Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 05 21:30:47.283959 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:30:47.286969 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:30:47.287025 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:30:47.294044 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:30:47.498569 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 05 21:30:47.754873 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:30:47.839176 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:30:47.912801 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:30:47.974888 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:30:48.065732 osdx ubnt-cfgd[937168]: inactive
Mar 05 21:30:48.114389 osdx INFO[937174]: FRR daemons did not change
Mar 05 21:30:48.146976 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:30:48.187373 osdx WARNING[937243]: No supported link modes on interface eth0
Mar 05 21:30:48.188788 osdx modulelauncher[937243]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:30:48.188802 osdx modulelauncher[937243]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:30:48.191017 osdx modulelauncher[937243]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:30:48.191025 osdx modulelauncher[937243]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:30:48.230480 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:30:48.253500 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:30:48.271079 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:30:48.412143 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 05 21:30:48.481762 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 05 21:30:48.607079 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:30:48.669946 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:30:48.773146 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:30:48.834945 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:30:48.927025 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:30:48.984878 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:30:49.076183 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 05 21:30:49.128973 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:30:49.305166 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:30:49.355824 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:30:49.467053 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:30:49.536029 osdx ubnt-cfgd[937347]: inactive
Mar 05 21:30:49.557860 osdx INFO[937355]: FRR daemons did not change
Mar 05 21:30:49.570766 osdx ca-certificates[937371]: Updating certificates in /etc/ssl/certs...
Mar 05 21:30:50.084930 osdx ubnt-cfgd[938383]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:30:50.092958 osdx ca-certificates[938388]: 1 added, 0 removed; done.
Mar 05 21:30:50.095890 osdx ca-certificates[938395]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:30:50.099155 osdx ca-certificates[938397]: done.
Mar 05 21:30:50.167354 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:30:50.168559 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:30:50.170762 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:30:50.187459 osdx dnscrypt-proxy[938401]: dnscrypt-proxy 2.0.45
Mar 05 21:30:50.187537 osdx dnscrypt-proxy[938401]: Network connectivity detected
Mar 05 21:30:50.187761 osdx dnscrypt-proxy[938401]: Dropping privileges
Mar 05 21:30:50.189818 osdx dnscrypt-proxy[938401]: Network connectivity detected
Mar 05 21:30:50.189850 osdx dnscrypt-proxy[938401]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:30:50.189855 osdx dnscrypt-proxy[938401]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:30:50.189879 osdx dnscrypt-proxy[938401]: Firefox workaround initialized
Mar 05 21:30:50.189884 osdx dnscrypt-proxy[938401]: Loading the set of cloaking rules from [/tmp/tmpsty1y767]
Mar 05 21:30:50.190833 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:30:50.278586 osdx dnscrypt-proxy[938401]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 05 21:30:50.278600 osdx dnscrypt-proxy[938401]: [RD] OK (DoH) - rtt: 72ms
Mar 05 21:30:50.278607 osdx dnscrypt-proxy[938401]: Server with the lowest initial latency: RD (rtt: 72ms)
Mar 05 21:30:50.278610 osdx dnscrypt-proxy[938401]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:30:50.333594 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 05 21:30:57.309844 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:30:57.311753 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:30:57.311808 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:30:57.321439 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:30:57.530590 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 05 21:30:57.815397 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:30:57.912309 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:30:57.983207 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:30:58.087431 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:30:58.165782 osdx ubnt-cfgd[940122]: inactive
Mar 05 21:30:58.186235 osdx INFO[940128]: FRR daemons did not change
Mar 05 21:30:58.219754 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:30:58.268987 osdx WARNING[940197]: No supported link modes on interface eth0
Mar 05 21:30:58.270807 osdx modulelauncher[940197]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:30:58.270822 osdx modulelauncher[940197]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:30:58.272357 osdx modulelauncher[940197]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:30:58.272368 osdx modulelauncher[940197]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:30:58.314276 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:30:58.327381 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:30:58.345503 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:30:58.495114 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 05 21:30:58.563271 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 05 21:30:58.818814 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:30:58.926251 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:30:59.024786 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:30:59.093989 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:30:59.184413 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:30:59.249185 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:30:59.345459 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 05 21:30:59.398084 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:30:59.516244 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:30:59.566320 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:30:59.674233 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:30:59.749997 osdx ubnt-cfgd[940301]: inactive
Mar 05 21:30:59.768586 osdx INFO[940309]: FRR daemons did not change
Mar 05 21:30:59.779860 osdx ca-certificates[940325]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:00.293466 osdx ubnt-cfgd[941337]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:00.302386 osdx ca-certificates[941343]: 1 added, 0 removed; done.
Mar 05 21:31:00.305692 osdx ca-certificates[941349]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:00.308853 osdx ca-certificates[941351]: done.
Mar 05 21:31:00.396218 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:00.397930 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:00.417466 osdx dnscrypt-proxy[941355]: dnscrypt-proxy 2.0.45
Mar 05 21:31:00.417541 osdx dnscrypt-proxy[941355]: Network connectivity detected
Mar 05 21:31:00.417761 osdx dnscrypt-proxy[941355]: Dropping privileges
Mar 05 21:31:00.420000 osdx dnscrypt-proxy[941355]: Network connectivity detected
Mar 05 21:31:00.420032 osdx dnscrypt-proxy[941355]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:00.420036 osdx dnscrypt-proxy[941355]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:00.420049 osdx dnscrypt-proxy[941355]: Firefox workaround initialized
Mar 05 21:31:00.420053 osdx dnscrypt-proxy[941355]: Loading the set of cloaking rules from [/tmp/tmpv3z2twz6]
Mar 05 21:31:00.505500 osdx dnscrypt-proxy[941355]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 05 21:31:00.505518 osdx dnscrypt-proxy[941355]: [RD] OK (DoH) - rtt: 70ms
Mar 05 21:31:00.505525 osdx dnscrypt-proxy[941355]: Server with the lowest initial latency: RD (rtt: 70ms)
Mar 05 21:31:00.505529 osdx dnscrypt-proxy[941355]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:31:00.585282 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:00.601681 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:00.754418 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 05 21:31:00.974856 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:00.975827 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:00.975883 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:00.988502 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:01.321763 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:01.374021 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:01.481225 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:01.541822 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:01.638031 osdx ubnt-cfgd[941410]: inactive
Mar 05 21:31:01.699587 osdx dnscrypt-proxy[941355]: Stopped.
