Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 23 10:22:18.282829 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:18.285322 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:18.285372 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:18.292015 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:18.497021 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 10:22:18.750949 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:18.831955 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:18.916709 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:18.978207 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:19.068784 osdx ubnt-cfgd[242218]: inactive Mar 23 10:22:19.086940 osdx INFO[242224]: FRR daemons did not change Mar 23 10:22:19.117327 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:19.165542 osdx WARNING[242293]: No supported link modes on interface eth0 Mar 23 10:22:19.167079 osdx modulelauncher[242293]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:19.167093 osdx modulelauncher[242293]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:19.168290 osdx modulelauncher[242293]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:19.168297 osdx modulelauncher[242293]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:19.202396 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:19.214006 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:19.229670 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:19.374005 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 23 10:22:19.438895 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal show | cat'. Mar 23 10:22:19.613424 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:19.671337 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:19.759357 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:19.820131 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:19.912684 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:19.973716 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:20.067534 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 23 10:22:20.125619 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:20.243488 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:20.295528 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:20.401122 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:20.466636 osdx ubnt-cfgd[242397]: inactive Mar 23 10:22:20.491272 osdx INFO[242405]: FRR daemons did not change Mar 23 10:22:20.505986 osdx ca-certificates[242421]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:21.009688 osdx ubnt-cfgd[243433]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:21.017555 osdx ca-certificates[243438]: 1 added, 0 removed; done. Mar 23 10:22:21.021246 osdx ca-certificates[243445]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:21.024816 osdx ca-certificates[243447]: done. Mar 23 10:22:21.077618 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:21.078855 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:21.080908 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:21.097547 osdx dnscrypt-proxy[243451]: dnscrypt-proxy 2.0.45 Mar 23 10:22:21.097586 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:21.097620 osdx dnscrypt-proxy[243451]: Network connectivity detected Mar 23 10:22:21.097855 osdx dnscrypt-proxy[243451]: Dropping privileges Mar 23 10:22:21.100346 osdx dnscrypt-proxy[243451]: Network connectivity detected Mar 23 10:22:21.100386 osdx dnscrypt-proxy[243451]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:22:21.100391 osdx dnscrypt-proxy[243451]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:22:21.100410 osdx dnscrypt-proxy[243451]: Firefox workaround initialized Mar 23 10:22:21.100416 osdx dnscrypt-proxy[243451]: Loading the set of cloaking rules from [/tmp/tmpbdbj10nc] Mar 23 10:22:21.127273 osdx dnscrypt-proxy[243451]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 23 10:22:21.127289 osdx dnscrypt-proxy[243451]: [RD] OK (DoH) - rtt: 10ms Mar 23 10:22:21.127297 osdx dnscrypt-proxy[243451]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 23 10:22:21.127302 osdx dnscrypt-proxy[243451]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:22:21.238587 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 23 10:22:28.284707 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:28.285311 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:28.285352 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:28.294946 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:28.499400 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 10:22:28.725807 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:28.814486 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:28.885488 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:28.986465 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:29.045185 osdx ubnt-cfgd[245171]: inactive Mar 23 10:22:29.064629 osdx INFO[245177]: FRR daemons did not change Mar 23 10:22:29.092779 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:29.133997 osdx WARNING[245246]: No supported link modes on interface eth0 Mar 23 10:22:29.135363 osdx modulelauncher[245246]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:29.135379 osdx modulelauncher[245246]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:29.136695 osdx modulelauncher[245246]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:29.136702 osdx modulelauncher[245246]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:29.174522 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:29.188225 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:29.203790 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:29.344958 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 23 10:22:29.409660 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal show | cat'. Mar 23 10:22:29.602203 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:29.659570 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:29.755557 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:29.816881 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:29.907215 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:29.962321 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:30.055732 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 23 10:22:30.107193 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:30.225922 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:30.277301 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:30.378584 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:30.438772 osdx ubnt-cfgd[245350]: inactive Mar 23 10:22:30.458205 osdx INFO[245358]: FRR daemons did not change Mar 23 10:22:30.469751 osdx ca-certificates[245374]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:30.977535 osdx ubnt-cfgd[246386]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:30.985398 osdx ca-certificates[246391]: 1 added, 0 removed; done. Mar 23 10:22:30.988203 osdx ca-certificates[246398]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:30.990779 osdx ca-certificates[246400]: done. Mar 23 10:22:31.065204 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:31.066509 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:31.069577 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:31.086815 osdx dnscrypt-proxy[246404]: dnscrypt-proxy 2.0.45 Mar 23 10:22:31.086879 osdx dnscrypt-proxy[246404]: Network connectivity detected Mar 23 10:22:31.087069 osdx dnscrypt-proxy[246404]: Dropping privileges Mar 23 10:22:31.089629 osdx dnscrypt-proxy[246404]: Network connectivity detected Mar 23 10:22:31.089666 osdx dnscrypt-proxy[246404]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:22:31.089671 osdx dnscrypt-proxy[246404]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:22:31.089690 osdx dnscrypt-proxy[246404]: Firefox workaround initialized Mar 23 10:22:31.089695 osdx dnscrypt-proxy[246404]: Loading the set of cloaking rules from [/tmp/tmpi8eflloo] Mar 23 10:22:31.090646 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:31.117282 osdx dnscrypt-proxy[246404]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 23 10:22:31.117295 osdx dnscrypt-proxy[246404]: [RD] OK (DoH) - rtt: 13ms Mar 23 10:22:31.117302 osdx dnscrypt-proxy[246404]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 23 10:22:31.117306 osdx dnscrypt-proxy[246404]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:22:31.247553 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 23 10:22:31.450710 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:31.452779 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:31.452844 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:31.459960 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:31.708177 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:31.762475 