Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 16 20:13:20.294361 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:13:20.297441 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:13:20.297507 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:13:20.306988 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:13:20.511876 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 20:13:20.765568 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:20.849678 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:20.930380 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:21.038367 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:21.113830 osdx ubnt-cfgd[707198]: inactive
Apr 16 20:13:21.137293 osdx INFO[707204]: FRR daemons did not change
Apr 16 20:13:21.165433 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:13:21.216712 osdx WARNING[707273]: No supported link modes on interface eth0
Apr 16 20:13:21.218102 osdx modulelauncher[707273]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:21.218113 osdx modulelauncher[707273]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:21.219244 osdx modulelauncher[707273]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:21.219253 osdx modulelauncher[707273]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:21.257401 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:21.269127 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:21.284150 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:21.426094 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 16 20:13:21.504971 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 16 20:13:21.673341 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:21.751679 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:13:21.850707 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:13:21.914134 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:13:22.077611 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:13:22.204130 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:13:22.303205 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 16 20:13:22.363761 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:13:22.491327 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:22.567154 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:22.701541 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:22.802646 osdx ubnt-cfgd[707378]: inactive
Apr 16 20:13:22.824470 osdx INFO[707386]: FRR daemons did not change
Apr 16 20:13:22.850994 osdx ca-certificates[707402]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:23.413899 osdx ubnt-cfgd[708414]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:23.421657 osdx ca-certificates[708419]: 1 added, 0 removed; done.
Apr 16 20:13:23.425409 osdx ca-certificates[708426]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:23.428989 osdx ca-certificates[708428]: done.
Apr 16 20:13:23.493725 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:23.494972 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:23.497399 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:23.522139 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:23.523366 osdx dnscrypt-proxy[708432]: dnscrypt-proxy 2.0.45
Apr 16 20:13:23.523441 osdx dnscrypt-proxy[708432]: Network connectivity detected
Apr 16 20:13:23.523691 osdx dnscrypt-proxy[708432]: Dropping privileges
Apr 16 20:13:23.526336 osdx dnscrypt-proxy[708432]: Network connectivity detected
Apr 16 20:13:23.526372 osdx dnscrypt-proxy[708432]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:13:23.526377 osdx dnscrypt-proxy[708432]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:13:23.526399 osdx dnscrypt-proxy[708432]: Firefox workaround initialized
Apr 16 20:13:23.526405 osdx dnscrypt-proxy[708432]: Loading the set of cloaking rules from [/tmp/tmpwce50524]
Apr 16 20:13:23.559278 osdx dnscrypt-proxy[708432]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 16 20:13:23.559298 osdx dnscrypt-proxy[708432]: [RD] OK (DoH) - rtt: 13ms
Apr 16 20:13:23.559308 osdx dnscrypt-proxy[708432]: Server with the lowest initial latency: RD (rtt: 13ms)
Apr 16 20:13:23.559313 osdx dnscrypt-proxy[708432]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:13:23.665514 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 16 20:13:32.318179 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:13:32.322181 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:13:32.322242 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:13:32.329451 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:13:32.559304 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 20:13:32.858621 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:32.946939 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:33.026384 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:33.128469 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:33.213184 osdx ubnt-cfgd[710153]: inactive
Apr 16 20:13:33.234446 osdx INFO[710159]: FRR daemons did not change
Apr 16 20:13:33.290198 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:13:33.345386 osdx WARNING[710228]: No supported link modes on interface eth0
Apr 16 20:13:33.347169 osdx modulelauncher[710228]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:33.347186 osdx modulelauncher[710228]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:33.348558 osdx modulelauncher[710228]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:33.348570 osdx modulelauncher[710228]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:33.384474 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:33.397306 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:33.426540 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:33.587088 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 16 20:13:33.710695 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 16 20:13:33.885555 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:33.969257 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:13:34.069672 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:13:34.146752 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:13:34.254055 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:13:34.381260 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:13:34.502296 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 16 20:13:34.596108 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:13:34.682679 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:34.759970 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:34.844870 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:34.942582 osdx ubnt-cfgd[710333]: inactive
Apr 16 20:13:34.963799 osdx INFO[710341]: FRR daemons did not change
Apr 16 20:13:34.978792 osdx ca-certificates[710357]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:35.675311 osdx ubnt-cfgd[711369]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:35.685542 osdx ca-certificates[711375]: 1 added, 0 removed; done.
Apr 16 20:13:35.689359 osdx ca-certificates[711381]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:35.692636 osdx ca-certificates[711383]: done.
Apr 16 20:13:35.754585 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:35.755942 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:35.758186 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:35.785031 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:35.786084 osdx dnscrypt-proxy[711387]: dnscrypt-proxy 2.0.45
Apr 16 20:13:35.786158 osdx dnscrypt-proxy[711387]: Network connectivity detected
Apr 16 20:13:35.786404 osdx dnscrypt-proxy[711387]: Dropping privileges
Apr 16 20:13:35.789222 osdx dnscrypt-proxy[711387]: Network connectivity detected
Apr 16 20:13:35.789258 osdx dnscrypt-proxy[711387]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:13:35.789263 osdx dnscrypt-proxy[711387]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:13:35.789305 osdx dnscrypt-proxy[711387]: Firefox workaround initialized
Apr 16 20:13:35.789311 osdx dnscrypt-proxy[711387]: Loading the set of cloaking rules from [/tmp/tmpcfq1i839]
Apr 16 20:13:35.819124 osdx dnscrypt-proxy[711387]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 16 20:13:35.819141 osdx dnscrypt-proxy[711387]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:13:35.819149 osdx dnscrypt-proxy[711387]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:13:35.819154 osdx dnscrypt-proxy[711387]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:13:35.954199 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 16 20:13:36.208517 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:13:36.210178 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:13:36.210233 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:13:36.220125 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:13:36.515608 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:36.579284 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:13:36.695143 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:13:36.754865 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:36.865880 osdx ubnt-cfgd[711439]: inactive
Apr 16 20:13:36.889048 osdx dnscrypt-proxy[711387]: Stopped.