Mar 05 21:31:01.699617 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:01.700696 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:01.700828 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:01.758109 osdx WARNING[941474]: No supported link modes on interface eth0
Mar 05 21:31:01.759455 osdx modulelauncher[941474]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:01.759466 osdx modulelauncher[941474]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:01.760739 osdx modulelauncher[941474]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:01.760747 osdx modulelauncher[941474]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:01.777649 osdx ca-certificates[941499]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:02.072073 osdx ca-certificates[942076]: done.
Mar 05 21:31:02.075050 osdx ca-certificates[942085]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:02.508304 osdx ubnt-cfgd[942943]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:02.515993 osdx ca-certificates[942949]: 142 added, 0 removed; done.
Mar 05 21:31:02.518773 osdx ca-certificates[942955]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:02.521401 osdx ca-certificates[942957]: done.
Mar 05 21:31:02.535438 osdx INFO[942960]: FRR daemons did not change
Mar 05 21:31:02.535749 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:02.537959 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:02.571745 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:03.869262 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:03.928150 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:04.025254 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:04.093568 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:04.194160 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:04.328319 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:04.399996 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 05 21:31:04.501748 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:04.682474 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:04.736444 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:04.845192 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:04.904951 osdx ubnt-cfgd[942993]: inactive
Mar 05 21:31:04.929364 osdx INFO[943001]: FRR daemons did not change
Mar 05 21:31:04.943643 osdx ca-certificates[943017]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:05.524153 osdx ubnt-cfgd[944029]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:05.533959 osdx ca-certificates[944035]: 1 added, 0 removed; done.
Mar 05 21:31:05.537680 osdx ca-certificates[944041]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:05.541281 osdx ca-certificates[944043]: done.
Mar 05 21:31:05.575760 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:05.623758 osdx WARNING[944110]: No supported link modes on interface eth0
Mar 05 21:31:05.625611 osdx modulelauncher[944110]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:05.625625 osdx modulelauncher[944110]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:05.627008 osdx modulelauncher[944110]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:05.627022 osdx modulelauncher[944110]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:05.732142 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:05.733549 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:05.748300 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:05.756157 osdx dnscrypt-proxy[944159]: dnscrypt-proxy 2.0.45
Mar 05 21:31:05.756213 osdx dnscrypt-proxy[944159]: Network connectivity detected
Mar 05 21:31:05.756409 osdx dnscrypt-proxy[944159]: Dropping privileges
Mar 05 21:31:05.758711 osdx dnscrypt-proxy[944159]: Network connectivity detected
Mar 05 21:31:05.758746 osdx dnscrypt-proxy[944159]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:05.758751 osdx dnscrypt-proxy[944159]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:05.758770 osdx dnscrypt-proxy[944159]: Firefox workaround initialized
Mar 05 21:31:05.758776 osdx dnscrypt-proxy[944159]: Loading the set of cloaking rules from [/tmp/tmp5eujyf6i]
Mar 05 21:31:05.765989 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:05.858774 osdx dnscrypt-proxy[944159]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 05 21:31:05.858790 osdx dnscrypt-proxy[944159]: [RD] OK (DoH) - rtt: 83ms
Mar 05 21:31:05.858797 osdx dnscrypt-proxy[944159]: Server with the lowest initial latency: RD (rtt: 83ms)
Mar 05 21:31:05.858801 osdx dnscrypt-proxy[944159]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:31:05.909874 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 05 21:31:06.129713 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:06.131750 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:06.131817 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:06.140447 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:06.514579 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:06.576487 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:06.721318 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:06.804276 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:06.900938 osdx ubnt-cfgd[944230]: inactive
Mar 05 21:31:06.928027 osdx dnscrypt-proxy[944159]: Stopped.
Mar 05 21:31:06.928089 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:06.929455 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:06.929596 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:06.993360 osdx WARNING[944294]: No supported link modes on interface eth0
Mar 05 21:31:06.994894 osdx modulelauncher[944294]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:06.994913 osdx modulelauncher[944294]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:06.996208 osdx modulelauncher[944294]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:06.996218 osdx modulelauncher[944294]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:07.014362 osdx ca-certificates[944319]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:07.314749 osdx ca-certificates[944899]: done.
Mar 05 21:31:07.317786 osdx ca-certificates[944908]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:07.781012 osdx ubnt-cfgd[945765]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:07.790345 osdx ca-certificates[945771]: 142 added, 0 removed; done.
Mar 05 21:31:07.793176 osdx ca-certificates[945777]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:07.795853 osdx ca-certificates[945779]: done.
Mar 05 21:31:07.810449 osdx INFO[945782]: FRR daemons did not change
Mar 05 21:31:07.810764 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:07.879385 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:07.897930 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:09.190649 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:09.251310 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:09.353782 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:09.424823 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:09.532871 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:09.644713 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:09.701566 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 05 21:31:09.815383 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:09.909919 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:09.995039 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:10.091838 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:10.446839 osdx ubnt-cfgd[945815]: inactive
Mar 05 21:31:10.471026 osdx INFO[945823]: FRR daemons did not change
Mar 05 21:31:10.487528 osdx ca-certificates[945839]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:11.029901 osdx ubnt-cfgd[946851]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:11.038835 osdx ca-certificates[946856]: 1 added, 0 removed; done.
Mar 05 21:31:11.042532 osdx ca-certificates[946863]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:11.045464 osdx ca-certificates[946865]: done.