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:22:31.872139 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:22:31.928303 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:32.021323 osdx ubnt-cfgd[246458]: inactive Mar 23 10:22:32.042616 osdx dnscrypt-proxy[246404]: Stopped. Mar 23 10:22:32.042674 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:22:32.043569 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:22:32.043694 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:32.096169 osdx WARNING[246522]: No supported link modes on interface eth0 Mar 23 10:22:32.097853 osdx modulelauncher[246522]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:32.097871 osdx modulelauncher[246522]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:32.099082 osdx modulelauncher[246522]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:32.099091 osdx modulelauncher[246522]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:32.115425 osdx ca-certificates[246547]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:22:32.404905 osdx ca-certificates[247124]: done. Mar 23 10:22:32.407945 osdx ca-certificates[247133]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:32.888305 osdx ubnt-cfgd[247991]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:32.896383 osdx ca-certificates[247996]: 142 added, 0 removed; done. Mar 23 10:22:32.899198 osdx ca-certificates[248003]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:32.902269 osdx ca-certificates[248005]: done. Mar 23 10:22:32.921081 osdx INFO[248008]: FRR daemons did not change Mar 23 10:22:32.921415 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:32.923832 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:32.954421 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:34.128898 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:34.185278 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:34.285142 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:34.344794 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:34.445788 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:34.543842 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:34.595092 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 23 10:22:34.688075 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:34.765411 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:34.839317 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:34.962609 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:35.032101 osdx ubnt-cfgd[248041]: inactive Mar 23 10:22:35.053416 osdx INFO[248049]: FRR daemons did not change Mar 23 10:22:35.065795 osdx ca-certificates[248064]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:35.594368 osdx ubnt-cfgd[249077]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:35.602022 osdx ca-certificates[249083]: 1 added, 0 removed; done. Mar 23 10:22:35.604720 osdx ca-certificates[249089]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:35.607378 osdx ca-certificates[249091]: done. Mar 23 10:22:35.636773 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:35.677133 osdx WARNING[249158]: No supported link modes on interface eth0 Mar 23 10:22:35.678495 osdx modulelauncher[249158]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:35.678508 osdx modulelauncher[249158]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:35.679621 osdx modulelauncher[249158]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:35.679629 osdx modulelauncher[249158]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:35.777055 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:35.778315 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:35.790242 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:35.795479 osdx dnscrypt-proxy[249207]: dnscrypt-proxy 2.0.45 Mar 23 10:22:35.795552 osdx dnscrypt-proxy[249207]: Network connectivity detected Mar 23 10:22:35.795780 osdx dnscrypt-proxy[249207]: Dropping privileges Mar 23 10:22:35.798092 osdx dnscrypt-proxy[249207]: Network connectivity detected Mar 23 10:22:35.798122 osdx dnscrypt-proxy[249207]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:22:35.798127 osdx dnscrypt-proxy[249207]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:22:35.798142 osdx dnscrypt-proxy[249207]: Firefox workaround initialized Mar 23 10:22:35.798146 osdx dnscrypt-proxy[249207]: Loading the set of cloaking rules from [/tmp/tmpx1tktgio] Mar 23 10:22:35.806566 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:35.829803 osdx dnscrypt-proxy[249207]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 23 10:22:35.829828 osdx dnscrypt-proxy[249207]: [RD] OK (DoH) - rtt: 13ms Mar 23 10:22:35.829837 osdx dnscrypt-proxy[249207]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 23 10:22:35.829843 osdx dnscrypt-proxy[249207]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:22:35.952870 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 23 10:22:36.172695 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:36.173126 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:36.173154 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:36.182908 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:36.463785 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:36.522362 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:22:36.651283 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:22:36.711072 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:36.836779 osdx ubnt-cfgd[249279]: inactive Mar 23 10:22:36.859803 osdx dnscrypt-proxy[249207]: Stopped. Mar 23 10:22:36.859887 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:22:36.861031 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:22:36.861152 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:36.926189 osdx WARNING[249343]: No supported link modes on interface eth0 Mar 23 10:22:36.927550 osdx modulelauncher[249343]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:36.927565 osdx modulelauncher[249343]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:36.928728 osdx modulelauncher[249343]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:36.928735 osdx modulelauncher[249343]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:36.944696 osdx ca-certificates[249368]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:22:37.244164 osdx ca-certificates[249945]: done. Mar 23 10:22:37.247660 osdx ca-certificates[249954]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:37.754761 osdx ubnt-cfgd[250812]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:37.765170 osdx ca-certificates[250817]: 142 added, 0 removed; done. Mar 23 10:22:37.768793 osdx ca-certificates[250824]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:37.772337 osdx ca-certificates[250826]: done. Mar 23 10:22:37.789518 osdx INFO[250829]: FRR daemons did not change Mar 23 10:22:37.789802 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:37.800243 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:37.836628 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:39.171223 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:39.227015 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:39.320719 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:39.380487 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:39.499657 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:39.596629 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:39.648066 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 23 10:22:39.743188 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:39.831517 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:39.897090 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:40.001046 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:40.061729 osdx ubnt-cfgd[250862]: inactive Mar 23 10:22:40.083649 osdx INFO[250870]: FRR daemons did not change Mar 23 10:22:40.095125 osdx ca-certificates[250886]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:40.627064 osdx ubnt-cfgd[251898]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:40.635736 osdx ca-certificates[251904]: 1 added, 0 removed; done. Mar 23 10:22:40.638602 osdx ca-certificates[251910]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:40.642162 osdx ca-certificates[251912]: done. Mar 23 10:22:40.672768 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:40.711087 osdx WARNING[251979]: No supported link modes on interface eth0 Mar 23 10:22:40.712386 osdx modulelauncher[251979]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:40.712399 osdx modulelauncher[251979]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:40.713500 osdx modulelauncher[251979]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:40.713507 osdx modulelauncher[251979]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:40.821159 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:40.822431 