 0 removed; done.
Feb 12 17:43:22.062076 osdx ca-certificates[177413]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:22.065861 osdx ca-certificates[177415]: done.
Feb 12 17:43:22.097080 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:22.155097 osdx WARNING[177482]: No supported link modes on interface eth0
Feb 12 17:43:22.156532 osdx modulelauncher[177482]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:22.156546 osdx modulelauncher[177482]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:22.158191 osdx modulelauncher[177482]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:22.158201 osdx modulelauncher[177482]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:22.285574 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:22.287666 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:22.307379 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:22.312936 osdx dnscrypt-proxy[177531]: dnscrypt-proxy 2.0.45
Feb 12 17:43:22.313031 osdx dnscrypt-proxy[177531]: Network connectivity detected
Feb 12 17:43:22.313266 osdx dnscrypt-proxy[177531]: Dropping privileges
Feb 12 17:43:22.315724 osdx dnscrypt-proxy[177531]: Network connectivity detected
Feb 12 17:43:22.315757 osdx dnscrypt-proxy[177531]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:22.315761 osdx dnscrypt-proxy[177531]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:22.315774 osdx dnscrypt-proxy[177531]: Firefox workaround initialized
Feb 12 17:43:22.315778 osdx dnscrypt-proxy[177531]: Loading the set of cloaking rules from [/tmp/tmpa82ijmk7]
Feb 12 17:43:22.326038 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:22.476061 osdx dnscrypt-proxy[177531]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Feb 12 17:43:22.476075 osdx dnscrypt-proxy[177531]: [RD] OK (DoH) - rtt: 133ms
Feb 12 17:43:22.476083 osdx dnscrypt-proxy[177531]: Server with the lowest initial latency: RD (rtt: 133ms)
Feb 12 17:43:22.476087 osdx dnscrypt-proxy[177531]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:22.519803 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Feb 12 17:43:22.800096 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:43:22.801075 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:43:22.801134 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:43:22.816805 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:43:23.100902 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:23.170553 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:43:23.295351 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:43:23.361976 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:23.519446 osdx ubnt-cfgd[177604]: inactive
Feb 12 17:43:23.562109 osdx dnscrypt-proxy[177531]: Stopped.
Feb 12 17:43:23.562242 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:43:23.563526 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:43:23.563653 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:23.657872 osdx WARNING[177668]: No supported link modes on interface eth0
Feb 12 17:43:23.659836 osdx modulelauncher[177668]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:23.659851 osdx modulelauncher[177668]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:23.661498 osdx modulelauncher[177668]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:23.661507 osdx modulelauncher[177668]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:23.682516 osdx ca-certificates[177693]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:43:24.017487 osdx ca-certificates[178270]: done.
Feb 12 17:43:24.021262 osdx ca-certificates[178280]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:24.485303 osdx ubnt-cfgd[179137]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:24.493810 osdx ca-certificates[179142]: 142 added, 0 removed; done.
Feb 12 17:43:24.496815 osdx ca-certificates[179149]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:24.499662 osdx ca-certificates[179151]: done.
Feb 12 17:43:24.514596 osdx INFO[179154]: FRR daemons did not change
Feb 12 17:43:24.514863 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:24.539181 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:24.561326 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:25.923992 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:26.661123 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:26.730058 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:26.859267 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:26.929316 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:27.044191 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:27.120050 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 12 17:43:27.186305 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Feb 12 17:43:27.281183 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:27.376951 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:27.506219 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:27.580298 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:27.700012 osdx ubnt-cfgd[179188]: inactive
Feb 12 17:43:27.726007 osdx INFO[179196]: FRR daemons did not change
Feb 12 17:43:27.739812 osdx ca-certificates[179212]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:28.266895 osdx ubnt-cfgd[180224]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:28.274928 osdx ca-certificates[180229]: 1 added, 0 removed; done.
Feb 12 17:43:28.278079 osdx ca-certificates[180236]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:28.282055 osdx ca-certificates[180238]: done.
Feb 12 17:43:28.313065 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:28.359399 osdx WARNING[180305]: No supported link modes on interface eth0
Feb 12 17:43:28.361230 osdx modulelauncher[180305]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:28.361243 osdx modulelauncher[180305]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:28.362817 osdx modulelauncher[180305]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:28.362828 osdx modulelauncher[180305]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:28.473438 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:28.475278 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:28.491915 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:28.501375 osdx dnscrypt-proxy[180354]: dnscrypt-proxy 2.0.45
Feb 12 17:43:28.501451 osdx dnscrypt-proxy[180354]: Network connectivity detected
Feb 12 17:43:28.501729 osdx dnscrypt-proxy[180354]: Dropping privileges
Feb 12 17:43:28.504172 osdx dnscrypt-proxy[180354]: Network connectivity detected
Feb 12 17:43:28.504208 osdx dnscrypt-proxy[180354]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:28.504213 osdx dnscrypt-proxy[180354]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:28.504233 osdx dnscrypt-proxy[180354]: Firefox workaround initialized
Feb 12 17:43:28.504239 osdx dnscrypt-proxy[180354]: Loading the set of cloaking rules from [/tmp/tmpekg_tjrt]
Feb 12 17:43:28.510494 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:28.651388 osdx dnscrypt-proxy[180354]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Feb 12 17:43:28.651402 osdx dnscrypt-proxy[180354]: [RD] OK (DoH) - rtt: 127ms
Feb 12 17:43:28.651413 osdx dnscrypt-proxy[180354]: Server with the lowest initial latency: RD (rtt: 127ms)
Feb 12 17:43:28.651417 osdx dnscrypt-proxy[180354]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:28.703141 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Feb 12 17:43:28.970807 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free.