Apr 16 20:13:36.889130 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:13:36.889960 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:13:36.890064 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:36.954864 osdx WARNING[711503]: No supported link modes on interface eth0
Apr 16 20:13:36.956652 osdx modulelauncher[711503]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:36.956666 osdx modulelauncher[711503]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:36.958157 osdx modulelauncher[711503]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:36.958178 osdx modulelauncher[711503]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:36.975506 osdx ca-certificates[711528]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:13:37.316372 osdx ca-certificates[712105]: done.
Apr 16 20:13:37.320283 osdx ca-certificates[712113]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:37.795880 osdx ubnt-cfgd[712972]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:37.804817 osdx ca-certificates[712978]: 142 added, 0 removed; done.
Apr 16 20:13:37.807780 osdx ca-certificates[712984]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:37.811387 osdx ca-certificates[712986]: done.
Apr 16 20:13:37.830234 osdx INFO[712989]: FRR daemons did not change
Apr 16 20:13:37.830530 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:37.857698 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:37.877743 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:39.391710 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:39.450937 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:13:39.548066 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:13:39.611666 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:13:39.703063 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:13:39.761360 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:13:39.853539 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 16 20:13:39.914892 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:13:40.041814 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:40.097341 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:40.204487 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:40.270947 osdx ubnt-cfgd[713024]: inactive
Apr 16 20:13:40.292895 osdx INFO[713032]: FRR daemons did not change
Apr 16 20:13:40.306284 osdx ca-certificates[713048]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:40.842139 osdx ubnt-cfgd[714060]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:40.851722 osdx ca-certificates[714066]: 1 added, 0 removed; done.
Apr 16 20:13:40.855504 osdx ca-certificates[714072]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:40.859142 osdx ca-certificates[714074]: done.
Apr 16 20:13:40.890253 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:13:40.944756 osdx WARNING[714141]: No supported link modes on interface eth0
Apr 16 20:13:40.946664 osdx modulelauncher[714141]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:40.946684 osdx modulelauncher[714141]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:40.948232 osdx modulelauncher[714141]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:40.948244 osdx modulelauncher[714141]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:41.058561 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:41.059802 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:41.072073 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:41.091945 osdx dnscrypt-proxy[714190]: dnscrypt-proxy 2.0.45
Apr 16 20:13:41.092017 osdx dnscrypt-proxy[714190]: Network connectivity detected
Apr 16 20:13:41.092305 osdx dnscrypt-proxy[714190]: Dropping privileges
Apr 16 20:13:41.100310 osdx dnscrypt-proxy[714190]: Network connectivity detected
Apr 16 20:13:41.100367 osdx dnscrypt-proxy[714190]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:13:41.100375 osdx dnscrypt-proxy[714190]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:13:41.100429 osdx dnscrypt-proxy[714190]: Firefox workaround initialized
Apr 16 20:13:41.100457 osdx dnscrypt-proxy[714190]: Loading the set of cloaking rules from [/tmp/tmp1vwrmqpp]
Apr 16 20:13:41.105822 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:41.139983 osdx dnscrypt-proxy[714190]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 16 20:13:41.140004 osdx dnscrypt-proxy[714190]: [RD] OK (DoH) - rtt: 11ms
Apr 16 20:13:41.140014 osdx dnscrypt-proxy[714190]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 16 20:13:41.140020 osdx dnscrypt-proxy[714190]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:13:41.263183 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 16 20:13:41.504178 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:13:41.506180 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:13:41.506232 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:13:41.514252 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:13:41.772055 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:41.832663 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:13:41.946423 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:13:42.034370 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:42.104087 osdx ubnt-cfgd[714262]: inactive
Apr 16 20:13:42.129090 osdx dnscrypt-proxy[714190]: Stopped.
Apr 16 20:13:42.129165 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:13:42.130646 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:13:42.130776 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:42.197203 osdx WARNING[714326]: No supported link modes on interface eth0
Apr 16 20:13:42.198700 osdx modulelauncher[714326]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:42.198714 osdx modulelauncher[714326]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:42.200235 osdx modulelauncher[714326]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:42.200245 osdx modulelauncher[714326]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:42.216757 osdx ca-certificates[714351]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:13:42.507540 osdx ca-certificates[714929]: done.
Apr 16 20:13:42.510759 osdx ca-certificates[714938]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:43.015672 osdx ubnt-cfgd[715795]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:43.025588 osdx ca-certificates[715801]: 142 added, 0 removed; done.
Apr 16 20:13:43.028676 osdx ca-certificates[715807]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:43.031869 osdx ca-certificates[715809]: done.
Apr 16 20:13:43.047640 osdx INFO[715812]: FRR daemons did not change
Apr 16 20:13:43.047999 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:43.106713 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:43.131262 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:44.357284 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:44.414375 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:13:44.510760 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:13:44.574741 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:13:44.664869 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:13:44.721625 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:13:44.827734 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 16 20:13:44.884797 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:13:45.007985 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:45.060331 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:45.171749 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:45.241228 osdx ubnt-cfgd[715845]: inactive
Apr 16 20:13:45.266453 osdx INFO[715853]: FRR daemons did not change
Apr 16 20:13:45.280164 osdx ca-certificates[715869]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:45.845130 osdx ubnt-cfgd[716881]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:45.853474 osdx ca-certificates[716887]: 1 added, 0 removed; done.
Apr 16 20:13:45.857526 osdx ca-certificates[716893]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:45.861424 osdx ca-certificates[716895]: done.
