Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 04 23:04:15.283675 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:04:15.284182 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:04:15.284214 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:04:15.292788 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:04:15.493558 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system coredump delete all'.
May 04 23:04:15.702618 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:15.822145 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:15.876656 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:15.975546 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:16.042081 osdx ubnt-cfgd[216475]: inactive
May 04 23:04:16.091957 osdx INFO[216481]: FRR daemons did not change
May 04 23:04:16.120193 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:04:16.160954 osdx WARNING[216550]: No supported link modes on interface eth0
May 04 23:04:16.162255 osdx modulelauncher[216550]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:16.162267 osdx modulelauncher[216550]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:16.163384 osdx modulelauncher[216550]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:16.163391 osdx modulelauncher[216550]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:16.196870 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:16.208838 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:16.223599 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:16.365739 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 04 23:04:16.429122 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal show | cat'.
May 04 23:04:16.597110 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:16.652300 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:04:16.747222 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:04:16.804476 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:04:16.894931 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:04:16.948708 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:04:17.037067 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 04 23:04:17.087963 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:04:17.201944 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:17.251219 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:17.356760 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:17.418964 osdx ubnt-cfgd[216655]: inactive
May 04 23:04:17.437797 osdx INFO[216663]: FRR daemons did not change
May 04 23:04:17.450102 osdx ca-certificates[216679]: Updating certificates in /etc/ssl/certs...
May 04 23:04:17.947989 osdx ubnt-cfgd[217691]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:17.956704 osdx ca-certificates[217697]: 1 added, 0 removed; done.
May 04 23:04:17.959511 osdx ca-certificates[217703]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:17.962299 osdx ca-certificates[217705]: done.
May 04 23:04:18.024460 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:18.025644 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:18.027580 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:18.043888 osdx dnscrypt-proxy[217709]: dnscrypt-proxy 2.0.45
May 04 23:04:18.043958 osdx dnscrypt-proxy[217709]: Network connectivity detected
May 04 23:04:18.044183 osdx dnscrypt-proxy[217709]: Dropping privileges
May 04 23:04:18.046521 osdx dnscrypt-proxy[217709]: Network connectivity detected
May 04 23:04:18.046723 osdx dnscrypt-proxy[217709]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:04:18.046729 osdx dnscrypt-proxy[217709]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:04:18.046746 osdx dnscrypt-proxy[217709]: Firefox workaround initialized
May 04 23:04:18.046751 osdx dnscrypt-proxy[217709]: Loading the set of cloaking rules from [/tmp/tmp1536s5ly]
May 04 23:04:18.053941 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:18.184664 osdx dnscrypt-proxy[217709]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 04 23:04:18.184686 osdx dnscrypt-proxy[217709]: [RD] OK (DoH) - rtt: 118ms
May 04 23:04:18.184695 osdx dnscrypt-proxy[217709]: Server with the lowest initial latency: RD (rtt: 118ms)
May 04 23:04:18.184701 osdx dnscrypt-proxy[217709]: dnscrypt-proxy is ready - live servers: 1
May 04 23:04:18.201468 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 04 23:04:24.281074 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:04:24.285011 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:04:24.285062 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:04:24.290520 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:04:24.486834 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system coredump delete all'.
May 04 23:04:24.728712 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:24.809534 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:24.883558 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:24.950948 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:25.030362 osdx ubnt-cfgd[219430]: inactive
May 04 23:04:25.051490 osdx INFO[219436]: FRR daemons did not change
May 04 23:04:25.085020 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:04:25.129490 osdx WARNING[219505]: No supported link modes on interface eth0
May 04 23:04:25.130943 osdx modulelauncher[219505]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:25.130957 osdx modulelauncher[219505]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:25.132106 osdx modulelauncher[219505]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:25.132114 osdx modulelauncher[219505]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:25.166823 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:25.178746 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:25.204483 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:25.337649 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 04 23:04:25.409072 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal show | cat'.
May 04 23:04:25.589985 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:25.665233 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:04:25.765663 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:04:25.823512 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:04:25.914723 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:04:25.970815 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:04:26.066241 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 04 23:04:26.117918 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:04:26.267722 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:26.318775 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:26.427642 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:26.491020 osdx ubnt-cfgd[219610]: inactive
May 04 23:04:26.510986 osdx INFO[219618]: FRR daemons did not change
May 04 23:04:26.524014 osdx ca-certificates[219633]: Updating certificates in /etc/ssl/certs...
May 04 23:04:27.032656 osdx ubnt-cfgd[220646]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:27.040158 osdx ca-certificates[220652]: 1 added, 0 removed; done.
May 04 23:04:27.042934 osdx ca-certificates[220658]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:27.045676 osdx ca-certificates[220660]: done.
