Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 20 10:20:27.298967 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free.
Mar 20 10:20:27.299412 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:20:27.299445 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:20:27.308640 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:20:27.508037 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 20 10:20:27.770209 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:27.863052 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:27.924487 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:28.024049 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:28.082469 osdx ubnt-cfgd[229707]: inactive
Mar 20 10:20:28.102420 osdx INFO[229713]: FRR daemons did not change
Mar 20 10:20:28.135408 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:20:28.178363 osdx WARNING[229782]: No supported link modes on interface eth0
Mar 20 10:20:28.179689 osdx modulelauncher[229782]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:28.179700 osdx modulelauncher[229782]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:28.180786 osdx modulelauncher[229782]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:28.180795 osdx modulelauncher[229782]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:28.213159 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:28.226982 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:28.242793 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:28.387759 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 20 10:20:28.452965 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 20 10:20:28.623749 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:28.680808 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:20:28.774509 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:20:28.835430 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:20:28.927856 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:20:28.985821 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:20:29.080107 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 20 10:20:29.138374 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:20:29.261057 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:29.314079 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:29.416615 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:29.480127 osdx ubnt-cfgd[229886]: inactive
Mar 20 10:20:29.501214 osdx INFO[229894]: FRR daemons did not change
Mar 20 10:20:29.513586 osdx ca-certificates[229910]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:30.029945 osdx ubnt-cfgd[230922]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:30.037482 osdx ca-certificates[230927]: 1 added, 0 removed; done.
Mar 20 10:20:30.040209 osdx ca-certificates[230934]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:30.042810 osdx ca-certificates[230936]: done.
Mar 20 10:20:30.107694 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:30.108981 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:30.111431 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:30.125774 osdx dnscrypt-proxy[230940]: dnscrypt-proxy 2.0.45
Mar 20 10:20:30.125840 osdx dnscrypt-proxy[230940]: Network connectivity detected
Mar 20 10:20:30.126028 osdx dnscrypt-proxy[230940]: Dropping privileges
Mar 20 10:20:30.129121 osdx dnscrypt-proxy[230940]: Network connectivity detected
Mar 20 10:20:30.129158 osdx dnscrypt-proxy[230940]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:20:30.129164 osdx dnscrypt-proxy[230940]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:20:30.129186 osdx dnscrypt-proxy[230940]: Firefox workaround initialized
Mar 20 10:20:30.129192 osdx dnscrypt-proxy[230940]: Loading the set of cloaking rules from [/tmp/tmpcnrjjxfc]
Mar 20 10:20:30.131733 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:30.174294 osdx dnscrypt-proxy[230940]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 20 10:20:30.174308 osdx dnscrypt-proxy[230940]: [RD] OK (DoH) - rtt: 25ms
Mar 20 10:20:30.174315 osdx dnscrypt-proxy[230940]: Server with the lowest initial latency: RD (rtt: 25ms)
Mar 20 10:20:30.174320 osdx dnscrypt-proxy[230940]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:20:30.298939 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 20 10:20:37.345289 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:20:37.347117 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:20:37.347198 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:20:37.357964 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:20:37.582596 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 20 10:20:37.877026 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:37.975275 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:38.049696 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:38.161842 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:38.237069 osdx ubnt-cfgd[232661]: inactive
Mar 20 10:20:38.257707 osdx INFO[232667]: FRR daemons did not change
Mar 20 10:20:38.295121 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:20:38.348506 osdx WARNING[232736]: No supported link modes on interface eth0
Mar 20 10:20:38.350184 osdx modulelauncher[232736]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:38.350198 osdx modulelauncher[232736]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:38.351495 osdx modulelauncher[232736]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:38.351507 osdx modulelauncher[232736]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:38.388591 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:38.402472 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:38.426052 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:38.583722 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 20 10:20:38.684898 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 20 10:20:38.845393 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:38.921359 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:20:39.025870 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:20:39.093227 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:20:39.181483 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:20:39.241192 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:20:39.336884 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 20 10:20:39.395312 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:20:39.522365 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:39.600003 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:39.709614 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:39.781034 osdx ubnt-cfgd[232840]: inactive
Mar 20 10:20:39.802525 osdx INFO[232848]: FRR daemons did not change
Mar 20 10:20:39.817369 osdx ca-certificates[232864]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:40.428444 osdx ubnt-cfgd[233876]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:40.439229 osdx ca-certificates[233882]: 1 added, 0 removed; done.
Mar 20 10:20:40.442975 osdx ca-certificates[233888]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:40.445969 osdx ca-certificates[233890]: done.
Mar 20 10:20:40.539580 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:40.541228 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:40.543974 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:40.564158 osdx dnscrypt-proxy[233894]: dnscrypt-proxy 2.0.45
Mar 20 10:20:40.564239 osdx dnscrypt-proxy[233894]: Network connectivity detected
Mar 20 10:20:40.564609 osdx dnscrypt-proxy[233894]: Dropping privileges
Mar 20 10:20:40.567476 osdx dnscrypt-proxy[233894]: Network connectivity detected
Mar 20 10:20:40.567514 osdx dnscrypt-proxy[233894]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:20:40.567519 osdx dnscrypt-proxy[233894]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:20:40.567584 osdx dnscrypt-proxy[233894]: Firefox workaround initialized
Mar 20 10:20:40.567590 osdx dnscrypt-proxy[233894]: Loading the set of cloaking rules from [/tmp/tmptcno75_q]
Mar 20 10:20:40.575129 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:40.614847 osdx dnscrypt-proxy[233894]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 20 10:20:40.614990 osdx dnscrypt-proxy[233894]: [RD] OK (DoH) - rtt: 24ms
Mar 20 10:20:40.615002 osdx dnscrypt-proxy[233894]: Server with the lowest initial latency: RD (rtt: 24ms)
Mar 20 10:20:40.615007 osdx dnscrypt-proxy[233894]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:20:40.737825 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 20 10:20:40.985557 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:20:40.987112 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:20:40.987167 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:20:40.996324 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:20:41.391579 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:41.454434 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:20:41.585607 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:20:41.658084 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:41.752576 osdx ubnt-cfgd[233946]: inactive
Mar 20 10:20:41.773841 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:20:41.773841 osdx dnscrypt-proxy[233894]: Stopped.