Apr 16 20:13:45.894187 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:13:45.939363 osdx WARNING[716962]: No supported link modes on interface eth0
Apr 16 20:13:45.941052 osdx modulelauncher[716962]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:45.941073 osdx modulelauncher[716962]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:45.942439 osdx modulelauncher[716962]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:45.942458 osdx modulelauncher[716962]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:46.050650 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:46.052233 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:46.068481 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:46.077397 osdx dnscrypt-proxy[717011]: dnscrypt-proxy 2.0.45
Apr 16 20:13:46.077483 osdx dnscrypt-proxy[717011]: Network connectivity detected
Apr 16 20:13:46.077730 osdx dnscrypt-proxy[717011]: Dropping privileges
Apr 16 20:13:46.080353 osdx dnscrypt-proxy[717011]: Network connectivity detected
Apr 16 20:13:46.080386 osdx dnscrypt-proxy[717011]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:13:46.080390 osdx dnscrypt-proxy[717011]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:13:46.080409 osdx dnscrypt-proxy[717011]: Firefox workaround initialized
Apr 16 20:13:46.080419 osdx dnscrypt-proxy[717011]: Loading the set of cloaking rules from [/tmp/tmpyxonwn_d]
Apr 16 20:13:46.087084 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:46.112120 osdx dnscrypt-proxy[717011]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:13:46.112139 osdx dnscrypt-proxy[717011]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:13:46.112148 osdx dnscrypt-proxy[717011]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:13:46.112152 osdx dnscrypt-proxy[717011]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:13:46.236675 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 16 20:13:53.289895 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:13:53.292528 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:13:53.292626 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:13:53.302639 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:13:53.622786 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 20:13:53.898912 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:53.999674 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:54.072562 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:54.176951 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:54.234870 osdx ubnt-cfgd[718752]: inactive
Apr 16 20:13:54.256933 osdx INFO[718758]: FRR daemons did not change
Apr 16 20:13:54.284501 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:13:54.333849 osdx WARNING[718827]: No supported link modes on interface eth0
Apr 16 20:13:54.335239 osdx modulelauncher[718827]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:13:54.335256 osdx modulelauncher[718827]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:13:54.336709 osdx modulelauncher[718827]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:13:54.336718 osdx modulelauncher[718827]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:13:54.376804 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:54.388022 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:54.413675 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:54.597394 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 16 20:13:54.676715 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 16 20:13:54.855428 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:13:54.931555 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:13:55.036556 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:13:55.155848 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:13:55.251641 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:13:55.367867 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:13:55.511634 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:13:55.612700 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:13:55.751675 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:13:55.842263 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:13:55.912191 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:13:56.003724 osdx ubnt-cfgd[718932]: inactive
Apr 16 20:13:56.022644 osdx INFO[718940]: FRR daemons did not change
Apr 16 20:13:56.035718 osdx ca-certificates[718955]: Updating certificates in /etc/ssl/certs...
Apr 16 20:13:56.586922 osdx ubnt-cfgd[719968]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:13:56.596798 osdx ca-certificates[719974]: 1 added, 0 removed; done.
Apr 16 20:13:56.600611 osdx ca-certificates[719980]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:13:56.604099 osdx ca-certificates[719982]: done.
Apr 16 20:13:56.684954 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:13:56.688050 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:13:56.690816 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:13:56.706956 osdx dnscrypt-proxy[719986]: dnscrypt-proxy 2.0.45
Apr 16 20:13:56.707024 osdx dnscrypt-proxy[719986]: Network connectivity detected
Apr 16 20:13:56.707240 osdx dnscrypt-proxy[719986]: Dropping privileges
Apr 16 20:13:56.709469 osdx dnscrypt-proxy[719986]: Network connectivity detected
Apr 16 20:13:56.709500 osdx dnscrypt-proxy[719986]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:13:56.709504 osdx dnscrypt-proxy[719986]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:13:56.709518 osdx dnscrypt-proxy[719986]: Firefox workaround initialized
Apr 16 20:13:56.709522 osdx dnscrypt-proxy[719986]: Loading the set of cloaking rules from [/tmp/tmpkibmw1kc]
Apr 16 20:13:56.710314 osdx dnscrypt-proxy[719986]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 16 20:13:56.713073 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:13:56.735565 osdx dnscrypt-proxy[719986]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:13:56.735587 osdx dnscrypt-proxy[719986]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:13:56.735601 osdx dnscrypt-proxy[719986]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:13:56.735606 osdx dnscrypt-proxy[719986]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 16 20:14:04.318963 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:04.320578 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:04.320625 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:04.330593 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:04.650313 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 20:14:05.010302 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:05.097115 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:05.171885 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:05.272531 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:05.349347 osdx ubnt-cfgd[721706]: inactive
Apr 16 20:14:05.368744 osdx INFO[721712]: FRR daemons did not change
Apr 16 20:14:05.400586 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:05.445531 osdx WARNING[721781]: No supported link modes on interface eth0
Apr 16 20:14:05.446898 osdx modulelauncher[721781]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:05.446910 osdx modulelauncher[721781]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:05.448034 osdx modulelauncher[721781]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:05.448043 osdx modulelauncher[721781]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:05.484268 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:05.495075 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:05.512933 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:05.658805 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 16 20:14:05.723126 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 16 20:14:05.857392 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:05.914365 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:06.012051 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:06.071625 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:06.175940 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:06.287623 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:06.346979 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:14:06.460754 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:06.537266 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:06.613230 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:06.683610 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:06.788812 osdx ubnt-cfgd[721886]: inactive
Apr 16 20:14:06.810607 osdx INFO[721894]: FRR daemons did not change
Apr 16 20:14:06.823879 osdx ca-certificates[721910]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:07.369519 osdx ubnt-cfgd[722922]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:07.378862 osdx ca-certificates[722928]: 1 added, 0 removed; done.
Apr 16 20:14:07.381771 osdx ca-certificates[722934]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:07.384609 osdx ca-certificates[722936]: done.
Apr 16 20:14:07.452862 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:07.453976 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:07.455974 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:07.471930 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:07.472654 osdx dnscrypt-proxy[722940]: dnscrypt-proxy 2.0.45
Apr 16 20:14:07.472731 osdx dnscrypt-proxy[722940]: Network connectivity detected
Apr 16 20:14:07.472977 osdx dnscrypt-proxy[722940]: Dropping privileges
Apr 16 20:14:07.475343 osdx dnscrypt-proxy[722940]: Network connectivity detected
Apr 16 20:14:07.475378 osdx dnscrypt-proxy[722940]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:07.475382 osdx dnscrypt-proxy[722940]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:07.475397 osdx dnscrypt-proxy[722940]: Firefox workaround initialized
Apr 16 20:14:07.475402 osdx dnscrypt-proxy[722940]: Loading the set of cloaking rules from [/tmp/tmps2bhga7z]
Apr 16 20:14:07.476174 osdx dnscrypt-proxy[722940]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 16 20:14:07.505939 osdx dnscrypt-proxy[722940]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:14:07.505952 osdx dnscrypt-proxy[722940]: [RD] OK (DoH) - rtt: 12ms
Apr 16 20:14:07.505958 osdx dnscrypt-proxy[722940]: Server with the lowest initial latency: RD (rtt: 12ms)
Apr 16 20:14:07.505962 osdx dnscrypt-proxy[722940]: dnscrypt-proxy is ready - live servers: 1

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 16 20:14:07.706722 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:07.708587 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:07.708654 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:07.716142 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:07.962164 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:08.024947 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:08.139443 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:08.201398 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:08.292386 osdx ubnt-cfgd[722989]: inactive
Apr 16 20:14:08.317646 osdx dnscrypt-proxy[722940]: Stopped.