Mar 05 21:31:11.079757 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:11.122397 osdx WARNING[946932]: No supported link modes on interface eth0
Mar 05 21:31:11.123760 osdx modulelauncher[946932]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:11.123771 osdx modulelauncher[946932]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:11.124950 osdx modulelauncher[946932]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:11.124959 osdx modulelauncher[946932]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:11.224069 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:11.225428 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:11.237310 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:11.245086 osdx dnscrypt-proxy[946981]: dnscrypt-proxy 2.0.45
Mar 05 21:31:11.245157 osdx dnscrypt-proxy[946981]: Network connectivity detected
Mar 05 21:31:11.245376 osdx dnscrypt-proxy[946981]: Dropping privileges
Mar 05 21:31:11.247519 osdx dnscrypt-proxy[946981]: Network connectivity detected
Mar 05 21:31:11.247551 osdx dnscrypt-proxy[946981]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:11.247555 osdx dnscrypt-proxy[946981]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:11.247568 osdx dnscrypt-proxy[946981]: Firefox workaround initialized
Mar 05 21:31:11.247572 osdx dnscrypt-proxy[946981]: Loading the set of cloaking rules from [/tmp/tmpos3ttshg]
Mar 05 21:31:11.254296 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:11.334778 osdx dnscrypt-proxy[946981]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:31:11.334794 osdx dnscrypt-proxy[946981]: [RD] OK (DoH) - rtt: 68ms
Mar 05 21:31:11.334802 osdx dnscrypt-proxy[946981]: Server with the lowest initial latency: RD (rtt: 68ms)
Mar 05 21:31:11.334807 osdx dnscrypt-proxy[946981]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:31:11.416835 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 05 21:31:18.294578 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:18.298600 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:18.298654 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:18.305822 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:18.528424 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 05 21:31:18.795137 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:18.899885 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:18.982183 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:19.107157 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:19.169840 osdx ubnt-cfgd[948721]: inactive
Mar 05 21:31:19.188886 osdx INFO[948727]: FRR daemons did not change
Mar 05 21:31:19.218607 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:19.258968 osdx WARNING[948796]: No supported link modes on interface eth0
Mar 05 21:31:19.260629 osdx modulelauncher[948796]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:19.260641 osdx modulelauncher[948796]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:19.261839 osdx modulelauncher[948796]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:19.261847 osdx modulelauncher[948796]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:19.297589 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:19.308485 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:19.322909 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:19.491409 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 05 21:31:19.557523 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 05 21:31:19.703812 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:19.772895 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:19.891163 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:19.966225 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:20.065863 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:20.175594 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:20.230541 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:31:20.321711 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:20.449379 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:20.508912 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:20.619599 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:20.680743 osdx ubnt-cfgd[948900]: inactive
Mar 05 21:31:20.702754 osdx INFO[948908]: FRR daemons did not change
Mar 05 21:31:20.714685 osdx ca-certificates[948924]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:21.222068 osdx ubnt-cfgd[949936]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:21.230264 osdx ca-certificates[949941]: 1 added, 0 removed; done.
Mar 05 21:31:21.233034 osdx ca-certificates[949948]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:21.235653 osdx ca-certificates[949950]: done.
Mar 05 21:31:21.298916 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:21.300074 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:21.302189 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:21.316702 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:21.321812 osdx dnscrypt-proxy[949954]: dnscrypt-proxy 2.0.45
Mar 05 21:31:21.321867 osdx dnscrypt-proxy[949954]: Network connectivity detected
Mar 05 21:31:21.322054 osdx dnscrypt-proxy[949954]: Dropping privileges
Mar 05 21:31:21.323859 osdx dnscrypt-proxy[949954]: Network connectivity detected
Mar 05 21:31:21.323885 osdx dnscrypt-proxy[949954]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:21.323889 osdx dnscrypt-proxy[949954]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:21.323903 osdx dnscrypt-proxy[949954]: Firefox workaround initialized
Mar 05 21:31:21.323908 osdx dnscrypt-proxy[949954]: Loading the set of cloaking rules from [/tmp/tmphoivwkl2]
Mar 05 21:31:21.324677 osdx dnscrypt-proxy[949954]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 05 21:31:21.411295 osdx dnscrypt-proxy[949954]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:31:21.411317 osdx dnscrypt-proxy[949954]: [RD] OK (DoH) - rtt: 70ms
Mar 05 21:31:21.411326 osdx dnscrypt-proxy[949954]: Server with the lowest initial latency: RD (rtt: 70ms)
Mar 05 21:31:21.411332 osdx dnscrypt-proxy[949954]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 05 21:31:28.292672 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:28.296205 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:28.296266 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:28.302876 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:28.522142 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 05 21:31:28.741586 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:28.858664 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:28.912753 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:29.022463 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:29.077706 osdx ubnt-cfgd[951671]: inactive
Mar 05 21:31:29.096297 osdx INFO[951677]: FRR daemons did not change
Mar 05 21:31:29.124231 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:29.167070 osdx WARNING[951746]: No supported link modes on interface eth0
Mar 05 21:31:29.168426 osdx modulelauncher[951746]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:29.168437 osdx modulelauncher[951746]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:29.169565 osdx modulelauncher[951746]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:29.169574 osdx modulelauncher[951746]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:29.205919 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:29.218142 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:29.238161 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:29.390400 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 05 21:31:29.460936 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 05 21:31:29.632724 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:29.696674 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:29.815114 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:29.887963 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:29.980673 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:30.078683 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:30.133123 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:31:30.227146 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:30.326715 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:30.401348 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:30.466535 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:30.559283 osdx ubnt-cfgd[951850]: inactive
Mar 05 21:31:30.579050 osdx INFO[951858]: FRR daemons did not change
Mar 05 21:31:30.591494 osdx ca-certificates[951874]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:31.118665 osdx ubnt-cfgd[952886]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:31.126225 osdx ca-certificates[952892]: 1 added, 0 removed; done.
Mar 05 21:31:31.129017 osdx ca-certificates[952898]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:31.132524 osdx ca-certificates[952900]: done.
Mar 05 21:31:31.204564 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:31.206265 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:31.208515 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:31.231932 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:31.236466 osdx dnscrypt-proxy[952904]: dnscrypt-proxy 2.0.45
Mar 05 21:31:31.236551 osdx dnscrypt-proxy[952904]: Network connectivity detected
Mar 05 21:31:31.236832 osdx dnscrypt-proxy[952904]: Dropping privileges
Mar 05 21:31:31.239069 osdx dnscrypt-proxy[952904]: Network connectivity detected
Mar 05 21:31:31.239102 osdx dnscrypt-proxy[952904]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:31.239107 osdx dnscrypt-proxy[952904]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:31.239127 osdx dnscrypt-proxy[952904]: Firefox workaround initialized
Mar 05 21:31:31.239134 osdx dnscrypt-proxy[952904]: Loading the set of cloaking rules from [/tmp/tmpuxpjiegi]
Mar 05 21:31:31.240210 osdx dnscrypt-proxy[952904]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 05 21:31:31.340853 osdx dnscrypt-proxy[952904]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:31:31.340879 osdx dnscrypt-proxy[952904]: [RD] OK (DoH) - rtt: 85ms
Mar 05 21:31:31.340890 osdx dnscrypt-proxy[952904]: Server with the lowest initial latency: RD (rtt: 85ms)
Mar 05 21:31:31.340895 osdx dnscrypt-proxy[952904]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 05 21:31:31.484321 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:31.488203 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:31.488270 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:31.493518 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:31.750600 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:31.825647 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:31.941914 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:31.998983 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:32.094261 osdx ubnt-cfgd[952952]: inactive
Mar 05 21:31:32.114872 osdx dnscrypt-proxy[952904]: Stopped.