Mar 20 10:20:41.774866 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:20:41.774984 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:41.834480 osdx WARNING[234010]: No supported link modes on interface eth0
Mar 20 10:20:41.835879 osdx modulelauncher[234010]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:41.835892 osdx modulelauncher[234010]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:41.836986 osdx modulelauncher[234010]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:41.836994 osdx modulelauncher[234010]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:41.853771 osdx ca-certificates[234035]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:20:42.169320 osdx ca-certificates[234612]: done.
Mar 20 10:20:42.173065 osdx ca-certificates[234620]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:42.625705 osdx ubnt-cfgd[235479]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:42.634272 osdx ca-certificates[235485]: 142 added, 0 removed; done.
Mar 20 10:20:42.637302 osdx ca-certificates[235491]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:42.640518 osdx ca-certificates[235493]: done.
Mar 20 10:20:42.658762 osdx INFO[235496]: FRR daemons did not change
Mar 20 10:20:42.659039 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:42.669127 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:42.687937 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:44.124063 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:44.178820 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:20:44.440226 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:20:44.519217 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:20:44.607654 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:20:44.666009 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:20:44.770374 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 20 10:20:44.824560 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:20:44.962187 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:45.028784 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:45.165834 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:45.229104 osdx ubnt-cfgd[235529]: inactive
Mar 20 10:20:45.253907 osdx INFO[235537]: FRR daemons did not change
Mar 20 10:20:45.267541 osdx ca-certificates[235553]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:45.787084 osdx ubnt-cfgd[236565]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:45.797267 osdx ca-certificates[236571]: 1 added, 0 removed; done.
Mar 20 10:20:45.800110 osdx ca-certificates[236577]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:45.802851 osdx ca-certificates[236579]: done.
Mar 20 10:20:46.571118 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:20:46.616755 osdx WARNING[236646]: No supported link modes on interface eth0
Mar 20 10:20:46.618126 osdx modulelauncher[236646]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:46.618137 osdx modulelauncher[236646]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:46.619265 osdx modulelauncher[236646]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:46.619272 osdx modulelauncher[236646]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:46.731513 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:46.733258 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:46.748655 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:46.752208 osdx dnscrypt-proxy[236695]: dnscrypt-proxy 2.0.45
Mar 20 10:20:46.752280 osdx dnscrypt-proxy[236695]: Network connectivity detected
Mar 20 10:20:46.752488 osdx dnscrypt-proxy[236695]: Dropping privileges
Mar 20 10:20:46.755723 osdx dnscrypt-proxy[236695]: Network connectivity detected
Mar 20 10:20:46.755762 osdx dnscrypt-proxy[236695]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:20:46.755768 osdx dnscrypt-proxy[236695]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:20:46.755789 osdx dnscrypt-proxy[236695]: Firefox workaround initialized
Mar 20 10:20:46.755796 osdx dnscrypt-proxy[236695]: Loading the set of cloaking rules from [/tmp/tmptodgqr7l]
Mar 20 10:20:46.765241 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:46.789838 osdx dnscrypt-proxy[236695]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 20 10:20:46.789861 osdx dnscrypt-proxy[236695]: [RD] OK (DoH) - rtt: 10ms
Mar 20 10:20:46.789874 osdx dnscrypt-proxy[236695]: Server with the lowest initial latency: RD (rtt: 10ms)
Mar 20 10:20:46.789882 osdx dnscrypt-proxy[236695]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:20:46.911392 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 20 10:20:47.119012 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:20:47.119480 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:20:47.119509 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:20:47.129917 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:20:47.447434 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:47.503159 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:20:47.660805 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:20:47.723497 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:47.819092 osdx ubnt-cfgd[236769]: inactive
Mar 20 10:20:47.843481 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:20:47.843744 osdx dnscrypt-proxy[236695]: Stopped.
Mar 20 10:20:47.844760 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:20:47.844868 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:47.912919 osdx WARNING[236833]: No supported link modes on interface eth0
Mar 20 10:20:47.914364 osdx modulelauncher[236833]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:47.914378 osdx modulelauncher[236833]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:47.915870 osdx modulelauncher[236833]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:47.915879 osdx modulelauncher[236833]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:47.933755 osdx ca-certificates[236857]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:20:48.240392 osdx ca-certificates[237435]: done.
Mar 20 10:20:48.244316 osdx ca-certificates[237443]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:48.748152 osdx ubnt-cfgd[238302]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:48.758822 osdx ca-certificates[238307]: 142 added, 0 removed; done.
Mar 20 10:20:48.761687 osdx ca-certificates[238314]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:48.764512 osdx ca-certificates[238316]: done.
Mar 20 10:20:48.779897 osdx INFO[238319]: FRR daemons did not change
Mar 20 10:20:48.780242 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:48.806472 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:48.824931 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:50.162730 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:50.233642 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:20:50.353243 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:20:50.421496 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:20:50.530432 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:20:50.638777 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:20:50.717560 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 20 10:20:50.806329 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:20:50.912694 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:50.986858 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:51.105586 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:51.166122 osdx ubnt-cfgd[238352]: inactive
Mar 20 10:20:51.189355 osdx INFO[238360]: FRR daemons did not change
Mar 20 10:20:51.203356 osdx ca-certificates[238376]: Updating certificates in /etc/ssl/certs...
Mar 20 10:20:51.719360 osdx ubnt-cfgd[239388]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:20:51.727081 osdx ca-certificates[239394]: 1 added, 0 removed; done.
Mar 20 10:20:51.729867 osdx ca-certificates[239400]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:20:51.732531 osdx ca-certificates[239402]: done.