May 04 23:04:27.105352 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:27.106626 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:27.109146 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:27.126382 osdx dnscrypt-proxy[220664]: dnscrypt-proxy 2.0.45
May 04 23:04:27.126444 osdx dnscrypt-proxy[220664]: Network connectivity detected
May 04 23:04:27.126624 osdx dnscrypt-proxy[220664]: Dropping privileges
May 04 23:04:27.126787 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:27.128865 osdx dnscrypt-proxy[220664]: Network connectivity detected
May 04 23:04:27.128900 osdx dnscrypt-proxy[220664]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:04:27.128906 osdx dnscrypt-proxy[220664]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:04:27.128926 osdx dnscrypt-proxy[220664]: Firefox workaround initialized
May 04 23:04:27.128932 osdx dnscrypt-proxy[220664]: Loading the set of cloaking rules from [/tmp/tmp9uk0vop7]
May 04 23:04:27.231400 osdx dnscrypt-proxy[220664]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 04 23:04:27.231423 osdx dnscrypt-proxy[220664]: [RD] OK (DoH) - rtt: 83ms
May 04 23:04:27.231432 osdx dnscrypt-proxy[220664]: Server with the lowest initial latency: RD (rtt: 83ms)
May 04 23:04:27.231435 osdx dnscrypt-proxy[220664]: dnscrypt-proxy is ready - live servers: 1
May 04 23:04:27.294340 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 04 23:04:27.501055 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:04:27.505017 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:04:27.505070 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:04:27.511876 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:04:27.752475 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:27.804596 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:04:27.930203 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:04:27.987311 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:28.079351 osdx ubnt-cfgd[220716]: inactive
May 04 23:04:28.099365 osdx dnscrypt-proxy[220664]: Stopped.
May 04 23:04:28.099437 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:04:28.100394 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:04:28.100510 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:28.156703 osdx WARNING[220780]: No supported link modes on interface eth0
May 04 23:04:28.158040 osdx modulelauncher[220780]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:28.158052 osdx modulelauncher[220780]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:28.159192 osdx modulelauncher[220780]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:28.159199 osdx modulelauncher[220780]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:28.174212 osdx ca-certificates[220805]: Clearing symlinks in /etc/ssl/certs...
May 04 23:04:28.433060 osdx ca-certificates[221382]: done.
May 04 23:04:28.435839 osdx ca-certificates[221392]: Updating certificates in /etc/ssl/certs...
May 04 23:04:28.877737 osdx ubnt-cfgd[222249]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:28.888089 osdx ca-certificates[222255]: 142 added, 0 removed; done.
May 04 23:04:28.891603 osdx ca-certificates[222261]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:28.894228 osdx ca-certificates[222263]: done.
May 04 23:04:28.908350 osdx INFO[222266]: FRR daemons did not change
May 04 23:04:28.908601 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:28.910732 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:28.935096 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:30.090587 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:30.153922 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:04:30.247279 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:04:30.310932 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:04:30.397773 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:04:30.451902 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:04:30.547353 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 04 23:04:30.598285 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:04:30.734962 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:30.809460 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:30.920548 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:30.984557 osdx ubnt-cfgd[222301]: inactive
May 04 23:04:31.006158 osdx INFO[222309]: FRR daemons did not change
May 04 23:04:31.018954 osdx ca-certificates[222325]: Updating certificates in /etc/ssl/certs...
May 04 23:04:31.550032 osdx ubnt-cfgd[223337]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:31.557596 osdx ca-certificates[223342]: 1 added, 0 removed; done.
May 04 23:04:31.560357 osdx ca-certificates[223349]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:31.562938 osdx ca-certificates[223351]: done.
May 04 23:04:31.589019 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:04:31.630971 osdx WARNING[223418]: No supported link modes on interface eth0
May 04 23:04:31.632236 osdx modulelauncher[223418]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:31.632247 osdx modulelauncher[223418]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:31.633378 osdx modulelauncher[223418]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:31.633388 osdx modulelauncher[223418]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:31.729297 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:31.730477 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:31.741652 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:31.756476 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:31.757846 osdx dnscrypt-proxy[223467]: dnscrypt-proxy 2.0.45
May 04 23:04:31.757913 osdx dnscrypt-proxy[223467]: Network connectivity detected
May 04 23:04:31.758119 osdx dnscrypt-proxy[223467]: Dropping privileges
May 04 23:04:31.759957 osdx dnscrypt-proxy[223467]: Network connectivity detected
May 04 23:04:31.759987 osdx dnscrypt-proxy[223467]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:04:31.759990 osdx dnscrypt-proxy[223467]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:04:31.760006 osdx dnscrypt-proxy[223467]: Firefox workaround initialized
May 04 23:04:31.760010 osdx dnscrypt-proxy[223467]: Loading the set of cloaking rules from [/tmp/tmp4ci1ci2l]
May 04 23:04:31.933974 osdx dnscrypt-proxy[223467]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 04 23:04:31.933995 osdx dnscrypt-proxy[223467]: [RD] OK (DoH) - rtt: 156ms
May 04 23:04:31.934005 osdx dnscrypt-proxy[223467]: Server with the lowest initial latency: RD (rtt: 156ms)
May 04 23:04:31.934010 osdx dnscrypt-proxy[223467]: dnscrypt-proxy is ready - live servers: 1
May 04 23:04:36.916700 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:04:47.018568 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 04 23:04:47.223234 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:04:47.225006 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:04:47.225056 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:04:47.233211 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:04:47.467248 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:47.519972 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:04:47.628250 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:04:47.683977 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:47.773591 osdx ubnt-cfgd[223543]: inactive
May 04 23:04:47.793888 osdx dnscrypt-proxy[223467]: Stopped.