Apr 16 20:14:08.317712 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:08.318579 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:08.318700 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:08.375364 osdx WARNING[723053]: No supported link modes on interface eth0
Apr 16 20:14:08.376897 osdx modulelauncher[723053]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:08.376911 osdx modulelauncher[723053]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:08.378348 osdx modulelauncher[723053]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:08.378357 osdx modulelauncher[723053]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:08.396699 osdx ca-certificates[723078]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:08.706711 osdx ca-certificates[723655]: done.
Apr 16 20:14:08.710791 osdx ca-certificates[723664]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:09.243435 osdx ubnt-cfgd[724522]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:09.254934 osdx ca-certificates[724528]: 142 added, 0 removed; done.
Apr 16 20:14:09.259098 osdx ca-certificates[724534]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:09.262487 osdx ca-certificates[724536]: done.
Apr 16 20:14:09.277764 osdx INFO[724539]: FRR daemons did not change
Apr 16 20:14:09.278114 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:09.373218 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:09.390852 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:10.777207 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:10.833832 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:10.937723 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:11.021589 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:11.115494 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:11.182409 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:11.274312 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 16 20:14:11.340367 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:11.462720 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:11.518475 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:11.627995 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:11.692084 osdx ubnt-cfgd[724572]: inactive
Apr 16 20:14:11.717443 osdx INFO[724580]: FRR daemons did not change
Apr 16 20:14:11.731253 osdx ca-certificates[724596]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:12.311797 osdx ubnt-cfgd[725608]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:12.322446 osdx ca-certificates[725614]: 1 added, 0 removed; done.
Apr 16 20:14:12.326162 osdx ca-certificates[725620]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:12.329920 osdx ca-certificates[725622]: done.
Apr 16 20:14:12.364596 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:12.412606 osdx WARNING[725689]: No supported link modes on interface eth0
Apr 16 20:14:12.414072 osdx modulelauncher[725689]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:12.414086 osdx modulelauncher[725689]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:12.415235 osdx modulelauncher[725689]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:12.415243 osdx modulelauncher[725689]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:12.525008 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:12.526613 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:12.549282 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:12.565100 osdx dnscrypt-proxy[725738]: dnscrypt-proxy 2.0.45
Apr 16 20:14:12.565183 osdx dnscrypt-proxy[725738]: Network connectivity detected
Apr 16 20:14:12.565531 osdx dnscrypt-proxy[725738]: Dropping privileges
Apr 16 20:14:12.568744 osdx dnscrypt-proxy[725738]: Network connectivity detected
Apr 16 20:14:12.568799 osdx dnscrypt-proxy[725738]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:12.568810 osdx dnscrypt-proxy[725738]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:12.568846 osdx dnscrypt-proxy[725738]: Firefox workaround initialized
Apr 16 20:14:12.568861 osdx dnscrypt-proxy[725738]: Loading the set of cloaking rules from [/tmp/tmp3r4e0sa6]
Apr 16 20:14:12.570059 osdx dnscrypt-proxy[725738]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 16 20:14:12.585749 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:12.602220 osdx dnscrypt-proxy[725738]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:14:12.602235 osdx dnscrypt-proxy[725738]: [RD] OK (DoH) - rtt: 11ms
Apr 16 20:14:12.602246 osdx dnscrypt-proxy[725738]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 16 20:14:12.602250 osdx dnscrypt-proxy[725738]: dnscrypt-proxy is ready - live servers: 1

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Apr 16 20:14:12.833848 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:12.836583 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:12.836648 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:12.843217 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:13.086908 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:13.143023 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:13.249451 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:13.305723 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:13.398150 osdx ubnt-cfgd[725808]: inactive
Apr 16 20:14:13.433038 osdx dnscrypt-proxy[725738]: Stopped.
Apr 16 20:14:13.433140 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:13.433871 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:13.434001 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:13.498774 osdx WARNING[725872]: No supported link modes on interface eth0
Apr 16 20:14:13.500119 osdx modulelauncher[725872]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:13.500130 osdx modulelauncher[725872]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:13.501580 osdx modulelauncher[725872]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:13.501587 osdx modulelauncher[725872]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:13.517886 osdx ca-certificates[725897]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:13.810542 osdx ca-certificates[726474]: done.
Apr 16 20:14:13.813808 osdx ca-certificates[726483]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:14.277743 osdx ubnt-cfgd[727341]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:14.285965 osdx ca-certificates[727347]: 142 added, 0 removed; done.
Apr 16 20:14:14.288839 osdx ca-certificates[727353]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:14.291683 osdx ca-certificates[727355]: done.
Apr 16 20:14:14.308109 osdx INFO[727358]: FRR daemons did not change
Apr 16 20:14:14.308483 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:14.311100 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:14.339053 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:15.796368 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:15.861078 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:15.965931 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:16.068230 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:16.158598 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:16.217283 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:16.344899 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:14:16.406989 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 16 20:14:16.501620 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:16.594317 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:16.707697 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:16.787794 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:16.887925 osdx ubnt-cfgd[727392]: inactive
Apr 16 20:14:16.958454 osdx INFO[727400]: FRR daemons did not change
Apr 16 20:14:16.974232 osdx ca-certificates[727415]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:17.502557 osdx ubnt-cfgd[728428]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:17.511176 osdx ca-certificates[728434]: 1 added, 0 removed; done.