Mar 20 10:20:51.759119 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:20:51.802903 osdx WARNING[239469]: No supported link modes on interface eth0
Mar 20 10:20:51.804900 osdx modulelauncher[239469]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:51.804917 osdx modulelauncher[239469]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:51.806133 osdx modulelauncher[239469]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:51.806142 osdx modulelauncher[239469]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:51.907404 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:20:51.908501 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:51.920129 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:51.935963 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:51.937095 osdx dnscrypt-proxy[239518]: dnscrypt-proxy 2.0.45
Mar 20 10:20:51.937154 osdx dnscrypt-proxy[239518]: Network connectivity detected
Mar 20 10:20:51.937345 osdx dnscrypt-proxy[239518]: Dropping privileges
Mar 20 10:20:51.939734 osdx dnscrypt-proxy[239518]: Network connectivity detected
Mar 20 10:20:51.939771 osdx dnscrypt-proxy[239518]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:20:51.939777 osdx dnscrypt-proxy[239518]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:20:51.939797 osdx dnscrypt-proxy[239518]: Firefox workaround initialized
Mar 20 10:20:51.939803 osdx dnscrypt-proxy[239518]: Loading the set of cloaking rules from [/tmp/tmp9lpjuxkj]
Mar 20 10:20:51.969315 osdx dnscrypt-proxy[239518]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:20:51.969327 osdx dnscrypt-proxy[239518]: [RD] OK (DoH) - rtt: 11ms
Mar 20 10:20:51.969334 osdx dnscrypt-proxy[239518]: Server with the lowest initial latency: RD (rtt: 11ms)
Mar 20 10:20:51.969338 osdx dnscrypt-proxy[239518]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:20:52.076936 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 20 10:20:58.283679 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:20:58.284478 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:20:58.284525 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:20:58.293794 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:20:58.493311 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 20 10:20:58.705718 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:58.842944 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:20:58.893714 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:20:58.995537 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:20:59.061277 osdx ubnt-cfgd[241259]: inactive
Mar 20 10:20:59.078841 osdx INFO[241265]: FRR daemons did not change
Mar 20 10:20:59.108467 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:20:59.151094 osdx WARNING[241334]: No supported link modes on interface eth0
Mar 20 10:20:59.152442 osdx modulelauncher[241334]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:20:59.152460 osdx modulelauncher[241334]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:20:59.153618 osdx modulelauncher[241334]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:20:59.153625 osdx modulelauncher[241334]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:20:59.185840 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:20:59.196592 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:20:59.231613 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:20:59.368813 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 20 10:20:59.450445 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 20 10:20:59.633520 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:20:59.706005 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:20:59.817012 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:20:59.888088 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:20:59.974788 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:00.031585 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:00.120285 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:00.171922 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:00.281100 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:00.334075 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:00.445068 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:00.503048 osdx ubnt-cfgd[241438]: inactive
Mar 20 10:21:00.522227 osdx INFO[241446]: FRR daemons did not change
Mar 20 10:21:00.534558 osdx ca-certificates[241462]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:01.062409 osdx ubnt-cfgd[242474]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:01.072700 osdx ca-certificates[242479]: 1 added, 0 removed; done.
Mar 20 10:21:01.075698 osdx ca-certificates[242486]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:01.078426 osdx ca-certificates[242488]: done.
Mar 20 10:21:01.144847 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:01.146214 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:01.148442 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:01.166124 osdx dnscrypt-proxy[242492]: dnscrypt-proxy 2.0.45
Mar 20 10:21:01.166183 osdx dnscrypt-proxy[242492]: Network connectivity detected
Mar 20 10:21:01.166377 osdx dnscrypt-proxy[242492]: Dropping privileges
Mar 20 10:21:01.169065 osdx dnscrypt-proxy[242492]: Network connectivity detected
Mar 20 10:21:01.169101 osdx dnscrypt-proxy[242492]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:01.169106 osdx dnscrypt-proxy[242492]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:01.169127 osdx dnscrypt-proxy[242492]: Firefox workaround initialized
Mar 20 10:21:01.169133 osdx dnscrypt-proxy[242492]: Loading the set of cloaking rules from [/tmp/tmpfbutodqt]
Mar 20 10:21:01.169954 osdx dnscrypt-proxy[242492]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 20 10:21:01.175320 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:01.200119 osdx dnscrypt-proxy[242492]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:21:01.200139 osdx dnscrypt-proxy[242492]: [RD] OK (DoH) - rtt: 10ms
Mar 20 10:21:01.200149 osdx dnscrypt-proxy[242492]: Server with the lowest initial latency: RD (rtt: 10ms)
Mar 20 10:21:01.200155 osdx dnscrypt-proxy[242492]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 20 10:21:08.329603 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:08.333131 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:08.333193 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:08.340079 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:08.554299 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 20 10:21:08.804693 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:08.903414 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:09.035310 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:09.158099 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:09.277758 osdx ubnt-cfgd[244214]: inactive
Mar 20 10:21:09.298078 osdx INFO[244220]: FRR daemons did not change
Mar 20 10:21:09.329133 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:09.383975 osdx WARNING[244289]: No supported link modes on interface eth0
Mar 20 10:21:09.385442 osdx modulelauncher[244289]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:09.385454 osdx modulelauncher[244289]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:09.386627 osdx modulelauncher[244289]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:09.386637 osdx modulelauncher[244289]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:09.425836 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:09.439687 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:09.467527 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:09.626850 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 20 10:21:09.745485 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 20 10:21:09.918095 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:09.978212 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:10.078752 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:10.149574 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:10.284203 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:10.348022 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:10.444459 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:10.504263 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:10.644653 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:10.726463 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:10.839960 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:10.901167 osdx ubnt-cfgd[244393]: inactive
Mar 20 10:21:10.923251 osdx INFO[244401]: FRR daemons did not change
Mar 20 10:21:10.936504 osdx ca-certificates[244416]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:11.496440 osdx ubnt-cfgd[245429]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:11.504966 osdx ca-certificates[245434]: 1 added, 0 removed; done.
Mar 20 10:21:11.508174 osdx ca-certificates[245441]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:11.511322 osdx ca-certificates[245443]: done.
Mar 20 10:21:11.585610 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:11.587349 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:11.590721 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:11.606512 osdx dnscrypt-proxy[245447]: dnscrypt-proxy 2.0.45
Mar 20 10:21:11.606591 osdx dnscrypt-proxy[245447]: Network connectivity detected
Mar 20 10:21:11.606909 osdx dnscrypt-proxy[245447]: Dropping privileges
Mar 20 10:21:11.610014 osdx dnscrypt-proxy[245447]: Network connectivity detected
Mar 20 10:21:11.610049 osdx dnscrypt-proxy[245447]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:11.610053 osdx dnscrypt-proxy[245447]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:11.610071 osdx dnscrypt-proxy[245447]: Firefox workaround initialized
Mar 20 10:21:11.610077 osdx dnscrypt-proxy[245447]: Loading the set of cloaking rules from [/tmp/tmpblvf4qak]
Mar 20 10:21:11.611439 osdx dnscrypt-proxy[245447]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 20 10:21:11.619070 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:11.651436 osdx dnscrypt-proxy[245447]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:21:11.651449 osdx dnscrypt-proxy[245447]: [RD] OK (DoH) - rtt: 13ms
Mar 20 10:21:11.651457 osdx dnscrypt-proxy[245447]: Server with the lowest initial latency: RD (rtt: 13ms)
Mar 20 10:21:11.651461 osdx dnscrypt-proxy[245447]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 20 10:21:11.853587 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:11.857136 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:11.857207 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:11.866646 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:12.166108 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:12.230051 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:12.350869 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:12.415892 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:12.510077 osdx ubnt-cfgd[245496]: inactive
Mar 20 10:21:12.554608 osdx dnscrypt-proxy[245447]: Stopped.