Feb 12 17:43:28.973057 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Feb 12 17:43:28.973127 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308.
Feb 12 17:43:28.983418 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'system journal clear'.
Feb 12 17:43:29.030420 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Feb 12 17:43:29.367287 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:29.430193 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'delete '.
Feb 12 17:43:29.536439 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Feb 12 17:43:29.598411 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:29.708646 osdx ubnt-cfgd[180427]: inactive
Feb 12 17:43:29.728669 osdx dnscrypt-proxy[180354]: Stopped.
Feb 12 17:43:29.728695 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Feb 12 17:43:29.729658 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Feb 12 17:43:29.729751 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:29.785725 osdx WARNING[180491]: No supported link modes on interface eth0
Feb 12 17:43:29.787566 osdx modulelauncher[180491]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:29.787580 osdx modulelauncher[180491]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:29.789024 osdx modulelauncher[180491]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:29.789055 osdx modulelauncher[180491]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:29.807648 osdx ca-certificates[180516]: Clearing symlinks in /etc/ssl/certs...
Feb 12 17:43:30.084429 osdx ca-certificates[181094]: done.
Feb 12 17:43:30.087595 osdx ca-certificates[181103]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:30.555901 osdx ubnt-cfgd[181960]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:30.564453 osdx ca-certificates[181965]: 142 added, 0 removed; done.
Feb 12 17:43:30.567444 osdx ca-certificates[181972]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:30.570994 osdx ca-certificates[181974]: done.
Feb 12 17:43:30.585408 osdx INFO[181977]: FRR daemons did not change
Feb 12 17:43:30.585721 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:30.588274 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:30.612251 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:32.112099 osdx OSDxCLI[79875]: User 'admin' entered the configuration menu.
Feb 12 17:43:32.721945 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Feb 12 17:43:32.785088 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Feb 12 17:43:32.897695 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Feb 12 17:43:32.953758 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Feb 12 17:43:33.049961 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ff80e2d024d82777d02b37c8a1ed89520186169f14f43384f0622363e9f2d2a7'.
Feb 12 17:43:33.104833 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Feb 12 17:43:33.201916 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Feb 12 17:43:33.259234 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Feb 12 17:43:33.393532 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Feb 12 17:43:33.452429 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Feb 12 17:43:33.586438 osdx OSDxCLI[79875]: User 'admin' added a new cfg line: 'show working'.
Feb 12 17:43:33.652839 osdx ubnt-cfgd[182012]: inactive
Feb 12 17:43:33.678859 osdx INFO[182020]: FRR daemons did not change
Feb 12 17:43:33.694171 osdx ca-certificates[182036]: Updating certificates in /etc/ssl/certs...
Feb 12 17:43:34.254062 osdx ubnt-cfgd[183048]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Feb 12 17:43:34.262056 osdx ca-certificates[183054]: 1 added, 0 removed; done.
Feb 12 17:43:34.265075 osdx ca-certificates[183060]: Running hooks in /etc/ca-certificates/update.d...
Feb 12 17:43:34.267984 osdx ca-certificates[183062]: done.
Feb 12 17:43:34.297063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Feb 12 17:43:34.347132 osdx WARNING[183129]: No supported link modes on interface eth0
Feb 12 17:43:34.348838 osdx modulelauncher[183129]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Feb 12 17:43:34.348850 osdx modulelauncher[183129]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Feb 12 17:43:34.350179 osdx modulelauncher[183129]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Feb 12 17:43:34.350190 osdx modulelauncher[183129]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Feb 12 17:43:34.453395 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Feb 12 17:43:34.454772 osdx cfgd[1631]: [79875]Completed change to active configuration
Feb 12 17:43:34.466615 osdx OSDxCLI[79875]: User 'admin' committed the configuration.
Feb 12 17:43:34.473456 osdx dnscrypt-proxy[183178]: dnscrypt-proxy 2.0.45
Feb 12 17:43:34.473532 osdx dnscrypt-proxy[183178]: Network connectivity detected
Feb 12 17:43:34.473767 osdx dnscrypt-proxy[183178]: Dropping privileges
Feb 12 17:43:34.477528 osdx dnscrypt-proxy[183178]: Network connectivity detected
Feb 12 17:43:34.477601 osdx dnscrypt-proxy[183178]: Now listening to 127.0.0.1:53 [UDP]
Feb 12 17:43:34.477606 osdx dnscrypt-proxy[183178]: Now listening to 127.0.0.1:53 [TCP]
Feb 12 17:43:34.477629 osdx dnscrypt-proxy[183178]: Firefox workaround initialized
Feb 12 17:43:34.477638 osdx dnscrypt-proxy[183178]: Loading the set of cloaking rules from [/tmp/tmp04ktaq5_]
Feb 12 17:43:34.494233 osdx OSDxCLI[79875]: User 'admin' left the configuration menu.
Feb 12 17:43:34.560094 osdx dnscrypt-proxy[183178]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Feb 12 17:43:34.560118 osdx dnscrypt-proxy[183178]: [RD] OK (DoH) - rtt: 59ms
Feb 12 17:43:34.560127 osdx dnscrypt-proxy[183178]: Server with the lowest initial latency: RD (rtt: 59ms)
Feb 12 17:43:34.560134 osdx dnscrypt-proxy[183178]: dnscrypt-proxy is ready - live servers: 1
Feb 12 17:43:34.645454 osdx OSDxCLI[79875]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---