May 04 23:04:47.793987 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:04:47.794964 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:04:47.795071 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:47.849977 osdx WARNING[223607]: No supported link modes on interface eth0
May 04 23:04:47.851644 osdx modulelauncher[223607]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:47.851655 osdx modulelauncher[223607]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:47.852766 osdx modulelauncher[223607]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:47.852773 osdx modulelauncher[223607]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:47.868277 osdx ca-certificates[223632]: Clearing symlinks in /etc/ssl/certs...
May 04 23:04:48.136887 osdx ca-certificates[224209]: done.
May 04 23:04:48.139632 osdx ca-certificates[224218]: Updating certificates in /etc/ssl/certs...
May 04 23:04:48.567755 osdx ubnt-cfgd[225076]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:48.575661 osdx ca-certificates[225082]: 142 added, 0 removed; done.
May 04 23:04:48.578407 osdx ca-certificates[225088]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:48.580959 osdx ca-certificates[225090]: done.
May 04 23:04:48.594624 osdx INFO[225093]: FRR daemons did not change
May 04 23:04:48.594861 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:48.596664 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:48.612648 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:49.756762 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:04:49.810204 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:04:49.906953 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:04:49.966514 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:04:50.054401 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:04:50.109137 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:04:50.199709 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 04 23:04:50.249702 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:04:50.366141 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:04:50.418672 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:04:50.518855 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:04:50.580864 osdx ubnt-cfgd[225126]: inactive
May 04 23:04:50.601474 osdx INFO[225134]: FRR daemons did not change
May 04 23:04:50.614786 osdx ca-certificates[225150]: Updating certificates in /etc/ssl/certs...
May 04 23:04:51.124191 osdx ubnt-cfgd[226162]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:04:51.134494 osdx ca-certificates[226168]: 1 added, 0 removed; done.
May 04 23:04:51.137279 osdx ca-certificates[226174]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:04:51.139893 osdx ca-certificates[226176]: done.
May 04 23:04:51.169016 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:04:51.210064 osdx WARNING[226243]: No supported link modes on interface eth0
May 04 23:04:51.211316 osdx modulelauncher[226243]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:04:51.211326 osdx modulelauncher[226243]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:04:51.212427 osdx modulelauncher[226243]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:04:51.212434 osdx modulelauncher[226243]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:04:51.309406 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:04:51.310795 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:04:51.322222 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:04:51.337434 osdx dnscrypt-proxy[226292]: dnscrypt-proxy 2.0.45
May 04 23:04:51.337487 osdx dnscrypt-proxy[226292]: Network connectivity detected
May 04 23:04:51.337656 osdx dnscrypt-proxy[226292]: Dropping privileges
May 04 23:04:51.339509 osdx dnscrypt-proxy[226292]: Network connectivity detected
May 04 23:04:51.339540 osdx dnscrypt-proxy[226292]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:04:51.339545 osdx dnscrypt-proxy[226292]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:04:51.339565 osdx dnscrypt-proxy[226292]: Firefox workaround initialized
May 04 23:04:51.339569 osdx dnscrypt-proxy[226292]: Loading the set of cloaking rules from [/tmp/tmp3ozb_hsh]
May 04 23:04:51.345670 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:04:51.697736 osdx dnscrypt-proxy[226292]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 04 23:04:51.697767 osdx dnscrypt-proxy[226292]: [RD] OK (DoH) - rtt: 339ms
May 04 23:04:51.697782 osdx dnscrypt-proxy[226292]: Server with the lowest initial latency: RD (rtt: 339ms)
May 04 23:04:51.697790 osdx dnscrypt-proxy[226292]: dnscrypt-proxy is ready - live servers: 1
May 04 23:04:54.030364 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
May 04 23:04:56.490430 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:05:06.577582 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 04 23:05:13.310744 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:13.311336 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:13.311367 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:13.320251 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:13.569835 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system coredump delete all'.