Mar 20 10:21:12.554641 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:12.555664 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:12.555770 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:12.618201 osdx WARNING[245560]: No supported link modes on interface eth0
Mar 20 10:21:12.619947 osdx modulelauncher[245560]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:12.619959 osdx modulelauncher[245560]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:12.621193 osdx modulelauncher[245560]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:12.621202 osdx modulelauncher[245560]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:12.640838 osdx ca-certificates[245585]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:12.927812 osdx ca-certificates[246162]: done.
Mar 20 10:21:12.930968 osdx ca-certificates[246171]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:13.420640 osdx ubnt-cfgd[247029]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:13.429747 osdx ca-certificates[247035]: 142 added, 0 removed; done.
Mar 20 10:21:13.433487 osdx ca-certificates[247041]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:13.436582 osdx ca-certificates[247043]: done.
Mar 20 10:21:13.451942 osdx INFO[247046]: FRR daemons did not change
Mar 20 10:21:13.452278 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:13.454541 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:13.473422 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:14.841725 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:14.905532 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:15.024909 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:15.089825 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:15.198000 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:15.298324 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:15.407570 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 20 10:21:15.545237 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:15.685915 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:15.744434 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:15.871899 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:15.940182 osdx ubnt-cfgd[247079]: inactive
Mar 20 10:21:15.964644 osdx INFO[247087]: FRR daemons did not change
Mar 20 10:21:15.979634 osdx ca-certificates[247103]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:16.565382 osdx ubnt-cfgd[248115]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:16.574753 osdx ca-certificates[248121]: 1 added, 0 removed; done.
Mar 20 10:21:16.577554 osdx ca-certificates[248127]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:16.580359 osdx ca-certificates[248129]: done.
Mar 20 10:21:16.609145 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:16.654561 osdx WARNING[248196]: No supported link modes on interface eth0
Mar 20 10:21:16.656307 osdx modulelauncher[248196]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:16.656320 osdx modulelauncher[248196]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:16.657795 osdx modulelauncher[248196]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:16.657804 osdx modulelauncher[248196]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:16.777496 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:16.778964 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:16.794288 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:16.797188 osdx dnscrypt-proxy[248245]: dnscrypt-proxy 2.0.45
Mar 20 10:21:16.797264 osdx dnscrypt-proxy[248245]: Network connectivity detected
Mar 20 10:21:16.797502 osdx dnscrypt-proxy[248245]: Dropping privileges
Mar 20 10:21:16.799946 osdx dnscrypt-proxy[248245]: Network connectivity detected
Mar 20 10:21:16.799983 osdx dnscrypt-proxy[248245]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:16.799988 osdx dnscrypt-proxy[248245]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:16.800006 osdx dnscrypt-proxy[248245]: Firefox workaround initialized
Mar 20 10:21:16.800012 osdx dnscrypt-proxy[248245]: Loading the set of cloaking rules from [/tmp/tmpycm82xk3]
Mar 20 10:21:16.801038 osdx dnscrypt-proxy[248245]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 20 10:21:16.829758 osdx dnscrypt-proxy[248245]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:21:16.829775 osdx dnscrypt-proxy[248245]: [RD] OK (DoH) - rtt: 12ms
Mar 20 10:21:16.829785 osdx dnscrypt-proxy[248245]: Server with the lowest initial latency: RD (rtt: 12ms)
Mar 20 10:21:16.829790 osdx dnscrypt-proxy[248245]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:16.838520 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 20 10:21:17.201551 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:17.205158 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:17.205214 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:17.211895 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:17.666872 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:17.766962 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:17.943772 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:18.019062 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:18.126288 osdx ubnt-cfgd[248313]: inactive
Mar 20 10:21:18.151166 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:18.151441 osdx dnscrypt-proxy[248245]: Stopped.
Mar 20 10:21:18.152655 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:18.152809 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:18.221762 osdx WARNING[248377]: No supported link modes on interface eth0
Mar 20 10:21:18.223165 osdx modulelauncher[248377]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:18.223176 osdx modulelauncher[248377]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:18.224624 osdx modulelauncher[248377]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:18.224632 osdx modulelauncher[248377]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:18.241327 osdx ca-certificates[248402]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:18.547855 osdx ca-certificates[248980]: done.
Mar 20 10:21:18.551169 osdx ca-certificates[248989]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:19.043180 osdx ubnt-cfgd[249846]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:19.053770 osdx ca-certificates[249852]: 142 added, 0 removed; done.
Mar 20 10:21:19.057638 osdx ca-certificates[249858]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:19.060673 osdx ca-certificates[249860]: done.
Mar 20 10:21:19.074865 osdx INFO[249863]: FRR daemons did not change
Mar 20 10:21:19.075147 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:19.093496 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:19.116608 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:20.502173 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:20.591556 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:20.750824 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:20.874636 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:20.968773 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:21.086401 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:21.221533 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:21.288767 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 20 10:21:21.392813 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:21.479093 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:21.560279 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:21.681457 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:21.753032 osdx ubnt-cfgd[249897]: inactive
Mar 20 10:21:21.781740 osdx INFO[249905]: FRR daemons did not change
Mar 20 10:21:21.794402 osdx ca-certificates[249921]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:22.356488 osdx ubnt-cfgd[250933]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:22.364180 osdx ca-certificates[250938]: 1 added, 0 removed; done.
Mar 20 10:21:22.367011 osdx ca-certificates[250945]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:22.369708 osdx ca-certificates[250947]: done.