Apr 16 20:14:17.514145 osdx ca-certificates[728440]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:17.517018 osdx ca-certificates[728442]: done.
Apr 16 20:14:17.548586 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:17.595244 osdx WARNING[728509]: No supported link modes on interface eth0
Apr 16 20:14:17.597129 osdx modulelauncher[728509]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:17.597145 osdx modulelauncher[728509]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:17.599084 osdx modulelauncher[728509]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:17.599100 osdx modulelauncher[728509]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:17.717023 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:17.719601 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:17.733721 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:17.741039 osdx dnscrypt-proxy[728558]: dnscrypt-proxy 2.0.45
Apr 16 20:14:17.741102 osdx dnscrypt-proxy[728558]: Network connectivity detected
Apr 16 20:14:17.741285 osdx dnscrypt-proxy[728558]: Dropping privileges
Apr 16 20:14:17.743389 osdx dnscrypt-proxy[728558]: Network connectivity detected
Apr 16 20:14:17.743417 osdx dnscrypt-proxy[728558]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:17.743421 osdx dnscrypt-proxy[728558]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:17.743436 osdx dnscrypt-proxy[728558]: Firefox workaround initialized
Apr 16 20:14:17.743440 osdx dnscrypt-proxy[728558]: Loading the set of cloaking rules from [/tmp/tmpy1h4vjsv]
Apr 16 20:14:17.744217 osdx dnscrypt-proxy[728558]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Apr 16 20:14:17.750635 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:17.770348 osdx dnscrypt-proxy[728558]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:14:17.770368 osdx dnscrypt-proxy[728558]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:17.770376 osdx dnscrypt-proxy[728558]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:17.770380 osdx dnscrypt-proxy[728558]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 16 20:14:25.293761 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:25.296296 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:25.296359 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:25.304475 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:25.509237 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system coredump delete all'.
Apr 16 20:14:25.792924 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:25.880136 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:25.948856 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:26.052203 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:26.111577 osdx ubnt-cfgd[730295]: inactive
Apr 16 20:14:26.134110 osdx INFO[730301]: FRR daemons did not change
Apr 16 20:14:26.164293 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:26.207143 osdx WARNING[730370]: No supported link modes on interface eth0
Apr 16 20:14:26.208711 osdx modulelauncher[730370]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:26.208726 osdx modulelauncher[730370]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:26.210263 osdx modulelauncher[730370]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:26.210271 osdx modulelauncher[730370]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:26.247894 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:26.259918 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:26.275376 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:26.430553 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Apr 16 20:14:26.499097 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal show | cat'.
Apr 16 20:14:26.683488 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:27.452212 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:27.531156 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:27.642041 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:27.713830 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:27.810840 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:27.892999 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:14:27.963040 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 16 20:14:28.057652 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:28.197011 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:28.277125 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:28.388381 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:28.478760 osdx ubnt-cfgd[730476]: inactive
Apr 16 20:14:28.502162 osdx INFO[730484]: FRR daemons did not change
Apr 16 20:14:28.517881 osdx ca-certificates[730500]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:29.114860 osdx ubnt-cfgd[731512]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:29.123112 osdx ca-certificates[731517]: 1 added, 0 removed; done.
Apr 16 20:14:29.126099 osdx ca-certificates[731524]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:29.128875 osdx ca-certificates[731526]: done.
Apr 16 20:14:29.188679 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:29.190053 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:29.192519 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:29.213059 osdx dnscrypt-proxy[731530]: dnscrypt-proxy 2.0.45
Apr 16 20:14:29.213153 osdx dnscrypt-proxy[731530]: Network connectivity detected
Apr 16 20:14:29.213409 osdx dnscrypt-proxy[731530]: Dropping privileges
Apr 16 20:14:29.216164 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:29.216603 osdx dnscrypt-proxy[731530]: Network connectivity detected
Apr 16 20:14:29.216637 osdx dnscrypt-proxy[731530]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:29.216642 osdx dnscrypt-proxy[731530]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:29.216663 osdx dnscrypt-proxy[731530]: Firefox workaround initialized
Apr 16 20:14:29.216672 osdx dnscrypt-proxy[731530]: Loading the set of cloaking rules from [/tmp/tmp5x2rlki6]
Apr 16 20:14:29.245289 osdx dnscrypt-proxy[731530]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 16 20:14:29.245305 osdx dnscrypt-proxy[731530]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:29.245316 osdx dnscrypt-proxy[731530]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:29.245321 osdx dnscrypt-proxy[731530]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:29.354208 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 16 20:14:29.575837 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:29.576476 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:29.576518 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:29.585448 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:29.867276 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:29.943884 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:30.122750 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:30.187713 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:30.271629 osdx ubnt-cfgd[731582]: inactive
Apr 16 20:14:30.293725 osdx dnscrypt-proxy[731530]: Stopped.
Apr 16 20:14:30.293751 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:30.294762 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:30.294863 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:30.356072 osdx WARNING[731646]: No supported link modes on interface eth0
Apr 16 20:14:30.357923 osdx modulelauncher[731646]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:30.357936 osdx modulelauncher[731646]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:30.359550 osdx modulelauncher[731646]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:30.359565 osdx modulelauncher[731646]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:30.378932 osdx ca-certificates[731671]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:30.690575 osdx ca-certificates[732248]: done.
Apr 16 20:14:30.693713 osdx ca-certificates[732258]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:31.202803 osdx ubnt-cfgd[733115]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:31.214038 osdx ca-certificates[733121]: 142 added, 0 removed; done.
Apr 16 20:14:31.217622 osdx ca-certificates[733127]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:31.220790 osdx ca-certificates[733129]: done.
Apr 16 20:14:31.239200 osdx INFO[733132]: FRR daemons did not change
Apr 16 20:14:31.239467 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:31.250362 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:31.266333 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:32.533705 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:33.244468 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:33.313185 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:33.421708 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:33.480953 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:33.580657 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:33.632393 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:14:33.721416 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 16 20:14:33.774622 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:33.911818 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:33.968609 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:34.118790 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:34.230245 osdx ubnt-cfgd[733166]: inactive
Apr 16 20:14:34.255531 osdx INFO[733174]: FRR daemons did not change
Apr 16 20:14:34.269145 osdx ca-certificates[733190]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:34.867071 osdx ubnt-cfgd[734202]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:34.878065 osdx ca-certificates[734207]: 1 added, 0 removed; done.