May 04 23:05:13.775873 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:13.893722 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:13.944424 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:14.046557 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:14.102623 osdx ubnt-cfgd[228042]: inactive
May 04 23:05:14.121571 osdx INFO[228048]: FRR daemons did not change
May 04 23:05:14.155342 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:05:14.197444 osdx WARNING[228117]: No supported link modes on interface eth0
May 04 23:05:14.199138 osdx modulelauncher[228117]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:14.199149 osdx modulelauncher[228117]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:14.200264 osdx modulelauncher[228117]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:14.200271 osdx modulelauncher[228117]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:14.233736 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:14.246614 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:14.262978 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:14.406277 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 04 23:05:14.470265 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal show | cat'.
May 04 23:05:14.638304 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:14.691908 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:05:14.786649 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:05:14.844723 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:05:14.932535 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:05:14.985965 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:05:15.073655 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:05:15.124570 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:05:15.239503 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:15.289705 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:15.397937 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:15.457375 osdx ubnt-cfgd[228222]: inactive
May 04 23:05:15.478157 osdx INFO[228230]: FRR daemons did not change
May 04 23:05:15.490976 osdx ca-certificates[228245]: Updating certificates in /etc/ssl/certs...
May 04 23:05:15.969153 osdx ubnt-cfgd[229258]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:15.976494 osdx ca-certificates[229264]: 1 added, 0 removed; done.
May 04 23:05:15.979214 osdx ca-certificates[229270]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:15.981807 osdx ca-certificates[229272]: done.
May 04 23:05:16.035681 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:16.036882 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:16.039324 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:16.054656 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:16.065161 osdx dnscrypt-proxy[229276]: dnscrypt-proxy 2.0.45
May 04 23:05:16.065218 osdx dnscrypt-proxy[229276]: Network connectivity detected
May 04 23:05:16.065397 osdx dnscrypt-proxy[229276]: Dropping privileges
May 04 23:05:16.067797 osdx dnscrypt-proxy[229276]: Network connectivity detected
May 04 23:05:16.067826 osdx dnscrypt-proxy[229276]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:05:16.067830 osdx dnscrypt-proxy[229276]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:05:16.067845 osdx dnscrypt-proxy[229276]: Firefox workaround initialized
May 04 23:05:16.067849 osdx dnscrypt-proxy[229276]: Loading the set of cloaking rules from [/tmp/tmp97zcconn]
May 04 23:05:16.068587 osdx dnscrypt-proxy[229276]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 04 23:05:22.281203 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:22.285205 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:22.285269 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:22.290397 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:22.487892 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system coredump delete all'.
May 04 23:05:22.701185 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:22.779855 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:22.850672 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:22.909158 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:23.000497 osdx ubnt-cfgd[230994]: inactive
May 04 23:05:23.018288 osdx INFO[231000]: FRR daemons did not change
May 04 23:05:23.045236 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:05:23.089756 osdx WARNING[231069]: No supported link modes on interface eth0
May 04 23:05:23.091133 osdx modulelauncher[231069]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:23.091146 osdx modulelauncher[231069]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:23.092594 osdx modulelauncher[231069]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:23.092602 osdx modulelauncher[231069]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:23.128701 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:23.139242 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:23.153420 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:23.293986 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 04 23:05:23.356897 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal show | cat'.
May 04 23:05:23.533919 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:23.588430 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:05:23.681840 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:05:23.740218 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:05:23.830097 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:05:23.886006 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:05:23.974043 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:05:24.022524 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:05:24.139431 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:24.206169 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:24.323403 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:24.385776 osdx ubnt-cfgd[231174]: inactive
May 04 23:05:24.406307 osdx INFO[231182]: FRR daemons did not change
May 04 23:05:24.418492 osdx ca-certificates[231198]: Updating certificates in /etc/ssl/certs...
May 04 23:05:24.908111 osdx ubnt-cfgd[232210]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:24.915729 osdx ca-certificates[232215]: 1 added, 0 removed; done.
May 04 23:05:24.918459 osdx ca-certificates[232222]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:24.921031 osdx ca-certificates[232224]: done.