Mar 20 10:21:22.397136 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:22.440038 osdx WARNING[251014]: No supported link modes on interface eth0
Mar 20 10:21:22.441494 osdx modulelauncher[251014]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:22.441506 osdx modulelauncher[251014]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:22.442627 osdx modulelauncher[251014]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:22.442634 osdx modulelauncher[251014]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:22.549463 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:22.550742 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:22.562671 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:22.569149 osdx dnscrypt-proxy[251063]: dnscrypt-proxy 2.0.45
Mar 20 10:21:22.569219 osdx dnscrypt-proxy[251063]: Network connectivity detected
Mar 20 10:21:22.569438 osdx dnscrypt-proxy[251063]: Dropping privileges
Mar 20 10:21:22.571748 osdx dnscrypt-proxy[251063]: Network connectivity detected
Mar 20 10:21:22.571775 osdx dnscrypt-proxy[251063]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:22.571779 osdx dnscrypt-proxy[251063]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:22.571794 osdx dnscrypt-proxy[251063]: Firefox workaround initialized
Mar 20 10:21:22.571798 osdx dnscrypt-proxy[251063]: Loading the set of cloaking rules from [/tmp/tmp4uusw1u5]
Mar 20 10:21:22.572820 osdx dnscrypt-proxy[251063]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 20 10:21:22.586337 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:22.602578 osdx dnscrypt-proxy[251063]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:21:22.602591 osdx dnscrypt-proxy[251063]: [RD] OK (DoH) - rtt: 11ms
Mar 20 10:21:22.602597 osdx dnscrypt-proxy[251063]: Server with the lowest initial latency: RD (rtt: 11ms)
Mar 20 10:21:22.602602 osdx dnscrypt-proxy[251063]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 20 10:21:31.339550 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:31.343508 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:31.343568 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:31.349312 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:31.581942 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 20 10:21:31.849465 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:31.950354 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:32.026437 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:32.129769 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:32.189912 osdx ubnt-cfgd[252799]: inactive
Mar 20 10:21:32.208621 osdx INFO[252805]: FRR daemons did not change
Mar 20 10:21:32.239514 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:32.279644 osdx WARNING[252874]: No supported link modes on interface eth0
Mar 20 10:21:32.280974 osdx modulelauncher[252874]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:32.280986 osdx modulelauncher[252874]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:32.282060 osdx modulelauncher[252874]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:32.282068 osdx modulelauncher[252874]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:32.315517 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:32.327683 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:32.342408 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:32.501395 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 20 10:21:32.587448 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 20 10:21:32.753485 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:33.391482 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:33.468083 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:33.576325 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:33.641227 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:33.761621 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:33.819987 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:33.917567 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 20 10:21:33.996888 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:34.120272 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:34.210156 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:34.312527 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:34.398126 osdx ubnt-cfgd[252979]: inactive
Mar 20 10:21:34.878696 osdx INFO[252987]: FRR daemons did not change
Mar 20 10:21:34.893588 osdx ca-certificates[253003]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:35.569324 osdx ubnt-cfgd[254015]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:35.578293 osdx ca-certificates[254021]: 1 added, 0 removed; done.
Mar 20 10:21:35.581460 osdx ca-certificates[254027]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:35.584719 osdx ca-certificates[254029]: done.
Mar 20 10:21:35.665144 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:35.679389 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:35.682973 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:35.699307 osdx dnscrypt-proxy[254033]: dnscrypt-proxy 2.0.45
Mar 20 10:21:35.699379 osdx dnscrypt-proxy[254033]: Network connectivity detected
Mar 20 10:21:35.699683 osdx dnscrypt-proxy[254033]: Dropping privileges
Mar 20 10:21:35.703559 osdx dnscrypt-proxy[254033]: Network connectivity detected
Mar 20 10:21:35.703986 osdx dnscrypt-proxy[254033]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:35.704125 osdx dnscrypt-proxy[254033]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:35.704154 osdx dnscrypt-proxy[254033]: Firefox workaround initialized
Mar 20 10:21:35.704161 osdx dnscrypt-proxy[254033]: Loading the set of cloaking rules from [/tmp/tmpumf9rhtu]
Mar 20 10:21:35.716256 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:35.758786 osdx dnscrypt-proxy[254033]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 20 10:21:35.758809 osdx dnscrypt-proxy[254033]: [RD] OK (DoH) - rtt: 11ms
Mar 20 10:21:35.758819 osdx dnscrypt-proxy[254033]: Server with the lowest initial latency: RD (rtt: 11ms)
Mar 20 10:21:35.758824 osdx dnscrypt-proxy[254033]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:35.883949 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 20 10:21:36.345978 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:36.347659 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:36.347726 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:36.357927 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:36.743415 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:36.800924 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:36.928006 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:36.986139 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:37.114270 osdx ubnt-cfgd[254085]: inactive
Mar 20 10:21:37.136284 osdx dnscrypt-proxy[254033]: Stopped.
Mar 20 10:21:37.136322 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:37.137008 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:37.137130 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:37.203436 osdx WARNING[254149]: No supported link modes on interface eth0
Mar 20 10:21:37.205251 osdx modulelauncher[254149]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:37.205264 osdx modulelauncher[254149]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:37.206826 osdx modulelauncher[254149]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:37.206835 osdx modulelauncher[254149]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:37.227128 osdx ca-certificates[254174]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:37.538597 osdx ca-certificates[254752]: done.
Mar 20 10:21:37.542975 osdx ca-certificates[254761]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:38.072265 osdx ubnt-cfgd[255618]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:38.082344 osdx ca-certificates[255624]: 142 added, 0 removed; done.
Mar 20 10:21:38.086177 osdx ca-certificates[255630]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:38.089189 osdx ca-certificates[255632]: done.
Mar 20 10:21:38.106102 osdx INFO[255635]: FRR daemons did not change
Mar 20 10:21:38.106386 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:38.108685 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:38.125661 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:39.503063 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:40.098485 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:40.166287 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:40.262270 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:40.330146 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:40.425629 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:40.486296 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:40.574101 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 20 10:21:40.642336 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:40.761227 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:40.827438 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:40.935593 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:41.014438 osdx ubnt-cfgd[255669]: inactive
Mar 20 10:21:41.036407 osdx INFO[255677]: FRR daemons did not change
Mar 20 10:21:41.049233 osdx ca-certificates[255693]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:41.603798 osdx ubnt-cfgd[256705]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:41.612909 osdx ca-certificates[256710]: 1 added, 0 removed; done.