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:40.836910 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:40.845093 osdx dnscrypt-proxy[252028]: dnscrypt-proxy 2.0.45 Mar 23 10:22:40.845155 osdx dnscrypt-proxy[252028]: Network connectivity detected Mar 23 10:22:40.845360 osdx dnscrypt-proxy[252028]: Dropping privileges Mar 23 10:22:40.847442 osdx dnscrypt-proxy[252028]: Network connectivity detected Mar 23 10:22:40.847484 osdx dnscrypt-proxy[252028]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:22:40.847489 osdx dnscrypt-proxy[252028]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:22:40.847510 osdx dnscrypt-proxy[252028]: Firefox workaround initialized Mar 23 10:22:40.847516 osdx dnscrypt-proxy[252028]: Loading the set of cloaking rules from [/tmp/tmpl295pfcw] Mar 23 10:22:40.871972 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:40.876842 osdx dnscrypt-proxy[252028]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:22:40.876862 osdx dnscrypt-proxy[252028]: [RD] OK (DoH) - rtt: 11ms Mar 23 10:22:40.876871 osdx dnscrypt-proxy[252028]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 23 10:22:40.876876 osdx dnscrypt-proxy[252028]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:22:41.030138 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 23 10:22:48.300430 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:48.304457 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:48.304524 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:48.312514 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:48.542604 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 10:22:48.776708 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:48.860251 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:48.933746 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:48.995143 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:49.089700 osdx ubnt-cfgd[253770]: inactive Mar 23 10:22:49.110744 osdx INFO[253776]: FRR daemons did not change Mar 23 10:22:49.172469 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:49.219111 osdx WARNING[253845]: No supported link modes on interface eth0 Mar 23 10:22:49.220888 osdx modulelauncher[253845]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:49.220902 osdx modulelauncher[253845]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:49.222522 osdx modulelauncher[253845]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:49.222531 osdx modulelauncher[253845]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:49.258122 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:49.269242 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:49.302005 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:49.446064 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 23 10:22:49.520505 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal show | cat'. Mar 23 10:22:49.704284 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:49.762753 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:49.859757 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:49.921189 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:50.023629 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:50.119598 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:50.170572 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:22:50.264995 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:50.377601 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:50.427199 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:50.549459 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:50.611909 osdx ubnt-cfgd[253949]: inactive Mar 23 10:22:50.642772 osdx INFO[253957]: FRR daemons did not change Mar 23 10:22:50.662076 osdx ca-certificates[253973]: Updating certificates in /etc/ssl/certs... Mar 23 10:22:51.184973 osdx ubnt-cfgd[254985]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:22:51.193184 osdx ca-certificates[254990]: 1 added, 0 removed; done. Mar 23 10:22:51.195970 osdx ca-certificates[254997]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:22:51.198621 osdx ca-certificates[254999]: done. Mar 23 10:22:51.256719 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:22:51.258796 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:51.260915 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:51.275766 osdx dnscrypt-proxy[255003]: dnscrypt-proxy 2.0.45 Mar 23 10:22:51.275843 osdx dnscrypt-proxy[255003]: Network connectivity detected Mar 23 10:22:51.276078 osdx dnscrypt-proxy[255003]: Dropping privileges Mar 23 10:22:51.278129 osdx dnscrypt-proxy[255003]: Network connectivity detected Mar 23 10:22:51.278160 osdx dnscrypt-proxy[255003]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:22:51.278163 osdx dnscrypt-proxy[255003]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:22:51.278181 osdx dnscrypt-proxy[255003]: Firefox workaround initialized Mar 23 10:22:51.278186 osdx dnscrypt-proxy[255003]: Loading the set of cloaking rules from [/tmp/tmpthmpulcb] Mar 23 10:22:51.278906 osdx dnscrypt-proxy[255003]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 23 10:22:51.280231 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:51.311775 osdx dnscrypt-proxy[255003]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:22:51.311791 osdx dnscrypt-proxy[255003]: [RD] OK (DoH) - rtt: 13ms Mar 23 10:22:51.311799 osdx dnscrypt-proxy[255003]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 23 10:22:51.311803 osdx dnscrypt-proxy[255003]: dnscrypt-proxy is ready - live servers: 1
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 23 10:22:57.000241 osdx systemd-timedated[159026]: Changed local time to Mon 2026-03-23 10:22:57 UTC Mar 23 10:22:57.001918 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'set date 2026-03-23 10:22:57'. Mar 23 10:22:57.004061 osdx systemd-journald[2086]: Time jumped backwards, rotating. Mar 23 10:22:57.312092 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:22:57.316071 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:22:57.316158 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:22:57.321850 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:22:57.584728 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 10:22:57.820755 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:57.910300 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:57.977325 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:58.094423 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:58.158008 osdx ubnt-cfgd[256723]: inactive Mar 23 10:22:58.180874 osdx INFO[256729]: FRR daemons did not change Mar 23 10:22:58.216067 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:22:58.261709 osdx WARNING[256798]: No supported link modes on interface eth0 Mar 23 10:22:58.263118 osdx modulelauncher[256798]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:22:58.263132 osdx modulelauncher[256798]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:22:58.264417 osdx modulelauncher[256798]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:22:58.264425 osdx modulelauncher[256798]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:22:58.300053 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:22:58.311142 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:22:58.326631 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:22:58.476337 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 23 10:22:58.543999 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal show | cat'. Mar 23 10:22:58.852146 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:22:58.960486 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:22:59.021575 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:22:59.127374 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:22:59.188346 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:22:59.285442 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:22:59.357559 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:22:59.466238 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:22:59.573220 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:22:59.655645 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:22:59.763653 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:22:59.839625 osdx ubnt-cfgd[256902]: inactive Mar 23 10:22:59.859484 osdx INFO[256910]: FRR daemons did not change Mar 23 10:22:59.870992 osdx ca-certificates[256926]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:00.391417 osdx ubnt-cfgd[257938]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:00.399283 osdx ca-certificates[257944]: 1 added, 0 removed; done. Mar 23 10:23:00.401991 osdx ca-certificates[257950]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:00.404657 osdx ca-certificates[257952]: done. Mar 23 10:23:00.468405 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:00.470394 