May 04 23:05:24.981578 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:24.982779 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:24.985059 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:25.007945 osdx dnscrypt-proxy[232228]: dnscrypt-proxy 2.0.45
May 04 23:05:25.008019 osdx dnscrypt-proxy[232228]: Network connectivity detected
May 04 23:05:25.008237 osdx dnscrypt-proxy[232228]: Dropping privileges
May 04 23:05:25.011343 osdx dnscrypt-proxy[232228]: Network connectivity detected
May 04 23:05:25.011374 osdx dnscrypt-proxy[232228]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:05:25.011378 osdx dnscrypt-proxy[232228]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:05:25.011395 osdx dnscrypt-proxy[232228]: Firefox workaround initialized
May 04 23:05:25.011400 osdx dnscrypt-proxy[232228]: Loading the set of cloaking rules from [/tmp/tmpxd8f56s1]
May 04 23:05:25.011719 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:25.012127 osdx dnscrypt-proxy[232228]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 04 23:05:25.227860 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:25.229212 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:25.229268 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:25.237537 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:25.292832 osdx dnscrypt-proxy[232228]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 04 23:05:25.292855 osdx dnscrypt-proxy[232228]: [RD] OK (DoH) - rtt: 266ms
May 04 23:05:25.292865 osdx dnscrypt-proxy[232228]: Server with the lowest initial latency: RD (rtt: 266ms)
May 04 23:05:25.292871 osdx dnscrypt-proxy[232228]: dnscrypt-proxy is ready - live servers: 1
May 04 23:05:25.477309 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:25.570779 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:05:25.642629 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:05:25.727710 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:25.784857 osdx ubnt-cfgd[232278]: inactive
May 04 23:05:25.804680 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:05:25.804691 osdx dnscrypt-proxy[232228]: Stopped.
May 04 23:05:25.805805 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:05:25.805911 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:25.863335 osdx WARNING[232342]: No supported link modes on interface eth0
May 04 23:05:25.864747 osdx modulelauncher[232342]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:25.864761 osdx modulelauncher[232342]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:25.865933 osdx modulelauncher[232342]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:25.865943 osdx modulelauncher[232342]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:25.883904 osdx ca-certificates[232367]: Clearing symlinks in /etc/ssl/certs...
May 04 23:05:26.182244 osdx ca-certificates[232944]: done.
May 04 23:05:26.185621 osdx ca-certificates[232953]: Updating certificates in /etc/ssl/certs...
May 04 23:05:26.627443 osdx ubnt-cfgd[233811]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:26.635709 osdx ca-certificates[233817]: 142 added, 0 removed; done.
May 04 23:05:26.638466 osdx ca-certificates[233823]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:26.641097 osdx ca-certificates[233825]: done.
May 04 23:05:26.655236 osdx INFO[233828]: FRR daemons did not change
May 04 23:05:26.655504 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:26.691286 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:26.708125 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:27.837165 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:27.892190 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:05:27.982816 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:05:28.040618 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:05:28.127166 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:05:28.180318 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:05:28.268363 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 04 23:05:28.318388 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:05:28.445011 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:28.497638 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:28.602611 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:28.660163 osdx ubnt-cfgd[233861]: inactive
May 04 23:05:28.680611 osdx INFO[233869]: FRR daemons did not change
May 04 23:05:28.692556 osdx ca-certificates[233885]: Updating certificates in /etc/ssl/certs...
May 04 23:05:29.187636 osdx ubnt-cfgd[234897]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:29.194930 osdx ca-certificates[234903]: 1 added, 0 removed; done.
May 04 23:05:29.197605 osdx ca-certificates[234909]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:29.200114 osdx ca-certificates[234911]: done.
May 04 23:05:29.253209 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:05:29.294711 osdx WARNING[234978]: No supported link modes on interface eth0
May 04 23:05:29.296346 osdx modulelauncher[234978]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:29.296358 osdx modulelauncher[234978]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:29.297510 osdx modulelauncher[234978]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:29.297518 osdx modulelauncher[234978]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:29.389510 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:29.390913 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:29.413919 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:29.426254 osdx dnscrypt-proxy[235027]: dnscrypt-proxy 2.0.45
May 04 23:05:29.426327 osdx dnscrypt-proxy[235027]: Network connectivity detected
May 04 23:05:29.426547 osdx dnscrypt-proxy[235027]: Dropping privileges
May 04 23:05:29.428603 osdx dnscrypt-proxy[235027]: Network connectivity detected
May 04 23:05:29.428638 osdx dnscrypt-proxy[235027]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:05:29.428644 osdx dnscrypt-proxy[235027]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:05:29.428663 osdx dnscrypt-proxy[235027]: Firefox workaround initialized
May 04 23:05:29.428669 osdx dnscrypt-proxy[235027]: Loading the set of cloaking rules from [/tmp/tmpne4u93rm]
May 04 23:05:29.429563 osdx dnscrypt-proxy[235027]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 04 23:05:29.447382 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

May 04 23:05:29.705369 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:29.709228 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:29.709318 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:29.715972 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:29.942982 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:29.997226 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:05:30.106769 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:05:30.167871 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:30.255779 osdx ubnt-cfgd[235096]: inactive
May 04 23:05:30.317480 osdx dnscrypt-proxy[235027]: Stopped.