Mar 05 21:31:32.114945 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:32.115697 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:32.115803 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:32.174620 osdx WARNING[953016]: No supported link modes on interface eth0
Mar 05 21:31:32.176016 osdx modulelauncher[953016]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:32.176029 osdx modulelauncher[953016]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:32.177203 osdx modulelauncher[953016]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:32.177211 osdx modulelauncher[953016]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:32.192455 osdx ca-certificates[953041]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:32.473877 osdx ca-certificates[953619]: done.
Mar 05 21:31:32.477387 osdx ca-certificates[953628]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:32.925282 osdx ubnt-cfgd[954485]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:32.933615 osdx ca-certificates[954491]: 142 added, 0 removed; done.
Mar 05 21:31:32.936432 osdx ca-certificates[954497]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:32.939712 osdx ca-certificates[954499]: done.
Mar 05 21:31:32.955055 osdx INFO[954502]: FRR daemons did not change
Mar 05 21:31:32.955344 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:33.034925 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:33.052833 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:34.227406 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:34.283383 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:34.378750 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:34.438312 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:34.529619 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:34.587018 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:34.677296 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 05 21:31:34.728083 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:34.842004 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:34.897617 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:35.008405 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:35.072730 osdx ubnt-cfgd[954535]: inactive
Mar 05 21:31:35.097435 osdx INFO[954543]: FRR daemons did not change
Mar 05 21:31:35.110507 osdx ca-certificates[954559]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:35.603063 osdx ubnt-cfgd[955571]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:35.610710 osdx ca-certificates[955576]: 1 added, 0 removed; done.
Mar 05 21:31:35.613426 osdx ca-certificates[955583]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:35.615990 osdx ca-certificates[955585]: done.
Mar 05 21:31:35.648212 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:35.698481 osdx WARNING[955652]: No supported link modes on interface eth0
Mar 05 21:31:35.700504 osdx modulelauncher[955652]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:35.700524 osdx modulelauncher[955652]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:35.702437 osdx modulelauncher[955652]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:35.702449 osdx modulelauncher[955652]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:35.796493 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:35.797708 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:35.810520 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:35.819066 osdx dnscrypt-proxy[955701]: dnscrypt-proxy 2.0.45
Mar 05 21:31:35.819137 osdx dnscrypt-proxy[955701]: Network connectivity detected
Mar 05 21:31:35.819345 osdx dnscrypt-proxy[955701]: Dropping privileges
Mar 05 21:31:35.821494 osdx dnscrypt-proxy[955701]: Network connectivity detected
Mar 05 21:31:35.821524 osdx dnscrypt-proxy[955701]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:35.821528 osdx dnscrypt-proxy[955701]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:35.821547 osdx dnscrypt-proxy[955701]: Firefox workaround initialized
Mar 05 21:31:35.821550 osdx dnscrypt-proxy[955701]: Loading the set of cloaking rules from [/tmp/tmp0ln5mpsa]
Mar 05 21:31:35.822321 osdx dnscrypt-proxy[955701]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 05 21:31:35.826364 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:35.908756 osdx dnscrypt-proxy[955701]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:31:35.908774 osdx dnscrypt-proxy[955701]: [RD] OK (DoH) - rtt: 70ms
Mar 05 21:31:35.908784 osdx dnscrypt-proxy[955701]: Server with the lowest initial latency: RD (rtt: 70ms)
Mar 05 21:31:35.908788 osdx dnscrypt-proxy[955701]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Mar 05 21:31:36.088919 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:36.092210 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:36.092264 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:36.097956 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:36.353729 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:36.412225 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:36.524059 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:36.582514 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:36.678548 osdx ubnt-cfgd[955769]: inactive
Mar 05 21:31:36.703637 osdx dnscrypt-proxy[955701]: Stopped.
Mar 05 21:31:36.703755 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:36.704655 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:36.704783 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:36.764855 osdx WARNING[955833]: No supported link modes on interface eth0
Mar 05 21:31:36.766276 osdx modulelauncher[955833]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:36.766290 osdx modulelauncher[955833]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:36.767465 osdx modulelauncher[955833]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:36.767474 osdx modulelauncher[955833]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:36.782942 osdx ca-certificates[955858]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:37.064208 osdx ca-certificates[956436]: done.
Mar 05 21:31:37.067378 osdx ca-certificates[956444]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:37.578665 osdx ubnt-cfgd[957302]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:37.589496 osdx ca-certificates[957308]: 142 added, 0 removed; done.
Mar 05 21:31:37.592359 osdx ca-certificates[957314]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:37.595318 osdx ca-certificates[957316]: done.
Mar 05 21:31:37.609359 osdx INFO[957319]: FRR daemons did not change
Mar 05 21:31:37.609629 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:37.652915 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:37.669947 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:38.929288 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:38.986877 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:39.080561 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:39.143392 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:39.246348 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:39.356273 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:39.413293 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:31:39.577975 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 05 21:31:39.628805 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:39.798440 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:39.851303 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:40.030947 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:40.088781 osdx ubnt-cfgd[957353]: inactive
Mar 05 21:31:40.110899 osdx INFO[957361]: FRR daemons did not change
Mar 05 21:31:40.122059 osdx ca-certificates[957377]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:40.623432 osdx ubnt-cfgd[958389]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:40.630907 osdx ca-certificates[958395]: 1 added, 0 removed; done.
Mar 05 21:31:40.633768 osdx ca-certificates[958401]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:40.636501 osdx ca-certificates[958403]: done.