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:00.472507 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:00.487727 osdx dnscrypt-proxy[257956]: dnscrypt-proxy 2.0.45 Mar 23 10:23:00.487805 osdx dnscrypt-proxy[257956]: Network connectivity detected Mar 23 10:23:00.488083 osdx dnscrypt-proxy[257956]: Dropping privileges Mar 23 10:23:00.488761 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:00.490442 osdx dnscrypt-proxy[257956]: Network connectivity detected Mar 23 10:23:00.490481 osdx dnscrypt-proxy[257956]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:00.490486 osdx dnscrypt-proxy[257956]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:00.490507 osdx dnscrypt-proxy[257956]: Firefox workaround initialized Mar 23 10:23:00.490514 osdx dnscrypt-proxy[257956]: Loading the set of cloaking rules from [/tmp/tmpme6tmq9m] Mar 23 10:23:00.491312 osdx dnscrypt-proxy[257956]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 23 10:23:00.530352 osdx dnscrypt-proxy[257956]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:23:00.530381 osdx dnscrypt-proxy[257956]: [RD] OK (DoH) - rtt: 13ms Mar 23 10:23:00.530390 osdx dnscrypt-proxy[257956]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 23 10:23:00.530395 osdx dnscrypt-proxy[257956]: dnscrypt-proxy is ready - live servers: 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 23 10:23:00.749106 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:00.752069 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:00.752129 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:00.761920 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:01.049853 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:01.125888 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:01.279640 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:01.341492 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:01.475743 osdx ubnt-cfgd[258008]: inactive Mar 23 10:23:01.501274 osdx dnscrypt-proxy[257956]: Stopped. Mar 23 10:23:01.501434 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:01.503185 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:01.503372 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:01.570818 osdx WARNING[258072]: No supported link modes on interface eth0 Mar 23 10:23:01.572725 osdx modulelauncher[258072]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:01.572747 osdx modulelauncher[258072]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:01.574160 osdx modulelauncher[258072]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:01.574172 osdx modulelauncher[258072]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:01.594375 osdx ca-certificates[258097]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:01.894439 osdx ca-certificates[258675]: done. Mar 23 10:23:01.898136 osdx ca-certificates[258687]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:02.327600 osdx ubnt-cfgd[259541]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:02.336796 osdx ca-certificates[259546]: 142 added, 0 removed; done. Mar 23 10:23:02.340532 osdx ca-certificates[259553]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:02.343241 osdx ca-certificates[259555]: done. Mar 23 10:23:02.360486 osdx INFO[259558]: FRR daemons did not change Mar 23 10:23:02.360744 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:02.362697 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:02.385251 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:03.581850 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:03.661589 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:03.768789 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:03.835848 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:03.927780 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:04.009295 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:04.095012 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 23 10:23:04.151084 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:04.272150 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:04.366672 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:04.436674 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:04.558804 osdx ubnt-cfgd[259592]: inactive Mar 23 10:23:04.587112 osdx INFO[259600]: FRR daemons did not change Mar 23 10:23:04.599571 osdx ca-certificates[259616]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:05.154769 osdx ubnt-cfgd[260628]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:05.163829 osdx ca-certificates[260634]: 1 added, 0 removed; done. Mar 23 10:23:05.166741 osdx ca-certificates[260640]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:05.170381 osdx ca-certificates[260642]: done. Mar 23 10:23:05.204065 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:05.253796 osdx WARNING[260709]: No supported link modes on interface eth0 Mar 23 10:23:05.255281 osdx modulelauncher[260709]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:05.255299 osdx modulelauncher[260709]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:05.256553 osdx modulelauncher[260709]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:05.256563 osdx modulelauncher[260709]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:05.360432 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:05.361696 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:05.373590 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:05.389169 osdx dnscrypt-proxy[260758]: dnscrypt-proxy 2.0.45 Mar 23 10:23:05.389238 osdx dnscrypt-proxy[260758]: Network connectivity detected Mar 23 10:23:05.389452 osdx dnscrypt-proxy[260758]: Dropping privileges Mar 23 10:23:05.391544 osdx dnscrypt-proxy[260758]: Network connectivity detected Mar 23 10:23:05.391580 osdx dnscrypt-proxy[260758]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:05.391584 osdx dnscrypt-proxy[260758]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:05.391601 osdx dnscrypt-proxy[260758]: Firefox workaround initialized Mar 23 10:23:05.391606 osdx dnscrypt-proxy[260758]: Loading the set of cloaking rules from [/tmp/tmpo705h7fj] Mar 23 10:23:05.392639 osdx dnscrypt-proxy[260758]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 23 10:23:05.401988 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:05.422078 osdx dnscrypt-proxy[260758]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:23:05.422109 osdx dnscrypt-proxy[260758]: [RD] OK (DoH) - rtt: 11ms Mar 23 10:23:05.422119 osdx dnscrypt-proxy[260758]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 23 10:23:05.422125 osdx dnscrypt-proxy[260758]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
Mar 23 10:23:05.673156 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.9M, max 13.8M, 11.9M free. Mar 23 10:23:05.676091 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:05.676181 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:05.684030 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:05.994506 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:06.090682 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:06.321623 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:06.390156 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:06.494840 osdx ubnt-cfgd[260826]: inactive Mar 23 10:23:06.517117 osdx dnscrypt-proxy[260758]: Stopped. Mar 23 10:23:06.517222 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:06.518262 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:06.518390 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:06.579949 osdx WARNING[260890]: No supported link modes on interface eth0 Mar 23 10:23:06.581267 osdx modulelauncher[260890]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:06.581280 osdx modulelauncher[260890]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:06.582386 osdx modulelauncher[260890]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:06.582394 osdx modulelauncher[260890]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:06.597969 osdx ca-certificates[260915]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:06.884654 osdx ca-certificates[261493]: done. Mar 23 10:23:06.887673 osdx ca-certificates[261502]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:07.347822 osdx ubnt-cfgd[262359]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:07.355958 osdx ca-certificates[262365]: 142 added, 0 removed; done. Mar 23 10:23:07.358848 osdx ca-certificates[262371]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:07.361531 osdx ca-certificates[262373]: done. Mar 23 10:23:07.375940 osdx INFO[262376]: FRR daemons did not change Mar 23 10:23:07.376237 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:07.415820 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:07.441540 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:08.749849 