May 04 23:05:30.317506 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:05:30.318285 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:05:30.318388 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:30.372981 osdx WARNING[235160]: No supported link modes on interface eth0
May 04 23:05:30.374650 osdx modulelauncher[235160]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:30.374661 osdx modulelauncher[235160]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:30.376070 osdx modulelauncher[235160]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:30.376077 osdx modulelauncher[235160]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:30.393710 osdx ca-certificates[235185]: Clearing symlinks in /etc/ssl/certs...
May 04 23:05:30.668134 osdx ca-certificates[235762]: done.
May 04 23:05:30.671063 osdx ca-certificates[235771]: Updating certificates in /etc/ssl/certs...
May 04 23:05:31.110571 osdx ubnt-cfgd[236629]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:31.119514 osdx ca-certificates[236635]: 142 added, 0 removed; done.
May 04 23:05:31.123127 osdx ca-certificates[236641]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:31.125777 osdx ca-certificates[236643]: done.
May 04 23:05:31.140291 osdx INFO[236646]: FRR daemons did not change
May 04 23:05:31.140602 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:31.142927 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:31.166183 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:32.365531 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:32.418631 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:05:32.510846 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:05:32.570004 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:05:32.658616 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:05:32.714190 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:05:32.800739 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:05:32.854523 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 04 23:05:32.953982 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:05:33.038921 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:33.103571 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:33.204871 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:33.268253 osdx ubnt-cfgd[236680]: inactive
May 04 23:05:33.290463 osdx INFO[236688]: FRR daemons did not change
May 04 23:05:33.302046 osdx ca-certificates[236704]: Updating certificates in /etc/ssl/certs...
May 04 23:05:33.817666 osdx ubnt-cfgd[237716]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:33.826887 osdx ca-certificates[237721]: 1 added, 0 removed; done.
May 04 23:05:33.830434 osdx ca-certificates[237728]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:33.833361 osdx ca-certificates[237730]: done.
May 04 23:05:33.861211 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:05:33.903375 osdx WARNING[237797]: No supported link modes on interface eth0
May 04 23:05:33.904768 osdx modulelauncher[237797]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:33.904782 osdx modulelauncher[237797]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:33.905911 osdx modulelauncher[237797]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:33.905920 osdx modulelauncher[237797]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:34.009463 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:34.010810 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:34.021748 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:34.028816 osdx dnscrypt-proxy[237846]: dnscrypt-proxy 2.0.45
May 04 23:05:34.028875 osdx dnscrypt-proxy[237846]: Network connectivity detected
May 04 23:05:34.029048 osdx dnscrypt-proxy[237846]: Dropping privileges
May 04 23:05:34.031060 osdx dnscrypt-proxy[237846]: Network connectivity detected
May 04 23:05:34.031093 osdx dnscrypt-proxy[237846]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:05:34.031098 osdx dnscrypt-proxy[237846]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:05:34.031118 osdx dnscrypt-proxy[237846]: Firefox workaround initialized
May 04 23:05:34.031125 osdx dnscrypt-proxy[237846]: Loading the set of cloaking rules from [/tmp/tmpgivt5652]
May 04 23:05:34.032056 osdx dnscrypt-proxy[237846]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
May 04 23:05:34.056169 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 04 23:05:40.284085 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:40.286633 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:40.286676 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:40.292995 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:40.487349 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system coredump delete all'.
May 04 23:05:40.689117 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:40.768350 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:40.838766 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:40.897624 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:40.988791 osdx ubnt-cfgd[239581]: inactive
May 04 23:05:41.009564 osdx INFO[239587]: FRR daemons did not change
May 04 23:05:41.038637 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:05:41.078453 osdx WARNING[239656]: No supported link modes on interface eth0
May 04 23:05:41.079697 osdx modulelauncher[239656]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:41.079708 osdx modulelauncher[239656]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:41.080754 osdx modulelauncher[239656]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:41.080760 osdx modulelauncher[239656]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:41.116583 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:41.127146 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:41.142134 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:41.280081 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 04 23:05:41.341945 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal show | cat'.
May 04 23:05:41.512353 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:42.075839 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:05:42.131336 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:05:42.229471 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:05:42.283537 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:05:42.377083 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:05:42.428272 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:05:42.520814 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 04 23:05:42.569756 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:05:42.681934 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:05:42.733083 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:05:42.838199 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:42.897606 osdx ubnt-cfgd[239762]: inactive
May 04 23:05:42.918005 osdx INFO[239770]: FRR daemons did not change
May 04 23:05:42.930791 osdx ca-certificates[239786]: Updating certificates in /etc/ssl/certs...