Mar 20 10:21:41.616752 osdx ca-certificates[256717]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:41.620440 osdx ca-certificates[256719]: done.
Mar 20 10:21:41.651515 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:41.694878 osdx WARNING[256786]: No supported link modes on interface eth0
Mar 20 10:21:41.696648 osdx modulelauncher[256786]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:41.696661 osdx modulelauncher[256786]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:41.698194 osdx modulelauncher[256786]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:41.698203 osdx modulelauncher[256786]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:41.791947 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:41.793529 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:41.809188 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:41.820860 osdx dnscrypt-proxy[256835]: dnscrypt-proxy 2.0.45
Mar 20 10:21:41.821004 osdx dnscrypt-proxy[256835]: Network connectivity detected
Mar 20 10:21:41.821346 osdx dnscrypt-proxy[256835]: Dropping privileges
Mar 20 10:21:41.824678 osdx dnscrypt-proxy[256835]: Network connectivity detected
Mar 20 10:21:41.824713 osdx dnscrypt-proxy[256835]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:41.824718 osdx dnscrypt-proxy[256835]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:41.824738 osdx dnscrypt-proxy[256835]: Firefox workaround initialized
Mar 20 10:21:41.824744 osdx dnscrypt-proxy[256835]: Loading the set of cloaking rules from [/tmp/tmp1e2ai3wh]
Mar 20 10:21:41.830160 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:41.861301 osdx dnscrypt-proxy[256835]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 20 10:21:41.861315 osdx dnscrypt-proxy[256835]: [RD] OK (DoH) - rtt: 13ms
Mar 20 10:21:41.861322 osdx dnscrypt-proxy[256835]: Server with the lowest initial latency: RD (rtt: 13ms)
Mar 20 10:21:41.861326 osdx dnscrypt-proxy[256835]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:41.988846 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 20 10:21:42.254672 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:42.255504 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:42.255562 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:42.264544 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:42.631462 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:42.716667 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:42.843585 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:42.926892 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:43.022631 osdx ubnt-cfgd[256906]: inactive
Mar 20 10:21:43.044171 osdx dnscrypt-proxy[256835]: Stopped.
Mar 20 10:21:43.044198 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:43.045134 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:43.045241 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:43.100238 osdx WARNING[256970]: No supported link modes on interface eth0
Mar 20 10:21:43.101578 osdx modulelauncher[256970]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:43.101591 osdx modulelauncher[256970]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:43.103060 osdx modulelauncher[256970]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:43.103069 osdx modulelauncher[256970]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:43.122983 osdx ca-certificates[256995]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:43.424077 osdx ca-certificates[257573]: done.
Mar 20 10:21:43.427770 osdx ca-certificates[257580]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:43.872455 osdx ubnt-cfgd[258439]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:43.880687 osdx ca-certificates[258445]: 142 added, 0 removed; done.
Mar 20 10:21:43.883758 osdx ca-certificates[258451]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:43.886582 osdx ca-certificates[258453]: done.
Mar 20 10:21:43.900814 osdx INFO[258456]: FRR daemons did not change
Mar 20 10:21:43.901074 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:43.931240 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:43.945462 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:45.173409 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:45.752699 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:45.811763 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:45.943567 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:46.031934 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:46.125484 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:46.178557 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 20 10:21:46.323477 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 20 10:21:46.388371 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:46.511772 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:46.584438 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:46.675353 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:46.768620 osdx ubnt-cfgd[258490]: inactive
Mar 20 10:21:46.789571 osdx INFO[258498]: FRR daemons did not change
Mar 20 10:21:46.801262 osdx ca-certificates[258513]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:47.364772 osdx ubnt-cfgd[259526]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:47.374435 osdx ca-certificates[259531]: 1 added, 0 removed; done.
Mar 20 10:21:47.377288 osdx ca-certificates[259538]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:47.380008 osdx ca-certificates[259540]: done.
Mar 20 10:21:47.407509 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:47.452310 osdx WARNING[259607]: No supported link modes on interface eth0
Mar 20 10:21:47.454064 osdx modulelauncher[259607]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:47.454075 osdx modulelauncher[259607]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:47.455603 osdx modulelauncher[259607]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:47.455611 osdx modulelauncher[259607]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:47.559810 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:47.561082 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:47.573421 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:47.587015 osdx dnscrypt-proxy[259656]: dnscrypt-proxy 2.0.45
Mar 20 10:21:47.587092 osdx dnscrypt-proxy[259656]: Network connectivity detected
Mar 20 10:21:47.587331 osdx dnscrypt-proxy[259656]: Dropping privileges
Mar 20 10:21:47.590202 osdx dnscrypt-proxy[259656]: Network connectivity detected
Mar 20 10:21:47.590240 osdx dnscrypt-proxy[259656]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:47.590245 osdx dnscrypt-proxy[259656]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:47.590265 osdx dnscrypt-proxy[259656]: Firefox workaround initialized
Mar 20 10:21:47.590271 osdx dnscrypt-proxy[259656]: Loading the set of cloaking rules from [/tmp/tmpqf820q0q]
Mar 20 10:21:47.590992 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:47.618191 osdx dnscrypt-proxy[259656]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:21:47.618212 osdx dnscrypt-proxy[259656]: [RD] OK (DoH) - rtt: 10ms
Mar 20 10:21:47.618222 osdx dnscrypt-proxy[259656]: Server with the lowest initial latency: RD (rtt: 10ms)
Mar 20 10:21:47.618228 osdx dnscrypt-proxy[259656]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:47.741795 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 20 10:21:47.945740 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:47.947510 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:47.947562 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:47.956943 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:48.214314 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:48.273447 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:48.421189 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:48.501871 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:48.623550 osdx ubnt-cfgd[259728]: inactive
Mar 20 10:21:48.644226 osdx dnscrypt-proxy[259656]: Stopped.
Mar 20 10:21:48.644296 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:48.645027 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:48.645142 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:48.701702 osdx WARNING[259792]: No supported link modes on interface eth0
Mar 20 10:21:48.703373 osdx modulelauncher[259792]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:48.703386 osdx modulelauncher[259792]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:48.704611 osdx modulelauncher[259792]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:48.704626 osdx modulelauncher[259792]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:48.723645 osdx ca-certificates[259817]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:49.002079 osdx ca-certificates[260394]: done.