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:08.813435 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:08.904066 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:08.978200 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:09.065865 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:09.123270 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:09.238090 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:23:09.298357 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 23 10:23:09.391176 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:09.477443 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:09.545278 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:09.641057 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:09.710228 osdx ubnt-cfgd[262410]: inactive Mar 23 10:23:09.733307 osdx INFO[262418]: FRR daemons did not change Mar 23 10:23:09.747559 osdx ca-certificates[262434]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:10.300126 osdx ubnt-cfgd[263446]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:10.308112 osdx ca-certificates[263452]: 1 added, 0 removed; done. Mar 23 10:23:10.310988 osdx ca-certificates[263458]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:10.313708 osdx ca-certificates[263460]: done. Mar 23 10:23:10.340063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:10.385270 osdx WARNING[263527]: No supported link modes on interface eth0 Mar 23 10:23:10.386809 osdx modulelauncher[263527]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:10.386823 osdx modulelauncher[263527]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:10.388017 osdx modulelauncher[263527]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:10.388025 osdx modulelauncher[263527]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:10.484422 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:10.485719 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:10.500524 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:10.504942 osdx dnscrypt-proxy[263576]: dnscrypt-proxy 2.0.45 Mar 23 10:23:10.506039 osdx dnscrypt-proxy[263576]: Network connectivity detected Mar 23 10:23:10.506291 osdx dnscrypt-proxy[263576]: Dropping privileges Mar 23 10:23:10.508703 osdx dnscrypt-proxy[263576]: Network connectivity detected Mar 23 10:23:10.508731 osdx dnscrypt-proxy[263576]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:10.508735 osdx dnscrypt-proxy[263576]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:10.508755 osdx dnscrypt-proxy[263576]: Firefox workaround initialized Mar 23 10:23:10.508760 osdx dnscrypt-proxy[263576]: Loading the set of cloaking rules from [/tmp/tmpstnxt1t1] Mar 23 10:23:10.509683 osdx dnscrypt-proxy[263576]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Mar 23 10:23:10.539845 osdx dnscrypt-proxy[263576]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:23:10.539866 osdx dnscrypt-proxy[263576]: [RD] OK (DoH) - rtt: 11ms Mar 23 10:23:10.539875 osdx dnscrypt-proxy[263576]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 23 10:23:10.539884 osdx dnscrypt-proxy[263576]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:10.547486 osdx OSDxCLI[140369]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 23 10:23:18.295356 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:18.298234 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:18.298285 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:18.304822 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:18.501330 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system coredump delete all'. Mar 23 10:23:18.709088 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:18.813856 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:18.878085 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:18.970245 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:19.030546 osdx ubnt-cfgd[265311]: inactive Mar 23 10:23:19.048286 osdx INFO[265317]: FRR daemons did not change Mar 23 10:23:19.078216 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:19.123017 osdx WARNING[265386]: No supported link modes on interface eth0 Mar 23 10:23:19.124843 osdx modulelauncher[265386]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:19.124859 osdx modulelauncher[265386]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:19.126234 osdx modulelauncher[265386]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:19.126243 osdx modulelauncher[265386]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:19.165738 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:19.176821 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:19.199480 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:19.344612 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 23 10:23:19.410012 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal show | cat'. Mar 23 10:23:19.626794 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:20.278778 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:20.341395 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:20.437175 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:20.497315 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:20.609182 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:20.662925 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:23:20.795564 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 23 10:23:20.904564 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:21.042598 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:21.109214 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:21.229512 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:21.321618 osdx ubnt-cfgd[265491]: inactive Mar 23 10:23:21.344620 osdx INFO[265499]: FRR daemons did not change Mar 23 10:23:21.358186 osdx ca-certificates[265515]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:21.916182 osdx ubnt-cfgd[266527]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:21.924459 osdx ca-certificates[266533]: 1 added, 0 removed; done. Mar 23 10:23:21.927385 osdx ca-certificates[266539]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:21.930222 osdx ca-certificates[266541]: done. Mar 23 10:23:21.990612 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:21.992099 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:21.994435 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:22.010912 osdx dnscrypt-proxy[266545]: dnscrypt-proxy 2.0.45 Mar 23 10:23:22.010984 osdx dnscrypt-proxy[266545]: Network connectivity detected Mar 23 10:23:22.011190 osdx dnscrypt-proxy[266545]: Dropping privileges Mar 23 10:23:22.013270 osdx dnscrypt-proxy[266545]: Network connectivity detected Mar 23 10:23:22.013305 osdx dnscrypt-proxy[266545]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:22.013310 osdx dnscrypt-proxy[266545]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:22.013330 osdx dnscrypt-proxy[266545]: Firefox workaround initialized Mar 23 10:23:22.013336 osdx dnscrypt-proxy[266545]: Loading the set of cloaking rules from [/tmp/tmp1i9w8m5d] Mar 23 10:23:22.022911 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:22.046516 osdx dnscrypt-proxy[266545]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 23 10:23:22.046529 osdx dnscrypt-proxy[266545]: [RD] OK (DoH) - rtt: 10ms Mar 23 10:23:22.046540 osdx dnscrypt-proxy[266545]: Server with the lowest initial latency: RD (rtt: 10ms) Mar 23 10:23:22.046545 osdx dnscrypt-proxy[266545]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:22.199628 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 23 10:23:22.428342 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:22.430210 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:22.430277 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:22.438583 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:22.775181 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:22.840923 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:22.945315 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:23.006575 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:23.101510 osdx ubnt-cfgd[266596]: inactive Mar 23 10:23:23.123863 osdx dnscrypt-proxy[266545]: Stopped. Mar 23 10:23:23.123945 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:23.124893 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:23.125032 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:23.182352 osdx WARNING[266660]: No supported link modes on interface eth0 Mar 23 10:23:23.183735 osdx modulelauncher[266660]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:23.183750 osdx modulelauncher[266660]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:23.184942 osdx modulelauncher[266660]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:23.184950 osdx modulelauncher[266660]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:23.202459 osdx