Mar 05 21:31:40.668217 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:40.712735 osdx WARNING[958470]: No supported link modes on interface eth0
Mar 05 21:31:40.714536 osdx modulelauncher[958470]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:40.714549 osdx modulelauncher[958470]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:40.715779 osdx modulelauncher[958470]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:40.715786 osdx modulelauncher[958470]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:40.804657 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:40.806431 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:40.822031 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:40.825630 osdx dnscrypt-proxy[958519]: dnscrypt-proxy 2.0.45
Mar 05 21:31:40.825702 osdx dnscrypt-proxy[958519]: Network connectivity detected
Mar 05 21:31:40.825908 osdx dnscrypt-proxy[958519]: Dropping privileges
Mar 05 21:31:40.828365 osdx dnscrypt-proxy[958519]: Network connectivity detected
Mar 05 21:31:40.828400 osdx dnscrypt-proxy[958519]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:40.828404 osdx dnscrypt-proxy[958519]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:40.828426 osdx dnscrypt-proxy[958519]: Firefox workaround initialized
Mar 05 21:31:40.828431 osdx dnscrypt-proxy[958519]: Loading the set of cloaking rules from [/tmp/tmpa9p5lldy]
Mar 05 21:31:40.829465 osdx dnscrypt-proxy[958519]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Mar 05 21:31:40.839878 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:40.920127 osdx dnscrypt-proxy[958519]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:31:40.920143 osdx dnscrypt-proxy[958519]: [RD] OK (DoH) - rtt: 74ms
Mar 05 21:31:40.920151 osdx dnscrypt-proxy[958519]: Server with the lowest initial latency: RD (rtt: 74ms)
Mar 05 21:31:40.920156 osdx dnscrypt-proxy[958519]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 05 21:31:47.393912 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:47.395135 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:47.395198 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:47.403445 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:47.614762 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system coredump delete all'.
Mar 05 21:31:47.846325 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:47.927964 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:48.003032 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:48.093197 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:48.151520 osdx ubnt-cfgd[960255]: inactive
Mar 05 21:31:48.169617 osdx INFO[960261]: FRR daemons did not change
Mar 05 21:31:48.199142 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:48.241323 osdx WARNING[960330]: No supported link modes on interface eth0
Mar 05 21:31:48.242663 osdx modulelauncher[960330]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:48.242674 osdx modulelauncher[960330]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:48.243845 osdx modulelauncher[960330]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:48.243852 osdx modulelauncher[960330]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:48.277290 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:48.310085 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:48.332388 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:48.481119 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Mar 05 21:31:48.549062 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal show | cat'.
Mar 05 21:31:48.719307 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:49.262118 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:49.316840 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:49.421053 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:49.475027 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:49.575042 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:49.626937 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:31:49.723709 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 05 21:31:49.783777 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:49.912842 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:49.962989 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:50.091228 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:50.163392 osdx ubnt-cfgd[960435]: inactive
Mar 05 21:31:50.182647 osdx INFO[960443]: FRR daemons did not change
Mar 05 21:31:50.195953 osdx ca-certificates[960459]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:50.741844 osdx ubnt-cfgd[961471]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:50.749905 osdx ca-certificates[961477]: 1 added, 0 removed; done.
Mar 05 21:31:50.752815 osdx ca-certificates[961483]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:50.755768 osdx ca-certificates[961485]: done.
Mar 05 21:31:50.819426 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:50.820519 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:50.822906 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:50.840115 osdx dnscrypt-proxy[961489]: dnscrypt-proxy 2.0.45
Mar 05 21:31:50.840196 osdx dnscrypt-proxy[961489]: Network connectivity detected
Mar 05 21:31:50.840418 osdx dnscrypt-proxy[961489]: Dropping privileges
Mar 05 21:31:50.842701 osdx dnscrypt-proxy[961489]: Network connectivity detected
Mar 05 21:31:50.842738 osdx dnscrypt-proxy[961489]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:50.842744 osdx dnscrypt-proxy[961489]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:50.842766 osdx dnscrypt-proxy[961489]: Firefox workaround initialized
Mar 05 21:31:50.842772 osdx dnscrypt-proxy[961489]: Loading the set of cloaking rules from [/tmp/tmp1egdwddv]
Mar 05 21:31:50.846576 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:50.932829 osdx dnscrypt-proxy[961489]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 05 21:31:50.932854 osdx dnscrypt-proxy[961489]: [RD] OK (DoH) - rtt: 74ms
Mar 05 21:31:50.932864 osdx dnscrypt-proxy[961489]: Server with the lowest initial latency: RD (rtt: 74ms)
Mar 05 21:31:50.932869 osdx dnscrypt-proxy[961489]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:31:51.022502 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 05 21:31:51.221986 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:51.223121 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:51.223219 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:51.233529 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:51.497087 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:51.550981 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:51.660365 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:51.718643 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:51.808909 osdx ubnt-cfgd[961542]: inactive
Mar 05 21:31:51.877066 osdx dnscrypt-proxy[961489]: Stopped.
Mar 05 21:31:51.877192 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:51.879341 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:51.879695 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:51.968429 osdx WARNING[961606]: No supported link modes on interface eth0
Mar 05 21:31:51.969753 osdx modulelauncher[961606]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:51.969764 osdx modulelauncher[961606]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:51.970836 osdx modulelauncher[961606]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:51.970843 osdx modulelauncher[961606]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:51.986615 osdx ca-certificates[961631]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:52.270875 osdx ca-certificates[962208]: done.
Mar 05 21:31:52.274063 osdx ca-certificates[962217]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:52.700974 osdx ubnt-cfgd[963075]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:52.708847 osdx ca-certificates[963080]: 142 added, 0 removed; done.
Mar 05 21:31:52.711657 osdx ca-certificates[963087]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:52.714274 osdx ca-certificates[963089]: done.
Mar 05 21:31:52.728686 osdx INFO[963092]: FRR daemons did not change
Mar 05 21:31:52.728965 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:52.731159 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:52.746105 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:54.032466 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:54.722300 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:31:54.776931 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:31:54.879598 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:31:54.932620 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:31:55.030782 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:31:55.091004 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:31:55.214478 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 05 21:31:55.268263 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:31:55.387707 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:31:55.441709 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:31:55.548320 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:55.637443 osdx ubnt-cfgd[963126]: inactive
Mar 05 21:31:55.659036 osdx INFO[963134]: FRR daemons did not change
Mar 05 21:31:55.673129 osdx ca-certificates[963150]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:56.223280 osdx ubnt-cfgd[964162]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:56.234358 osdx ca-certificates[964168]: 1 added, 0 removed; done.