Mar 20 10:21:49.005181 osdx ca-certificates[260404]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:49.507192 osdx ubnt-cfgd[261261]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:49.516400 osdx ca-certificates[261267]: 142 added, 0 removed; done.
Mar 20 10:21:49.519433 osdx ca-certificates[261273]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:49.522228 osdx ca-certificates[261275]: done.
Mar 20 10:21:49.536734 osdx INFO[261278]: FRR daemons did not change
Mar 20 10:21:49.536967 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:49.577860 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:49.598073 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:50.930105 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:51.497404 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:51.567786 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:51.672089 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:51.738912 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:51.829992 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:51.896968 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 20 10:21:52.037146 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 20 10:21:52.108302 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:52.245461 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:52.307831 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:52.409747 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:52.487123 osdx ubnt-cfgd[261312]: inactive
Mar 20 10:21:52.510469 osdx INFO[261320]: FRR daemons did not change
Mar 20 10:21:52.522620 osdx ca-certificates[261336]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:53.055969 osdx ubnt-cfgd[262348]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:53.063586 osdx ca-certificates[262354]: 1 added, 0 removed; done.
Mar 20 10:21:53.067351 osdx ca-certificates[262360]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:53.071044 osdx ca-certificates[262362]: done.
Mar 20 10:21:53.103514 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:53.147762 osdx WARNING[262429]: No supported link modes on interface eth0
Mar 20 10:21:53.149212 osdx modulelauncher[262429]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:53.149227 osdx modulelauncher[262429]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:53.150696 osdx modulelauncher[262429]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:53.150704 osdx modulelauncher[262429]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:53.263870 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:53.265101 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:53.276573 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:53.283444 osdx dnscrypt-proxy[262478]: dnscrypt-proxy 2.0.45
Mar 20 10:21:53.283523 osdx dnscrypt-proxy[262478]: Network connectivity detected
Mar 20 10:21:53.283751 osdx dnscrypt-proxy[262478]: Dropping privileges
Mar 20 10:21:53.286025 osdx dnscrypt-proxy[262478]: Network connectivity detected
Mar 20 10:21:53.286054 osdx dnscrypt-proxy[262478]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:53.286058 osdx dnscrypt-proxy[262478]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:53.286074 osdx dnscrypt-proxy[262478]: Firefox workaround initialized
Mar 20 10:21:53.286078 osdx dnscrypt-proxy[262478]: Loading the set of cloaking rules from [/tmp/tmpl_cwqyib]
Mar 20 10:21:53.310349 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:53.313388 osdx dnscrypt-proxy[262478]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 20 10:21:53.313402 osdx dnscrypt-proxy[262478]: [RD] OK (DoH) - rtt: 11ms
Mar 20 10:21:53.313408 osdx dnscrypt-proxy[262478]: Server with the lowest initial latency: RD (rtt: 11ms)
Mar 20 10:21:53.313412 osdx dnscrypt-proxy[262478]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:53.450435 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 20 10:21:53.713379 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:53.715503 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:53.715576 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:53.723765 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:53.994300 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:54.048174 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:54.169810 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:21:54.230899 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:54.330432 osdx ubnt-cfgd[262550]: inactive
Mar 20 10:21:54.354879 osdx dnscrypt-proxy[262478]: Stopped.
Mar 20 10:21:54.354914 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:21:54.355697 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:21:54.355799 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:54.410365 osdx WARNING[262614]: No supported link modes on interface eth0
Mar 20 10:21:54.411727 osdx modulelauncher[262614]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:54.411737 osdx modulelauncher[262614]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:54.412810 osdx modulelauncher[262614]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:54.412817 osdx modulelauncher[262614]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:54.428969 osdx ca-certificates[262639]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:21:54.716537 osdx ca-certificates[263217]: done.
Mar 20 10:21:54.720545 osdx ca-certificates[263225]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:55.200138 osdx ubnt-cfgd[264083]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:55.208081 osdx ca-certificates[264088]: 142 added, 0 removed; done.
Mar 20 10:21:55.210903 osdx ca-certificates[264095]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:55.213636 osdx ca-certificates[264097]: done.
Mar 20 10:21:55.227944 osdx INFO[264100]: FRR daemons did not change
Mar 20 10:21:55.228196 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:55.269443 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:55.295675 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:56.871301 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:57.426213 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:21:57.482639 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:21:57.584718 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:21:57.640045 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:21:57.739304 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:21:57.790547 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 20 10:21:57.888921 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 20 10:21:57.942136 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:21:58.065305 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:21:58.121072 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:21:58.226363 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:21:58.293417 osdx ubnt-cfgd[264134]: inactive
Mar 20 10:21:58.318562 osdx INFO[264142]: FRR daemons did not change
Mar 20 10:21:58.333037 osdx ca-certificates[264158]: Updating certificates in /etc/ssl/certs...
Mar 20 10:21:58.869375 osdx ubnt-cfgd[265170]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:21:58.877292 osdx ca-certificates[265176]: 1 added, 0 removed; done.
Mar 20 10:21:58.880309 osdx ca-certificates[265182]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:21:58.884093 osdx ca-certificates[265184]: done.
Mar 20 10:21:58.919508 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:21:58.965793 osdx WARNING[265251]: No supported link modes on interface eth0
Mar 20 10:21:58.967350 osdx modulelauncher[265251]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:21:58.967365 osdx modulelauncher[265251]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:21:58.968989 osdx modulelauncher[265251]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:21:58.969001 osdx modulelauncher[265251]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:21:59.099901 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:21:59.101351 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:21:59.115736 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:21:59.123899 osdx dnscrypt-proxy[265300]: dnscrypt-proxy 2.0.45
Mar 20 10:21:59.123991 osdx dnscrypt-proxy[265300]: Network connectivity detected
Mar 20 10:21:59.124199 osdx dnscrypt-proxy[265300]: Dropping privileges
Mar 20 10:21:59.126659 osdx dnscrypt-proxy[265300]: Network connectivity detected
Mar 20 10:21:59.126693 osdx dnscrypt-proxy[265300]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:21:59.126698 osdx dnscrypt-proxy[265300]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:21:59.126717 osdx dnscrypt-proxy[265300]: Firefox workaround initialized
Mar 20 10:21:59.126724 osdx dnscrypt-proxy[265300]: Loading the set of cloaking rules from [/tmp/tmpaiya2q11]
Mar 20 10:21:59.144838 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:21:59.155700 osdx dnscrypt-proxy[265300]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 20 10:21:59.155716 osdx dnscrypt-proxy[265300]: [RD] OK (DoH) - rtt: 9ms
Mar 20 10:21:59.155728 osdx dnscrypt-proxy[265300]: Server with the lowest initial latency: RD (rtt: 9ms)
Mar 20 10:21:59.155733 osdx dnscrypt-proxy[265300]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:21:59.317461 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 20 10:21:59.533017 osdx systemd-journald[2054]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free.