ca-certificates[266685]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:23.508859 osdx ca-certificates[267262]: done. Mar 23 10:23:23.512168 osdx ca-certificates[267271]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:23.974701 osdx ubnt-cfgd[268129]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:23.982910 osdx ca-certificates[268134]: 142 added, 0 removed; done. Mar 23 10:23:23.986229 osdx ca-certificates[268141]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:23.989729 osdx ca-certificates[268143]: done. Mar 23 10:23:24.006683 osdx INFO[268146]: FRR daemons did not change Mar 23 10:23:24.006943 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:24.042510 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:24.061955 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:25.266262 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:25.842818 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:25.897260 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:26.002110 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:26.060462 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:26.172236 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:26.238335 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:23:26.359457 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 23 10:23:26.414220 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:26.544437 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:26.599172 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:26.710170 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:26.773442 osdx ubnt-cfgd[268180]: inactive Mar 23 10:23:26.798357 osdx INFO[268188]: FRR daemons did not change Mar 23 10:23:26.811830 osdx ca-certificates[268204]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:27.376843 osdx ubnt-cfgd[269216]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:27.385128 osdx ca-certificates[269221]: 1 added, 0 removed; done. Mar 23 10:23:27.388937 osdx ca-certificates[269228]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:27.392281 osdx ca-certificates[269230]: done. Mar 23 10:23:27.430241 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:27.491528 osdx WARNING[269297]: No supported link modes on interface eth0 Mar 23 10:23:27.493445 osdx modulelauncher[269297]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:27.493462 osdx modulelauncher[269297]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:27.495037 osdx modulelauncher[269297]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:27.495046 osdx modulelauncher[269297]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:27.614642 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:27.616173 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:27.631462 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:27.637697 osdx dnscrypt-proxy[269346]: dnscrypt-proxy 2.0.45 Mar 23 10:23:27.637768 osdx dnscrypt-proxy[269346]: Network connectivity detected Mar 23 10:23:27.637995 osdx dnscrypt-proxy[269346]: Dropping privileges Mar 23 10:23:27.641153 osdx dnscrypt-proxy[269346]: Network connectivity detected Mar 23 10:23:27.641193 osdx dnscrypt-proxy[269346]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:27.641198 osdx dnscrypt-proxy[269346]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:27.641222 osdx dnscrypt-proxy[269346]: Firefox workaround initialized Mar 23 10:23:27.641228 osdx dnscrypt-proxy[269346]: Loading the set of cloaking rules from [/tmp/tmpf8mnmgi4] Mar 23 10:23:27.656983 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:27.676917 osdx dnscrypt-proxy[269346]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 23 10:23:27.676985 osdx dnscrypt-proxy[269346]: [RD] OK (DoH) - rtt: 13ms Mar 23 10:23:27.676994 osdx dnscrypt-proxy[269346]: Server with the lowest initial latency: RD (rtt: 13ms) Mar 23 10:23:27.677000 osdx dnscrypt-proxy[269346]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:27.810757 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 23 10:23:28.023487 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:28.026207 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:28.026262 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:28.034381 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:28.273821 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:28.327844 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:28.453641 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:28.516381 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:28.600995 osdx ubnt-cfgd[269418]: inactive Mar 23 10:23:28.626580 osdx dnscrypt-proxy[269346]: Stopped. Mar 23 10:23:28.626669 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:28.627355 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:28.627485 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:28.686484 osdx WARNING[269482]: No supported link modes on interface eth0 Mar 23 10:23:28.687993 osdx modulelauncher[269482]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:28.688025 osdx modulelauncher[269482]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:28.689216 osdx modulelauncher[269482]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:28.689225 osdx modulelauncher[269482]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:28.705561 osdx ca-certificates[269507]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:28.997880 osdx ca-certificates[270084]: done. Mar 23 10:23:29.000799 osdx ca-certificates[270093]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:29.475693 osdx ubnt-cfgd[270951]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:29.483697 osdx ca-certificates[270957]: 142 added, 0 removed; done. Mar 23 10:23:29.487307 osdx ca-certificates[270963]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:29.490759 osdx ca-certificates[270965]: done. Mar 23 10:23:29.507211 osdx INFO[270968]: FRR daemons did not change Mar 23 10:23:29.507508 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:29.522937 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:29.537322 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:30.673111 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:31.233651 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:31.289710 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:31.395964 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:31.454439 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:31.552875 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:31.604209 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Mar 23 10:23:31.699236 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 23 10:23:31.753416 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:31.875459 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:31.926379 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:32.040666 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:32.111080 osdx ubnt-cfgd[271002]: inactive Mar 23 10:23:32.134684 osdx INFO[271010]: FRR daemons did not change Mar 23 10:23:32.148465 osdx ca-certificates[271026]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:32.680719 osdx ubnt-cfgd[272038]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:32.689305 osdx ca-certificates[272044]: 1 added, 0 removed; done. Mar 23 10:23:32.692974 osdx ca-certificates[272050]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:32.696528 osdx ca-certificates[272052]: done. Mar 23 10:23:32.726220 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:32.766541 osdx WARNING[272119]: No supported link modes on interface eth0 Mar 23 10:23:32.768150 osdx modulelauncher[272119]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:32.768163 osdx modulelauncher[272119]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:32.769589 osdx modulelauncher[272119]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:32.769597 osdx modulelauncher[272119]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:32.870603 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:32.871884 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:32.886578 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:32.889526 osdx dnscrypt-proxy[272168]: dnscrypt-proxy 2.0.45 Mar 23 10:23:32.889659 osdx dnscrypt-proxy[272168]: Network connectivity detected Mar 23 10:23:32.889847 osdx dnscrypt-proxy[272168]: Dropping privileges Mar 23 10:23:32.892114 osdx dnscrypt-proxy[272168]: Network connectivity detected Mar 23 10:23:32.892146 osdx dnscrypt-proxy[272168]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:32.892150 osdx dnscrypt-proxy[272168]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:32.892165 osdx dnscrypt-proxy[272168]: Firefox workaround initialized Mar 23 10:23:32.892170 osdx dnscrypt-proxy[272168]: Loading the set of cloaking rules from [/tmp/tmpluafghxu] Mar 23 10:23:32.914389 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:32.922234 osdx dnscrypt-proxy[272168]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:23:32.922257 osdx dnscrypt-proxy[272168]: [RD] OK (DoH) - rtt: 11ms Mar 23 10:23:32.922267 osdx dnscrypt-proxy[272168]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 23 10:23:32.922273 osdx dnscrypt-proxy[272168]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:33.075781 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