May 04 23:05:43.427953 osdx ubnt-cfgd[240798]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:05:43.435445 osdx ca-certificates[240803]: 1 added, 0 removed; done.
May 04 23:05:43.438102 osdx ca-certificates[240810]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:05:43.440755 osdx ca-certificates[240812]: done.
May 04 23:05:43.507006 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:43.508373 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:05:43.510771 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:05:43.526241 osdx dnscrypt-proxy[240816]: dnscrypt-proxy 2.0.45
May 04 23:05:43.526297 osdx dnscrypt-proxy[240816]: Network connectivity detected
May 04 23:05:43.526495 osdx dnscrypt-proxy[240816]: Dropping privileges
May 04 23:05:43.528377 osdx dnscrypt-proxy[240816]: Network connectivity detected
May 04 23:05:43.528407 osdx dnscrypt-proxy[240816]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:05:43.528412 osdx dnscrypt-proxy[240816]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:05:43.528426 osdx dnscrypt-proxy[240816]: Firefox workaround initialized
May 04 23:05:43.528431 osdx dnscrypt-proxy[240816]: Loading the set of cloaking rules from [/tmp/tmpwohm59s4]
May 04 23:05:43.543252 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:05:43.911562 osdx dnscrypt-proxy[240816]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 04 23:05:43.911584 osdx dnscrypt-proxy[240816]: [RD] OK (DoH) - rtt: 367ms
May 04 23:05:43.911593 osdx dnscrypt-proxy[240816]: Server with the lowest initial latency: RD (rtt: 367ms)
May 04 23:05:43.911598 osdx dnscrypt-proxy[240816]: dnscrypt-proxy is ready - live servers: 1
May 04 23:05:48.687989 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:05:58.761751 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 04 23:05:58.964444 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:05:58.966630 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:05:58.966679 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:05:58.973973 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:05:59.216829 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:05:59.268850 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:05:59.371955 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:05:59.428914 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:05:59.521399 osdx ubnt-cfgd[240874]: inactive
May 04 23:05:59.542287 osdx dnscrypt-proxy[240816]: Stopped.
May 04 23:05:59.542356 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:05:59.543347 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:05:59.543445 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:05:59.599064 osdx WARNING[240938]: No supported link modes on interface eth0
May 04 23:05:59.600451 osdx modulelauncher[240938]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:05:59.600462 osdx modulelauncher[240938]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:05:59.601583 osdx modulelauncher[240938]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:05:59.601591 osdx modulelauncher[240938]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:05:59.617286 osdx ca-certificates[240963]: Clearing symlinks in /etc/ssl/certs...
May 04 23:05:59.907510 osdx ca-certificates[241540]: done.
May 04 23:05:59.910288 osdx ca-certificates[241549]: Updating certificates in /etc/ssl/certs...
May 04 23:06:00.348534 osdx ubnt-cfgd[242407]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:00.356943 osdx ca-certificates[242413]: 142 added, 0 removed; done.
May 04 23:06:00.359715 osdx ca-certificates[242419]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:00.362317 osdx ca-certificates[242421]: done.
May 04 23:06:00.376041 osdx INFO[242424]: FRR daemons did not change
May 04 23:06:00.376301 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:00.424613 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:00.442084 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:01.568190 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:02.111753 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:06:02.163549 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:06:02.261960 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:06:02.314404 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:06:02.409883 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:06:02.460951 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:06:02.553975 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 04 23:06:02.603981 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:06:02.721279 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:06:02.772134 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:06:02.866098 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:02.926956 osdx ubnt-cfgd[242461]: inactive
May 04 23:06:02.947523 osdx INFO[242469]: FRR daemons did not change
May 04 23:06:02.960426 osdx ca-certificates[242485]: Updating certificates in /etc/ssl/certs...
May 04 23:06:03.442115 osdx ubnt-cfgd[243497]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:03.449572 osdx ca-certificates[243503]: 1 added, 0 removed; done.
May 04 23:06:03.452367 osdx ca-certificates[243509]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:03.455817 osdx ca-certificates[243511]: done.