Apr 16 20:14:34.882281 osdx ca-certificates[734214]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:34.885407 osdx ca-certificates[734216]: done.
Apr 16 20:14:34.920355 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:34.981317 osdx WARNING[734283]: No supported link modes on interface eth0
Apr 16 20:14:34.983742 osdx modulelauncher[734283]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:34.983758 osdx modulelauncher[734283]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:34.985797 osdx modulelauncher[734283]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:34.985807 osdx modulelauncher[734283]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:35.084711 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:35.086158 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:35.099574 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:35.110288 osdx dnscrypt-proxy[734332]: dnscrypt-proxy 2.0.45
Apr 16 20:14:35.110366 osdx dnscrypt-proxy[734332]: Network connectivity detected
Apr 16 20:14:35.110733 osdx dnscrypt-proxy[734332]: Dropping privileges
Apr 16 20:14:35.113566 osdx dnscrypt-proxy[734332]: Network connectivity detected
Apr 16 20:14:35.113606 osdx dnscrypt-proxy[734332]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:35.113611 osdx dnscrypt-proxy[734332]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:35.113631 osdx dnscrypt-proxy[734332]: Firefox workaround initialized
Apr 16 20:14:35.113637 osdx dnscrypt-proxy[734332]: Loading the set of cloaking rules from [/tmp/tmp6ao16lpq]
Apr 16 20:14:35.117702 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:35.144420 osdx dnscrypt-proxy[734332]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 16 20:14:35.144433 osdx dnscrypt-proxy[734332]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:35.144441 osdx dnscrypt-proxy[734332]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:35.144446 osdx dnscrypt-proxy[734332]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:35.269446 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 16 20:14:35.573706 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:35.576346 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:35.576422 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:35.589987 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:35.872163 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:35.927777 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:36.076938 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:36.151703 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:36.257195 osdx ubnt-cfgd[734405]: inactive
Apr 16 20:14:36.284791 osdx dnscrypt-proxy[734332]: Stopped.
Apr 16 20:14:36.284807 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:36.285951 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:36.286066 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:36.356518 osdx WARNING[734469]: No supported link modes on interface eth0
Apr 16 20:14:36.358639 osdx modulelauncher[734469]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:36.358654 osdx modulelauncher[734469]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:36.360249 osdx modulelauncher[734469]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:36.360261 osdx modulelauncher[734469]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:36.392757 osdx ca-certificates[734494]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:36.743575 osdx ca-certificates[735071]: done.
Apr 16 20:14:36.746487 osdx ca-certificates[735080]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:37.246390 osdx ubnt-cfgd[735938]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:37.254830 osdx ca-certificates[735943]: 142 added, 0 removed; done.
Apr 16 20:14:37.258593 osdx ca-certificates[735950]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:37.261533 osdx ca-certificates[735952]: done.
Apr 16 20:14:37.276820 osdx INFO[735955]: FRR daemons did not change
Apr 16 20:14:37.277065 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:37.318818 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:37.352143 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:38.563420 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:39.241683 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:39.313733 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:39.459915 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:39.523148 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:39.614188 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:39.678959 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Apr 16 20:14:39.814020 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 16 20:14:39.876869 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:40.009525 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:40.142348 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:40.204874 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:40.298735 osdx ubnt-cfgd[735989]: inactive
Apr 16 20:14:40.319384 osdx INFO[735997]: FRR daemons did not change
Apr 16 20:14:40.332659 osdx ca-certificates[736013]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:40.869945 osdx ubnt-cfgd[737025]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:40.879325 osdx ca-certificates[737031]: 1 added, 0 removed; done.
Apr 16 20:14:40.882805 osdx ca-certificates[737037]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:40.886550 osdx ca-certificates[737039]: done.
Apr 16 20:14:40.920300 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:40.971195 osdx WARNING[737106]: No supported link modes on interface eth0
Apr 16 20:14:40.973251 osdx modulelauncher[737106]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:40.973266 osdx modulelauncher[737106]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:40.974976 osdx modulelauncher[737106]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:40.974986 osdx modulelauncher[737106]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:41.134658 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:41.136197 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:41.152378 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:41.163976 osdx dnscrypt-proxy[737155]: dnscrypt-proxy 2.0.45
Apr 16 20:14:41.164040 osdx dnscrypt-proxy[737155]: Network connectivity detected
Apr 16 20:14:41.164240 osdx dnscrypt-proxy[737155]: Dropping privileges
Apr 16 20:14:41.166510 osdx dnscrypt-proxy[737155]: Network connectivity detected
Apr 16 20:14:41.166542 osdx dnscrypt-proxy[737155]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:41.166547 osdx dnscrypt-proxy[737155]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:41.166567 osdx dnscrypt-proxy[737155]: Firefox workaround initialized
Apr 16 20:14:41.166572 osdx dnscrypt-proxy[737155]: Loading the set of cloaking rules from [/tmp/tmpyfv67bks]
Apr 16 20:14:41.182040 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:41.199689 osdx dnscrypt-proxy[737155]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:14:41.199711 osdx dnscrypt-proxy[737155]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:41.199721 osdx dnscrypt-proxy[737155]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:41.199726 osdx dnscrypt-proxy[737155]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:41.383505 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Apr 16 20:14:41.652038 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:41.652452 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:41.652481 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:41.661336 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:41.933531 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:41.987809 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:42.202057 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:42.263147 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:42.347265 osdx ubnt-cfgd[737227]: inactive
Apr 16 20:14:42.369723 osdx dnscrypt-proxy[737155]: Stopped.
Apr 16 20:14:42.369780 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:42.370799 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:42.370918 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:42.430900 osdx WARNING[737291]: No supported link modes on interface eth0
Apr 16 20:14:42.432429 osdx modulelauncher[737291]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:42.432441 osdx modulelauncher[737291]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:42.433969 osdx modulelauncher[737291]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:42.433979 osdx modulelauncher[737291]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:42.452851 osdx ca-certificates[737316]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:42.750115 osdx ca-certificates[737893]: done.