Mar 23 10:23:33.275910 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:33.278205 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:33.278281 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:33.287300 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:33.540941 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:33.594420 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:33.720652 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:33.787289 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:33.883321 osdx ubnt-cfgd[272240]: inactive Mar 23 10:23:33.907120 osdx dnscrypt-proxy[272168]: Stopped. Mar 23 10:23:33.907199 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:33.908120 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:33.908269 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:33.971802 osdx WARNING[272304]: No supported link modes on interface eth0 Mar 23 10:23:33.973193 osdx modulelauncher[272304]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:33.973208 osdx modulelauncher[272304]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:33.974391 osdx modulelauncher[272304]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:33.974401 osdx modulelauncher[272304]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:33.992749 osdx ca-certificates[272329]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:34.303474 osdx ca-certificates[272906]: done. Mar 23 10:23:34.306278 osdx ca-certificates[272915]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:34.781031 osdx ubnt-cfgd[273773]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:34.791620 osdx ca-certificates[273779]: 142 added, 0 removed; done. Mar 23 10:23:34.794455 osdx ca-certificates[273785]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:34.797139 osdx ca-certificates[273787]: done. Mar 23 10:23:34.812994 osdx INFO[273790]: FRR daemons did not change Mar 23 10:23:34.813321 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:34.837371 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:34.852675 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:36.167473 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:36.740758 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:36.798308 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:36.899987 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:36.968965 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:37.070391 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:37.134287 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 23 10:23:37.228449 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Mar 23 10:23:37.282925 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:37.405697 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:37.474993 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:37.612461 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:37.680111 osdx ubnt-cfgd[273824]: inactive Mar 23 10:23:37.703046 osdx INFO[273832]: FRR daemons did not change Mar 23 10:23:37.717300 osdx ca-certificates[273848]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:38.262683 osdx ubnt-cfgd[274860]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:38.272702 osdx ca-certificates[274866]: 1 added, 0 removed; done. Mar 23 10:23:38.275925 osdx ca-certificates[274872]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:38.279080 osdx ca-certificates[274874]: done. Mar 23 10:23:38.310215 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:38.354049 osdx WARNING[274941]: No supported link modes on interface eth0 Mar 23 10:23:38.355846 osdx modulelauncher[274941]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:38.355862 osdx modulelauncher[274941]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:38.357090 osdx modulelauncher[274941]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:38.357099 osdx modulelauncher[274941]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:38.462566 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:38.465281 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:38.479222 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:38.487316 osdx dnscrypt-proxy[274990]: dnscrypt-proxy 2.0.45 Mar 23 10:23:38.487403 osdx dnscrypt-proxy[274990]: Network connectivity detected Mar 23 10:23:38.487650 osdx dnscrypt-proxy[274990]: Dropping privileges Mar 23 10:23:38.490206 osdx dnscrypt-proxy[274990]: Network connectivity detected Mar 23 10:23:38.490246 osdx dnscrypt-proxy[274990]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:38.490256 osdx dnscrypt-proxy[274990]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:38.490277 osdx dnscrypt-proxy[274990]: Firefox workaround initialized Mar 23 10:23:38.490282 osdx dnscrypt-proxy[274990]: Loading the set of cloaking rules from [/tmp/tmppd5e5eca] Mar 23 10:23:38.499407 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:38.523085 osdx dnscrypt-proxy[274990]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Mar 23 10:23:38.523107 osdx dnscrypt-proxy[274990]: [RD] OK (DoH) - rtt: 12ms Mar 23 10:23:38.523117 osdx dnscrypt-proxy[274990]: Server with the lowest initial latency: RD (rtt: 12ms) Mar 23 10:23:38.523122 osdx dnscrypt-proxy[274990]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:38.653668 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
Mar 23 10:23:38.855496 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:38.858211 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:38.858282 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:38.865172 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:39.102282 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:39.157197 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:39.280461 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:39.337718 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:39.428182 osdx ubnt-cfgd[275062]: inactive Mar 23 10:23:39.450093 osdx dnscrypt-proxy[274990]: Stopped. Mar 23 10:23:39.450180 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:39.451302 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:39.451421 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:39.510405 osdx WARNING[275126]: No supported link modes on interface eth0 Mar 23 10:23:39.512158 osdx modulelauncher[275126]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:39.512171 osdx modulelauncher[275126]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:39.513392 osdx modulelauncher[275126]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:39.513399 osdx modulelauncher[275126]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:39.531344 osdx ca-certificates[275152]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:39.846479 osdx ca-certificates[275729]: done. Mar 23 10:23:39.850138 osdx ca-certificates[275737]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:40.308097 osdx ubnt-cfgd[276596]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:40.316231 osdx ca-certificates[276602]: 142 added, 0 removed; done. Mar 23 10:23:40.318922 osdx ca-certificates[276608]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:40.321551 osdx ca-certificates[276610]: done. Mar 23 10:23:40.338955 osdx INFO[276613]: FRR daemons did not change Mar 23 10:23:40.339221 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:40.380546 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:40.396446 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:41.721684 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:42.315847 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:42.373914 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:42.482341 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:42.539429 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:42.640333 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:42.692777 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 23 10:23:42.786347 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Mar 23 10:23:42.848106 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:42.963572 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:43.016166 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:43.115104 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:43.181799 osdx ubnt-cfgd[276647]: inactive Mar 23 10:23:43.205835 osdx INFO[276655]: FRR daemons did not change Mar 23 10:23:43.222049 osdx