Mar 20 10:21:59.535502 osdx systemd-journald[2054]: Received client request to rotate journal, rotating.
Mar 20 10:21:59.535554 osdx systemd-journald[2054]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a.
Mar 20 10:21:59.542901 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'system journal clear'.
Mar 20 10:21:59.812053 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:21:59.872972 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'delete '.
Mar 20 10:21:59.985812 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 20 10:22:00.052803 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:22:00.171075 osdx ubnt-cfgd[265373]: inactive
Mar 20 10:22:00.197053 osdx dnscrypt-proxy[265300]: Stopped.
Mar 20 10:22:00.197107 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 20 10:22:00.198534 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 20 10:22:00.198668 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:22:00.260875 osdx WARNING[265437]: No supported link modes on interface eth0
Mar 20 10:22:00.262425 osdx modulelauncher[265437]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:22:00.262437 osdx modulelauncher[265437]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:22:00.263993 osdx modulelauncher[265437]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:22:00.264003 osdx modulelauncher[265437]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:22:00.279741 osdx ca-certificates[265462]: Clearing symlinks in /etc/ssl/certs...
Mar 20 10:22:00.557490 osdx ca-certificates[266039]: done.
Mar 20 10:22:00.560556 osdx ca-certificates[266048]: Updating certificates in /etc/ssl/certs...
Mar 20 10:22:01.015705 osdx ubnt-cfgd[266906]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:22:01.023733 osdx ca-certificates[266912]: 142 added, 0 removed; done.
Mar 20 10:22:01.026696 osdx ca-certificates[266918]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:22:01.030314 osdx ca-certificates[266920]: done.
Mar 20 10:22:01.030425 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Mar 20 10:22:01.045192 osdx INFO[266925]: FRR daemons did not change
Mar 20 10:22:01.045465 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:22:01.047485 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:22:01.067559 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:22:02.612800 osdx OSDxCLI[183021]: User 'admin' entered the configuration menu.
Mar 20 10:22:03.222811 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 20 10:22:03.280019 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 20 10:22:03.383361 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 20 10:22:03.439301 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 20 10:22:03.543377 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash f4497ee71a53d52ee4a7d76330057c4a3f34986666472f74c541bbcd7e41a847'.
Mar 20 10:22:03.638186 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 20 10:22:03.710339 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 20 10:22:03.798326 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 20 10:22:03.883256 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 20 10:22:03.961349 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 20 10:22:04.067995 osdx OSDxCLI[183021]: User 'admin' added a new cfg line: 'show working'.
Mar 20 10:22:04.132678 osdx ubnt-cfgd[266962]: inactive
Mar 20 10:22:04.156435 osdx INFO[266970]: FRR daemons did not change
Mar 20 10:22:04.169197 osdx ca-certificates[266986]: Updating certificates in /etc/ssl/certs...
Mar 20 10:22:04.695198 osdx ubnt-cfgd[267998]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 20 10:22:04.703534 osdx ca-certificates[268004]: 1 added, 0 removed; done.
Mar 20 10:22:04.706452 osdx ca-certificates[268010]: Running hooks in /etc/ca-certificates/update.d...
Mar 20 10:22:04.709998 osdx ca-certificates[268012]: done.
Mar 20 10:22:04.739531 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 20 10:22:04.782267 osdx WARNING[268079]: No supported link modes on interface eth0
Mar 20 10:22:04.783656 osdx modulelauncher[268079]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 20 10:22:04.783667 osdx modulelauncher[268079]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 20 10:22:04.784792 osdx modulelauncher[268079]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Mar 20 10:22:04.784800 osdx modulelauncher[268079]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Mar 20 10:22:04.883785 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 20 10:22:04.884953 osdx cfgd[1833]: [183021]Completed change to active configuration
Mar 20 10:22:04.896123 osdx OSDxCLI[183021]: User 'admin' committed the configuration.
Mar 20 10:22:04.904480 osdx dnscrypt-proxy[268128]: dnscrypt-proxy 2.0.45
Mar 20 10:22:04.904792 osdx dnscrypt-proxy[268128]: Network connectivity detected
Mar 20 10:22:04.905020 osdx dnscrypt-proxy[268128]: Dropping privileges
Mar 20 10:22:04.907457 osdx dnscrypt-proxy[268128]: Network connectivity detected
Mar 20 10:22:04.907503 osdx dnscrypt-proxy[268128]: Now listening to 127.0.0.1:53 [UDP]
Mar 20 10:22:04.907513 osdx dnscrypt-proxy[268128]: Now listening to 127.0.0.1:53 [TCP]
Mar 20 10:22:04.907533 osdx dnscrypt-proxy[268128]: Firefox workaround initialized
Mar 20 10:22:04.907539 osdx dnscrypt-proxy[268128]: Loading the set of cloaking rules from [/tmp/tmpy7cvmiyg]
Mar 20 10:22:04.924240 osdx OSDxCLI[183021]: User 'admin' left the configuration menu.
Mar 20 10:22:04.933693 osdx dnscrypt-proxy[268128]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 20 10:22:04.933709 osdx dnscrypt-proxy[268128]: [RD] OK (DoH) - rtt: 9ms
Mar 20 10:22:04.933718 osdx dnscrypt-proxy[268128]: Server with the lowest initial latency: RD (rtt: 9ms)
Mar 20 10:22:04.933722 osdx dnscrypt-proxy[268128]: dnscrypt-proxy is ready - live servers: 1
Mar 20 10:22:05.085849 osdx OSDxCLI[183021]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---