Mar 05 21:31:56.237891 osdx ca-certificates[964174]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:56.240571 osdx ca-certificates[964176]: done.
Mar 05 21:31:56.279160 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:31:56.327675 osdx WARNING[964243]: No supported link modes on interface eth0
Mar 05 21:31:56.329122 osdx modulelauncher[964243]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:56.329134 osdx modulelauncher[964243]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:56.330737 osdx modulelauncher[964243]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:56.330745 osdx modulelauncher[964243]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:56.427504 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:56.428654 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:56.440222 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:56.446715 osdx dnscrypt-proxy[964292]: dnscrypt-proxy 2.0.45
Mar 05 21:31:56.446791 osdx dnscrypt-proxy[964292]: Network connectivity detected
Mar 05 21:31:56.447055 osdx dnscrypt-proxy[964292]: Dropping privileges
Mar 05 21:31:56.449819 osdx dnscrypt-proxy[964292]: Network connectivity detected
Mar 05 21:31:56.449850 osdx dnscrypt-proxy[964292]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:31:56.449854 osdx dnscrypt-proxy[964292]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:31:56.449877 osdx dnscrypt-proxy[964292]: Firefox workaround initialized
Mar 05 21:31:56.449887 osdx dnscrypt-proxy[964292]: Loading the set of cloaking rules from [/tmp/tmph58phsf_]
Mar 05 21:31:56.466402 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:56.536760 osdx dnscrypt-proxy[964292]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 05 21:31:56.536790 osdx dnscrypt-proxy[964292]: [RD] OK (DoH) - rtt: 69ms
Mar 05 21:31:56.536800 osdx dnscrypt-proxy[964292]: Server with the lowest initial latency: RD (rtt: 69ms)
Mar 05 21:31:56.536805 osdx dnscrypt-proxy[964292]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:31:56.646083 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 05 21:31:56.860401 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:31:56.863125 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:31:56.863179 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:31:56.871586 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:31:57.122972 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:31:57.190267 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:31:57.293211 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:31:57.421653 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:31:57.477004 osdx ubnt-cfgd[964364]: inactive
Mar 05 21:31:57.498416 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:31:57.498656 osdx dnscrypt-proxy[964292]: Stopped.
Mar 05 21:31:57.499680 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:31:57.499825 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:31:57.566702 osdx WARNING[964428]: No supported link modes on interface eth0
Mar 05 21:31:57.568186 osdx modulelauncher[964428]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:31:57.568198 osdx modulelauncher[964428]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:31:57.569386 osdx modulelauncher[964428]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:31:57.569394 osdx modulelauncher[964428]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:31:57.586689 osdx ca-certificates[964453]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:31:57.910625 osdx ca-certificates[965030]: done.
Mar 05 21:31:57.914371 osdx ca-certificates[965039]: Updating certificates in /etc/ssl/certs...
Mar 05 21:31:58.398764 osdx ubnt-cfgd[965897]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:31:58.406613 osdx ca-certificates[965902]: 142 added, 0 removed; done.
Mar 05 21:31:58.409715 osdx ca-certificates[965909]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:31:58.412421 osdx ca-certificates[965911]: done.
Mar 05 21:31:58.430586 osdx INFO[965914]: FRR daemons did not change
Mar 05 21:31:58.430870 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:31:58.470707 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:31:58.499893 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:31:59.717575 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:00.261498 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:32:00.316027 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:32:00.425612 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:32:00.480095 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:32:00.577397 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:32:00.627565 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Mar 05 21:32:00.721867 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 05 21:32:00.778498 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:32:00.914575 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:32:00.967489 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:32:01.070452 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:01.156412 osdx ubnt-cfgd[965951]: inactive
Mar 05 21:32:01.177440 osdx INFO[965959]: FRR daemons did not change
Mar 05 21:32:01.191765 osdx ca-certificates[965975]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:01.787189 osdx ubnt-cfgd[966987]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:01.795657 osdx ca-certificates[966993]: 1 added, 0 removed; done.
Mar 05 21:32:01.798921 osdx ca-certificates[966999]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:01.802870 osdx ca-certificates[967001]: done.
Mar 05 21:32:01.835164 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:32:01.880749 osdx WARNING[967068]: No supported link modes on interface eth0
Mar 05 21:32:01.882234 osdx modulelauncher[967068]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:01.882247 osdx modulelauncher[967068]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:01.883466 osdx modulelauncher[967068]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:01.883475 osdx modulelauncher[967068]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:01.979528 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:01.981075 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:01.994533 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:02.006647 osdx dnscrypt-proxy[967117]: dnscrypt-proxy 2.0.45
Mar 05 21:32:02.006720 osdx dnscrypt-proxy[967117]: Network connectivity detected
Mar 05 21:32:02.006938 osdx dnscrypt-proxy[967117]: Dropping privileges
Mar 05 21:32:02.008823 osdx dnscrypt-proxy[967117]: Network connectivity detected
Mar 05 21:32:02.008857 osdx dnscrypt-proxy[967117]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:32:02.008862 osdx dnscrypt-proxy[967117]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:32:02.008881 osdx dnscrypt-proxy[967117]: Firefox workaround initialized
Mar 05 21:32:02.008887 osdx dnscrypt-proxy[967117]: Loading the set of cloaking rules from [/tmp/tmpzrwjpru4]
Mar 05 21:32:02.012538 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:02.097346 osdx dnscrypt-proxy[967117]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:32:02.097368 osdx dnscrypt-proxy[967117]: [RD] OK (DoH) - rtt: 71ms
Mar 05 21:32:02.097378 osdx dnscrypt-proxy[967117]: Server with the lowest initial latency: RD (rtt: 71ms)
Mar 05 21:32:02.097383 osdx dnscrypt-proxy[967117]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:32:02.169315 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Mar 05 21:32:02.404606 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:32:02.407126 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:32:02.407205 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:32:02.416266 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:32:02.729951 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:02.805178 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:32:02.961287 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:32:03.021280 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:03.117421 osdx ubnt-cfgd[967188]: inactive
Mar 05 21:32:03.140714 osdx dnscrypt-proxy[967117]: Stopped.