Apr 16 20:14:42.753337 osdx ca-certificates[737901]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:43.221701 osdx ubnt-cfgd[738760]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:43.231176 osdx ca-certificates[738766]: 142 added, 0 removed; done.
Apr 16 20:14:43.234855 osdx ca-certificates[738772]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:43.238357 osdx ca-certificates[738774]: done.
Apr 16 20:14:43.256052 osdx INFO[738777]: FRR daemons did not change
Apr 16 20:14:43.256390 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:43.297967 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:43.334609 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:44.770536 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:45.405888 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:45.461321 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:45.560207 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:45.613170 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:45.710395 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:45.761168 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 16 20:14:45.913138 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Apr 16 20:14:46.007372 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:46.099097 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:46.187058 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:46.257429 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:46.348497 osdx ubnt-cfgd[738811]: inactive
Apr 16 20:14:46.371763 osdx INFO[738819]: FRR daemons did not change
Apr 16 20:14:46.387953 osdx ca-certificates[738834]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:46.927938 osdx ubnt-cfgd[739847]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:46.936366 osdx ca-certificates[739852]: 1 added, 0 removed; done.
Apr 16 20:14:46.940051 osdx ca-certificates[739859]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:46.942962 osdx ca-certificates[739861]: done.
Apr 16 20:14:46.976299 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:47.020786 osdx WARNING[739928]: No supported link modes on interface eth0
Apr 16 20:14:47.022526 osdx modulelauncher[739928]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:47.022543 osdx modulelauncher[739928]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:47.023964 osdx modulelauncher[739928]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:47.023975 osdx modulelauncher[739928]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:47.136700 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:47.138001 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:47.150067 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:47.159513 osdx dnscrypt-proxy[739977]: dnscrypt-proxy 2.0.45
Apr 16 20:14:47.159589 osdx dnscrypt-proxy[739977]: Network connectivity detected
Apr 16 20:14:47.159802 osdx dnscrypt-proxy[739977]: Dropping privileges
Apr 16 20:14:47.162002 osdx dnscrypt-proxy[739977]: Network connectivity detected
Apr 16 20:14:47.162035 osdx dnscrypt-proxy[739977]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:47.162040 osdx dnscrypt-proxy[739977]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:47.162056 osdx dnscrypt-proxy[739977]: Firefox workaround initialized
Apr 16 20:14:47.162060 osdx dnscrypt-proxy[739977]: Loading the set of cloaking rules from [/tmp/tmp7gr095pt]
Apr 16 20:14:47.181068 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:47.191830 osdx dnscrypt-proxy[739977]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Apr 16 20:14:47.191850 osdx dnscrypt-proxy[739977]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:47.191860 osdx dnscrypt-proxy[739977]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:47.191865 osdx dnscrypt-proxy[739977]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:47.344464 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Apr 16 20:14:47.558995 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:47.560307 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:47.560369 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:47.571131 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:47.883138 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:47.954837 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:48.142286 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:48.218290 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:48.319472 osdx ubnt-cfgd[740050]: inactive
Apr 16 20:14:48.347619 osdx dnscrypt-proxy[739977]: Stopped.
Apr 16 20:14:48.347691 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:48.348787 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:48.348924 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:48.424331 osdx WARNING[740114]: No supported link modes on interface eth0
Apr 16 20:14:48.425917 osdx modulelauncher[740114]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:48.425931 osdx modulelauncher[740114]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:48.427216 osdx modulelauncher[740114]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:48.427226 osdx modulelauncher[740114]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:48.448325 osdx ca-certificates[740139]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:48.799048 osdx ca-certificates[740716]: done.
Apr 16 20:14:48.803007 osdx ca-certificates[740726]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:49.372834 osdx ubnt-cfgd[741583]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:49.383788 osdx ca-certificates[741589]: 142 added, 0 removed; done.
Apr 16 20:14:49.387636 osdx ca-certificates[741592]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:49.392038 osdx ca-certificates[741595]: done.
Apr 16 20:14:49.415277 osdx INFO[741600]: FRR daemons did not change
Apr 16 20:14:49.415640 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:49.418501 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:49.443170 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:50.858557 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:51.493678 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:51.549093 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:51.652244 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:51.708041 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:51.805162 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:51.860038 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 16 20:14:51.958099 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Apr 16 20:14:52.017179 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:52.143540 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:52.196256 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:52.327502 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:52.397479 osdx ubnt-cfgd[741634]: inactive
Apr 16 20:14:52.421993 osdx INFO[741642]: FRR daemons did not change
Apr 16 20:14:52.434953 osdx ca-certificates[741658]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:53.023808 osdx ubnt-cfgd[742670]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:53.034373 osdx ca-certificates[742676]: 1 added, 0 removed; done.
Apr 16 20:14:53.037278 osdx ca-certificates[742682]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:53.039926 osdx ca-certificates[742684]: done.
Apr 16 20:14:53.072299 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:53.120076 osdx WARNING[742751]: No supported link modes on interface eth0
Apr 16 20:14:53.121693 osdx modulelauncher[742751]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:53.121711 osdx modulelauncher[742751]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:53.122978 osdx modulelauncher[742751]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:53.122990 osdx modulelauncher[742751]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:53.256786 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:53.258525 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:53.271893 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:53.285417 osdx dnscrypt-proxy[742800]: dnscrypt-proxy 2.0.45
Apr 16 20:14:53.285493 osdx dnscrypt-proxy[742800]: Network connectivity detected
Apr 16 20:14:53.285736 osdx dnscrypt-proxy[742800]: Dropping privileges
Apr 16 20:14:53.288475 osdx dnscrypt-proxy[742800]: Network connectivity detected
Apr 16 20:14:53.288514 osdx dnscrypt-proxy[742800]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:53.288519 osdx dnscrypt-proxy[742800]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:53.288542 osdx dnscrypt-proxy[742800]: Firefox workaround initialized
Apr 16 20:14:53.288548 osdx dnscrypt-proxy[742800]: Loading the set of cloaking rules from [/tmp/tmpfqx76414]
Apr 16 20:14:53.297677 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:53.324231 osdx dnscrypt-proxy[742800]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Apr 16 20:14:53.324244 osdx dnscrypt-proxy[742800]: [RD] OK (DoH) - rtt: 11ms
Apr 16 20:14:53.324251 osdx dnscrypt-proxy[742800]: Server with the lowest initial latency: RD (rtt: 11ms)
Apr 16 20:14:53.324255 osdx dnscrypt-proxy[742800]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:53.434131 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Apr 16 20:14:53.644307 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free.