ca-certificates[276670]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:43.767462 osdx ubnt-cfgd[277683]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:43.775144 osdx ca-certificates[277688]: 1 added, 0 removed; done. Mar 23 10:23:43.778810 osdx ca-certificates[277695]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:43.782362 osdx ca-certificates[277697]: done. Mar 23 10:23:43.814212 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:43.864289 osdx WARNING[277764]: No supported link modes on interface eth0 Mar 23 10:23:43.865757 osdx modulelauncher[277764]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:43.865773 osdx modulelauncher[277764]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:43.866963 osdx modulelauncher[277764]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:43.866973 osdx modulelauncher[277764]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:43.962629 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:43.964096 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:43.976605 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:43.991533 osdx dnscrypt-proxy[277813]: dnscrypt-proxy 2.0.45 Mar 23 10:23:43.991634 osdx dnscrypt-proxy[277813]: Network connectivity detected Mar 23 10:23:43.991918 osdx dnscrypt-proxy[277813]: Dropping privileges Mar 23 10:23:43.994577 osdx dnscrypt-proxy[277813]: Network connectivity detected Mar 23 10:23:43.994608 osdx dnscrypt-proxy[277813]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:43.994611 osdx dnscrypt-proxy[277813]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:43.994635 osdx dnscrypt-proxy[277813]: Firefox workaround initialized Mar 23 10:23:43.994641 osdx dnscrypt-proxy[277813]: Loading the set of cloaking rules from [/tmp/tmpttrgntdp] Mar 23 10:23:43.995898 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:44.026997 osdx dnscrypt-proxy[277813]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Mar 23 10:23:44.027018 osdx dnscrypt-proxy[277813]: [RD] OK (DoH) - rtt: 11ms Mar 23 10:23:44.027025 osdx dnscrypt-proxy[277813]: Server with the lowest initial latency: RD (rtt: 11ms) Mar 23 10:23:44.027029 osdx dnscrypt-proxy[277813]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:44.174102 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0 set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set system certificate trust 'running://remote.dns-server.crt' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
;; communications error to ::1#53: connection refused ;; communications error to ::1#53: connection refused teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
Mar 23 10:23:44.450138 osdx systemd-journald[2086]: Runtime Journal (/run/log/journal/6b3b4e4818aa404284bc644df40f6904) is 1.8M, max 13.8M, 11.9M free. Mar 23 10:23:44.451043 osdx systemd-journald[2086]: Received client request to rotate journal, rotating. Mar 23 10:23:44.451153 osdx systemd-journald[2086]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6b3b4e4818aa404284bc644df40f6904. Mar 23 10:23:44.464269 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'system journal clear'. Mar 23 10:23:44.746746 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:44.807683 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'delete '. Mar 23 10:23:44.949646 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Mar 23 10:23:45.018050 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:45.140767 osdx ubnt-cfgd[277885]: inactive Mar 23 10:23:45.169687 osdx dnscrypt-proxy[277813]: Stopped. Mar 23 10:23:45.169747 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy... Mar 23 10:23:45.170611 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully. Mar 23 10:23:45.170731 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:45.234915 osdx WARNING[277949]: No supported link modes on interface eth0 Mar 23 10:23:45.236519 osdx modulelauncher[277949]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:45.236532 osdx modulelauncher[277949]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:45.237789 osdx modulelauncher[277949]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:45.237798 osdx modulelauncher[277949]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:45.255065 osdx ca-certificates[277974]: Clearing symlinks in /etc/ssl/certs... Mar 23 10:23:45.616040 osdx ca-certificates[278552]: done. Mar 23 10:23:45.619839 osdx ca-certificates[278560]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:46.138427 osdx ubnt-cfgd[279418]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:46.147312 osdx ca-certificates[279424]: 142 added, 0 removed; done. Mar 23 10:23:46.151328 osdx ca-certificates[279430]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:46.155289 osdx ca-certificates[279432]: done. Mar 23 10:23:46.173376 osdx INFO[279435]: FRR daemons did not change Mar 23 10:23:46.173672 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:46.180919 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:46.201807 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:47.536007 osdx OSDxCLI[140369]: User 'admin' entered the configuration menu. Mar 23 10:23:48.030367 osdx systemd[1]: systemd-timedated.service: Deactivated successfully. Mar 23 10:23:48.156621 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Mar 23 10:23:48.216270 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Mar 23 10:23:48.336704 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Mar 23 10:23:48.394247 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Mar 23 10:23:48.494945 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash be1776c8fd054dc1035f9bd9cce747bd437a0829719601a16e96bc6bbfcd87b0'. Mar 23 10:23:48.552514 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Mar 23 10:23:48.646219 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Mar 23 10:23:48.730981 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Mar 23 10:23:48.846536 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 23 10:23:48.902163 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 23 10:23:49.015473 osdx OSDxCLI[140369]: User 'admin' added a new cfg line: 'show working'. Mar 23 10:23:49.106744 osdx ubnt-cfgd[279471]: inactive Mar 23 10:23:49.130555 osdx INFO[279479]: FRR daemons did not change Mar 23 10:23:49.144253 osdx ca-certificates[279495]: Updating certificates in /etc/ssl/certs... Mar 23 10:23:49.744460 osdx ubnt-cfgd[280507]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL Mar 23 10:23:49.752208 osdx ca-certificates[280512]: 1 added, 0 removed; done. Mar 23 10:23:49.755017 osdx ca-certificates[280519]: Running hooks in /etc/ca-certificates/update.d... Mar 23 10:23:49.757882 osdx ca-certificates[280521]: done. Mar 23 10:23:49.790213 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 23 10:23:49.836939 osdx WARNING[280588]: No supported link modes on interface eth0 Mar 23 10:23:49.838922 osdx modulelauncher[280588]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 23 10:23:49.838944 osdx modulelauncher[280588]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 23 10:23:49.840598 osdx modulelauncher[280588]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 23 10:23:49.840610 osdx modulelauncher[280588]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 23 10:23:49.962588 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy. Mar 23 10:23:49.964163 osdx cfgd[1828]: [140369]Completed change to active configuration Mar 23 10:23:49.977737 osdx OSDxCLI[140369]: User 'admin' committed the configuration. Mar 23 10:23:49.991405 osdx dnscrypt-proxy[280637]: dnscrypt-proxy 2.0.45 Mar 23 10:23:49.991474 osdx dnscrypt-proxy[280637]: Network connectivity detected Mar 23 10:23:49.992116 osdx dnscrypt-proxy[280637]: Dropping privileges Mar 23 10:23:49.995604 osdx dnscrypt-proxy[280637]: Network connectivity detected Mar 23 10:23:49.995638 osdx dnscrypt-proxy[280637]: Now listening to 127.0.0.1:53 [UDP] Mar 23 10:23:49.995642 osdx dnscrypt-proxy[280637]: Now listening to 127.0.0.1:53 [TCP] Mar 23 10:23:49.995654 osdx OSDxCLI[140369]: User 'admin' left the configuration menu. Mar 23 10:23:49.995667 osdx dnscrypt-proxy[280637]: Firefox workaround initialized Mar 23 10:23:49.995672 osdx dnscrypt-proxy[280637]: Loading the set of cloaking rules from [/tmp/tmpsxkw6yol] Mar 23 10:23:50.233490 osdx dnscrypt-proxy[280637]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Mar 23 10:23:50.233508 osdx dnscrypt-proxy[280637]: [RD] OK (DoH) - rtt: 12ms Mar 23 10:23:50.233517 osdx dnscrypt-proxy[280637]: Server with the lowest initial latency: RD (rtt: 12ms) Mar 23 10:23:50.233534 osdx dnscrypt-proxy[280637]: dnscrypt-proxy is ready - live servers: 1 Mar 23 10:23:55.153209 osdx OSDxCLI[140369]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'. Mar 23 10:24:05.226346 osdx OSDxCLI[140369]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.