Mar 05 21:32:03.140727 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:32:03.141740 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:32:03.141874 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:03.200012 osdx WARNING[967252]: No supported link modes on interface eth0
Mar 05 21:32:03.201379 osdx modulelauncher[967252]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:03.201391 osdx modulelauncher[967252]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:03.202499 osdx modulelauncher[967252]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:03.202507 osdx modulelauncher[967252]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:03.221339 osdx ca-certificates[967277]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:32:03.539999 osdx ca-certificates[967854]: done.
Mar 05 21:32:03.542818 osdx ca-certificates[967863]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:04.041016 osdx ubnt-cfgd[968721]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:04.049466 osdx ca-certificates[968727]: 142 added, 0 removed; done.
Mar 05 21:32:04.053112 osdx ca-certificates[968733]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:04.056628 osdx ca-certificates[968735]: done.
Mar 05 21:32:04.072448 osdx INFO[968738]: FRR daemons did not change
Mar 05 21:32:04.072728 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:04.102440 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:04.132463 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:05.311657 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:05.898197 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:32:05.953915 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:32:06.087953 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:32:06.153739 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:32:06.278422 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:32:06.333946 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 05 21:32:06.419826 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Mar 05 21:32:06.488894 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:32:06.615723 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:32:06.670575 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:32:06.785658 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:06.862974 osdx ubnt-cfgd[968772]: inactive
Mar 05 21:32:06.885626 osdx INFO[968780]: FRR daemons did not change
Mar 05 21:32:06.897765 osdx ca-certificates[968796]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:07.414675 osdx ubnt-cfgd[969808]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:07.422791 osdx ca-certificates[969814]: 1 added, 0 removed; done.
Mar 05 21:32:07.425628 osdx ca-certificates[969820]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:07.428537 osdx ca-certificates[969822]: done.
Mar 05 21:32:07.455153 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:32:07.499003 osdx WARNING[969889]: No supported link modes on interface eth0
Mar 05 21:32:07.500372 osdx modulelauncher[969889]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:07.500385 osdx modulelauncher[969889]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:07.501490 osdx modulelauncher[969889]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:07.501497 osdx modulelauncher[969889]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:07.615435 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:07.616584 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:07.628270 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:07.636092 osdx dnscrypt-proxy[969938]: dnscrypt-proxy 2.0.45
Mar 05 21:32:07.636159 osdx dnscrypt-proxy[969938]: Network connectivity detected
Mar 05 21:32:07.636360 osdx dnscrypt-proxy[969938]: Dropping privileges
Mar 05 21:32:07.638282 osdx dnscrypt-proxy[969938]: Network connectivity detected
Mar 05 21:32:07.638310 osdx dnscrypt-proxy[969938]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:32:07.638314 osdx dnscrypt-proxy[969938]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:32:07.638331 osdx dnscrypt-proxy[969938]: Firefox workaround initialized
Mar 05 21:32:07.638335 osdx dnscrypt-proxy[969938]: Loading the set of cloaking rules from [/tmp/tmpbgosugus]
Mar 05 21:32:07.657337 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:07.729592 osdx dnscrypt-proxy[969938]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Mar 05 21:32:07.729612 osdx dnscrypt-proxy[969938]: [RD] OK (DoH) - rtt: 70ms
Mar 05 21:32:07.729619 osdx dnscrypt-proxy[969938]: Server with the lowest initial latency: RD (rtt: 70ms)
Mar 05 21:32:07.729623 osdx dnscrypt-proxy[969938]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:32:07.822463 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Mar 05 21:32:08.022732 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:32:08.023177 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:32:08.023207 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:32:08.033690 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:32:08.341209 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:08.434132 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:32:08.611480 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:32:08.696826 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:08.809448 osdx ubnt-cfgd[970011]: inactive
Mar 05 21:32:08.833119 osdx dnscrypt-proxy[969938]: Stopped.
Mar 05 21:32:08.833174 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:32:08.834358 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:32:08.834471 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:08.898720 osdx WARNING[970075]: No supported link modes on interface eth0
Mar 05 21:32:08.900271 osdx modulelauncher[970075]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:08.900285 osdx modulelauncher[970075]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:08.901433 osdx modulelauncher[970075]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:08.901441 osdx modulelauncher[970075]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:08.919270 osdx ca-certificates[970100]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:32:09.219153 osdx ca-certificates[970677]: done.
Mar 05 21:32:09.222310 osdx ca-certificates[970686]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:09.690247 osdx ubnt-cfgd[971544]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:09.698913 osdx ca-certificates[971549]: 142 added, 0 removed; done.
Mar 05 21:32:09.701905 osdx ca-certificates[971556]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:09.704838 osdx ca-certificates[971558]: done.
Mar 05 21:32:09.720749 osdx INFO[971561]: FRR daemons did not change
Mar 05 21:32:09.721095 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:09.749908 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:09.765357 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:11.117983 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:11.696341 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:32:11.749758 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:32:11.850886 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:32:11.903011 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:32:12.001197 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:32:12.051043 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 05 21:32:12.146215 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Mar 05 21:32:12.196657 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:32:12.330590 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:32:12.414967 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:32:12.499739 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:12.596337 osdx ubnt-cfgd[971595]: inactive
Mar 05 21:32:12.621277 osdx INFO[971603]: FRR daemons did not change
Mar 05 21:32:12.634284 osdx ca-certificates[971619]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:13.150968 osdx ubnt-cfgd[972631]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:13.158565 osdx ca-certificates[972636]: 1 added, 0 removed; done.
Mar 05 21:32:13.161360 osdx ca-certificates[972643]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:13.164061 osdx ca-certificates[972645]: done.
Mar 05 21:32:13.199136 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:32:13.243697 osdx WARNING[972712]: No supported link modes on interface eth0
Mar 05 21:32:13.245010 osdx modulelauncher[972712]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:13.245021 osdx modulelauncher[972712]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:13.246137 osdx modulelauncher[972712]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:13.246143 osdx modulelauncher[972712]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:13.371568 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:13.372833 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:13.384560 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:13.391544 osdx dnscrypt-proxy[972761]: dnscrypt-proxy 2.0.45
Mar 05 21:32:13.391600 osdx dnscrypt-proxy[972761]: Network connectivity detected
Mar 05 21:32:13.391785 osdx dnscrypt-proxy[972761]: Dropping privileges
Mar 05 21:32:13.393776 osdx dnscrypt-proxy[972761]: Network connectivity detected
Mar 05 21:32:13.393805 osdx dnscrypt-proxy[972761]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:32:13.393809 osdx dnscrypt-proxy[972761]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:32:13.393827 osdx dnscrypt-proxy[972761]: Firefox workaround initialized
Mar 05 21:32:13.393832 osdx dnscrypt-proxy[972761]: Loading the set of cloaking rules from [/tmp/tmpakakbg3o]
Mar 05 21:32:13.403699 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:13.489771 osdx dnscrypt-proxy[972761]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Mar 05 21:32:13.489794 osdx dnscrypt-proxy[972761]: [RD] OK (DoH) - rtt: 76ms
Mar 05 21:32:13.489804 osdx dnscrypt-proxy[972761]: Server with the lowest initial latency: RD (rtt: 76ms)
Mar 05 21:32:13.489814 osdx dnscrypt-proxy[972761]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:32:13.535126 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Mar 05 21:32:13.750116 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free.