Apr 16 20:14:53.648299 osdx systemd-journald[126917]: Received client request to rotate journal, rotating.
Apr 16 20:14:53.648361 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21.
Apr 16 20:14:53.655412 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'system journal clear'.
Apr 16 20:14:53.949483 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:54.004962 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'delete '.
Apr 16 20:14:54.156335 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Apr 16 20:14:54.229396 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:54.337175 osdx ubnt-cfgd[742871]: inactive
Apr 16 20:14:54.361800 osdx dnscrypt-proxy[742800]: Stopped.
Apr 16 20:14:54.361814 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Apr 16 20:14:54.362851 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Apr 16 20:14:54.362956 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:54.422031 osdx WARNING[742935]: No supported link modes on interface eth0
Apr 16 20:14:54.423506 osdx modulelauncher[742935]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:54.423519 osdx modulelauncher[742935]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:54.425178 osdx modulelauncher[742935]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:54.425189 osdx modulelauncher[742935]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:54.441975 osdx ca-certificates[742961]: Clearing symlinks in /etc/ssl/certs...
Apr 16 20:14:54.729074 osdx ca-certificates[743538]: done.
Apr 16 20:14:54.732351 osdx ca-certificates[743547]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:55.030462 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Apr 16 20:14:55.186503 osdx ubnt-cfgd[744407]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:55.194838 osdx ca-certificates[744412]: 142 added, 0 removed; done.
Apr 16 20:14:55.197806 osdx ca-certificates[744419]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:55.200722 osdx ca-certificates[744421]: done.
Apr 16 20:14:55.218570 osdx INFO[744424]: FRR daemons did not change
Apr 16 20:14:55.218876 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:55.226426 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:55.241655 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:56.416511 osdx OSDxCLI[514199]: User 'admin' entered the configuration menu.
Apr 16 20:14:57.113214 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Apr 16 20:14:57.177139 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Apr 16 20:14:57.277121 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Apr 16 20:14:57.332091 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Apr 16 20:14:57.432832 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2a6755e80e5a7dfe3ab6d39f6dcd5b2d794b6bb929280948ea0ff2d21715f66e'.
Apr 16 20:14:57.522003 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Apr 16 20:14:57.604870 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Apr 16 20:14:57.699774 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Apr 16 20:14:57.784806 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Apr 16 20:14:57.859389 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Apr 16 20:14:57.928327 osdx OSDxCLI[514199]: User 'admin' added a new cfg line: 'show working'.
Apr 16 20:14:58.015804 osdx ubnt-cfgd[744458]: inactive
Apr 16 20:14:58.040124 osdx INFO[744466]: FRR daemons did not change
Apr 16 20:14:58.054214 osdx ca-certificates[744482]: Updating certificates in /etc/ssl/certs...
Apr 16 20:14:58.623229 osdx ubnt-cfgd[745494]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Apr 16 20:14:58.631198 osdx ca-certificates[745500]: 1 added, 0 removed; done.
Apr 16 20:14:58.634308 osdx ca-certificates[745506]: Running hooks in /etc/ca-certificates/update.d...
Apr 16 20:14:58.637631 osdx ca-certificates[745508]: done.
Apr 16 20:14:58.668301 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Apr 16 20:14:58.724708 osdx WARNING[745575]: No supported link modes on interface eth0
Apr 16 20:14:58.726571 osdx modulelauncher[745575]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Apr 16 20:14:58.726589 osdx modulelauncher[745575]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Apr 16 20:14:58.728051 osdx modulelauncher[745575]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Apr 16 20:14:58.728061 osdx modulelauncher[745575]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Apr 16 20:14:58.828774 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Apr 16 20:14:58.830501 osdx cfgd[1833]: [514199]Completed change to active configuration
Apr 16 20:14:58.844895 osdx OSDxCLI[514199]: User 'admin' committed the configuration.
Apr 16 20:14:58.857055 osdx dnscrypt-proxy[745624]: dnscrypt-proxy 2.0.45
Apr 16 20:14:58.857132 osdx dnscrypt-proxy[745624]: Network connectivity detected
Apr 16 20:14:58.857373 osdx dnscrypt-proxy[745624]: Dropping privileges
Apr 16 20:14:58.860334 osdx dnscrypt-proxy[745624]: Network connectivity detected
Apr 16 20:14:58.860374 osdx dnscrypt-proxy[745624]: Now listening to 127.0.0.1:53 [UDP]
Apr 16 20:14:58.860379 osdx dnscrypt-proxy[745624]: Now listening to 127.0.0.1:53 [TCP]
Apr 16 20:14:58.860401 osdx dnscrypt-proxy[745624]: Firefox workaround initialized
Apr 16 20:14:58.860407 osdx dnscrypt-proxy[745624]: Loading the set of cloaking rules from [/tmp/tmpkyavz60g]
Apr 16 20:14:58.866217 osdx OSDxCLI[514199]: User 'admin' left the configuration menu.
Apr 16 20:14:58.896705 osdx dnscrypt-proxy[745624]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Apr 16 20:14:58.896725 osdx dnscrypt-proxy[745624]: [RD] OK (DoH) - rtt: 10ms
Apr 16 20:14:58.896735 osdx dnscrypt-proxy[745624]: Server with the lowest initial latency: RD (rtt: 10ms)
Apr 16 20:14:58.896740 osdx dnscrypt-proxy[745624]: dnscrypt-proxy is ready - live servers: 1
Apr 16 20:14:59.020649 osdx OSDxCLI[514199]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---