Mar 05 21:32:13.751145 osdx systemd-journald[466780]: Received client request to rotate journal, rotating.
Mar 05 21:32:13.751194 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838.
Mar 05 21:32:13.761053 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'system journal clear'.
Mar 05 21:32:14.010434 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:14.065892 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'delete '.
Mar 05 21:32:14.222350 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Mar 05 21:32:14.279222 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:14.387199 osdx ubnt-cfgd[972833]: inactive
Mar 05 21:32:14.407902 osdx dnscrypt-proxy[972761]: Stopped.
Mar 05 21:32:14.407969 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Mar 05 21:32:14.408932 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Mar 05 21:32:14.409045 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:14.467208 osdx WARNING[972897]: No supported link modes on interface eth0
Mar 05 21:32:14.468576 osdx modulelauncher[972897]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:14.468587 osdx modulelauncher[972897]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:14.469717 osdx modulelauncher[972897]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:14.469724 osdx modulelauncher[972897]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:14.487038 osdx ca-certificates[972922]: Clearing symlinks in /etc/ssl/certs...
Mar 05 21:32:14.764555 osdx ca-certificates[973500]: done.
Mar 05 21:32:14.767855 osdx ca-certificates[973508]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:15.210958 osdx ubnt-cfgd[974366]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:15.219187 osdx ca-certificates[974372]: 142 added, 0 removed; done.
Mar 05 21:32:15.222051 osdx ca-certificates[974378]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:15.224983 osdx ca-certificates[974380]: done.
Mar 05 21:32:15.240007 osdx INFO[974383]: FRR daemons did not change
Mar 05 21:32:15.240275 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:15.259513 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:15.275383 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:16.525700 osdx OSDxCLI[849840]: User 'admin' entered the configuration menu.
Mar 05 21:32:17.030946 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Mar 05 21:32:17.139576 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Mar 05 21:32:17.196196 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Mar 05 21:32:17.297580 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Mar 05 21:32:17.351799 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Mar 05 21:32:17.449265 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash a91e708969927d2f5720bb78c799ea1656d98ed9fbeabfca48887da4ed4634cd'.
Mar 05 21:32:17.499717 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Mar 05 21:32:17.594209 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Mar 05 21:32:17.646638 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Mar 05 21:32:17.770699 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Mar 05 21:32:17.821978 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Mar 05 21:32:17.942702 osdx OSDxCLI[849840]: User 'admin' added a new cfg line: 'show working'.
Mar 05 21:32:18.019406 osdx ubnt-cfgd[974419]: inactive
Mar 05 21:32:18.042483 osdx INFO[974427]: FRR daemons did not change
Mar 05 21:32:18.055575 osdx ca-certificates[974443]: Updating certificates in /etc/ssl/certs...
Mar 05 21:32:18.597398 osdx ubnt-cfgd[975455]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Mar 05 21:32:18.605407 osdx ca-certificates[975461]: 1 added, 0 removed; done.
Mar 05 21:32:18.609256 osdx ca-certificates[975467]: Running hooks in /etc/ca-certificates/update.d...
Mar 05 21:32:18.612922 osdx ca-certificates[975469]: done.
Mar 05 21:32:18.647126 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Mar 05 21:32:18.697010 osdx WARNING[975536]: No supported link modes on interface eth0
Mar 05 21:32:18.698456 osdx modulelauncher[975536]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Mar 05 21:32:18.698469 osdx modulelauncher[975536]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Mar 05 21:32:18.699793 osdx modulelauncher[975536]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Mar 05 21:32:18.699802 osdx modulelauncher[975536]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Mar 05 21:32:18.819591 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Mar 05 21:32:18.820974 osdx cfgd[1863]: [849840]Completed change to active configuration
Mar 05 21:32:18.836094 osdx OSDxCLI[849840]: User 'admin' committed the configuration.
Mar 05 21:32:18.839634 osdx dnscrypt-proxy[975585]: dnscrypt-proxy 2.0.45
Mar 05 21:32:18.839703 osdx dnscrypt-proxy[975585]: Network connectivity detected
Mar 05 21:32:18.839949 osdx dnscrypt-proxy[975585]: Dropping privileges
Mar 05 21:32:18.842115 osdx dnscrypt-proxy[975585]: Network connectivity detected
Mar 05 21:32:18.842150 osdx dnscrypt-proxy[975585]: Now listening to 127.0.0.1:53 [UDP]
Mar 05 21:32:18.842155 osdx dnscrypt-proxy[975585]: Now listening to 127.0.0.1:53 [TCP]
Mar 05 21:32:18.842174 osdx dnscrypt-proxy[975585]: Firefox workaround initialized
Mar 05 21:32:18.842179 osdx dnscrypt-proxy[975585]: Loading the set of cloaking rules from [/tmp/tmpkt7k1m2_]
Mar 05 21:32:18.858161 osdx OSDxCLI[849840]: User 'admin' left the configuration menu.
Mar 05 21:32:18.938051 osdx dnscrypt-proxy[975585]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Mar 05 21:32:18.938065 osdx dnscrypt-proxy[975585]: [RD] OK (DoH) - rtt: 77ms
Mar 05 21:32:18.938071 osdx dnscrypt-proxy[975585]: Server with the lowest initial latency: RD (rtt: 77ms)
Mar 05 21:32:18.938076 osdx dnscrypt-proxy[975585]: dnscrypt-proxy is ready - live servers: 1
Mar 05 21:32:19.013021 osdx OSDxCLI[849840]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---