May 04 23:06:03.498640 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:06:03.537150 osdx WARNING[243578]: No supported link modes on interface eth0
May 04 23:06:03.538440 osdx modulelauncher[243578]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:03.538451 osdx modulelauncher[243578]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:03.539556 osdx modulelauncher[243578]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:03.539564 osdx modulelauncher[243578]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:03.646963 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:03.648068 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:03.659664 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:03.665834 osdx dnscrypt-proxy[243627]: dnscrypt-proxy 2.0.45
May 04 23:06:03.665890 osdx dnscrypt-proxy[243627]: Network connectivity detected
May 04 23:06:03.666070 osdx dnscrypt-proxy[243627]: Dropping privileges
May 04 23:06:03.667845 osdx dnscrypt-proxy[243627]: Network connectivity detected
May 04 23:06:03.667872 osdx dnscrypt-proxy[243627]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:06:03.667876 osdx dnscrypt-proxy[243627]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:06:03.667892 osdx dnscrypt-proxy[243627]: Firefox workaround initialized
May 04 23:06:03.667896 osdx dnscrypt-proxy[243627]: Loading the set of cloaking rules from [/tmp/tmpbn5l_usy]
May 04 23:06:03.674348 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:03.695574 osdx dnscrypt-proxy[243627]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 04 23:06:03.695589 osdx dnscrypt-proxy[243627]: [RD] OK (DoH) - rtt: 12ms
May 04 23:06:03.695600 osdx dnscrypt-proxy[243627]: Server with the lowest initial latency: RD (rtt: 12ms)
May 04 23:06:03.695604 osdx dnscrypt-proxy[243627]: dnscrypt-proxy is ready - live servers: 1
May 04 23:06:03.819142 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 04 23:06:04.026958 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:06:04.030633 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:06:04.030684 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:06:04.035744 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:06:04.261914 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:04.313564 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:06:04.419256 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:06:04.474956 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:04.563461 osdx ubnt-cfgd[243701]: inactive
May 04 23:06:04.592423 osdx dnscrypt-proxy[243627]: Stopped.
May 04 23:06:04.592489 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:06:04.593261 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:06:04.593364 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:04.648960 osdx WARNING[243765]: No supported link modes on interface eth0
May 04 23:06:04.650276 osdx modulelauncher[243765]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:04.650289 osdx modulelauncher[243765]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:04.651491 osdx modulelauncher[243765]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:04.651501 osdx modulelauncher[243765]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:04.666095 osdx ca-certificates[243790]: Clearing symlinks in /etc/ssl/certs...
May 04 23:06:04.927710 osdx ca-certificates[244367]: done.
May 04 23:06:04.930413 osdx ca-certificates[244376]: Updating certificates in /etc/ssl/certs...
May 04 23:06:05.348001 osdx ubnt-cfgd[245234]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:05.355888 osdx ca-certificates[245240]: 142 added, 0 removed; done.
May 04 23:06:05.358609 osdx ca-certificates[245246]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:05.361186 osdx ca-certificates[245248]: done.
May 04 23:06:05.375224 osdx INFO[245251]: FRR daemons did not change
May 04 23:06:05.375469 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:05.377559 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:05.393427 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:06.565251 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:07.094766 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:06:07.147251 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:06:07.245680 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:06:07.297688 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:06:07.385064 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:06:07.435133 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
May 04 23:06:07.532891 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 04 23:06:07.584543 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:06:07.705132 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:06:07.755590 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:06:07.861806 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:07.921720 osdx ubnt-cfgd[245285]: inactive
May 04 23:06:07.940945 osdx INFO[245293]: FRR daemons did not change
May 04 23:06:07.952050 osdx ca-certificates[245309]: Updating certificates in /etc/ssl/certs...
May 04 23:06:08.427639 osdx ubnt-cfgd[246321]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:08.435055 osdx ca-certificates[246327]: 1 added, 0 removed; done.
May 04 23:06:08.438637 osdx ca-certificates[246333]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:08.442084 osdx ca-certificates[246335]: done.
May 04 23:06:08.474647 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:06:08.515624 osdx WARNING[246402]: No supported link modes on interface eth0
May 04 23:06:08.516971 osdx modulelauncher[246402]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:08.516981 osdx modulelauncher[246402]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:08.518110 osdx modulelauncher[246402]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:08.518119 osdx modulelauncher[246402]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:08.622942 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:08.624096 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:08.637757 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:08.647003 osdx dnscrypt-proxy[246451]: dnscrypt-proxy 2.0.45
May 04 23:06:08.647072 osdx dnscrypt-proxy[246451]: Network connectivity detected
May 04 23:06:08.647272 osdx dnscrypt-proxy[246451]: Dropping privileges
May 04 23:06:08.649208 osdx dnscrypt-proxy[246451]: Network connectivity detected
May 04 23:06:08.649240 osdx dnscrypt-proxy[246451]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:06:08.649245 osdx dnscrypt-proxy[246451]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:06:08.649263 osdx dnscrypt-proxy[246451]: Firefox workaround initialized
May 04 23:06:08.649268 osdx dnscrypt-proxy[246451]: Loading the set of cloaking rules from [/tmp/tmpc2iqi6cq]
May 04 23:06:08.652258 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:08.983148 osdx dnscrypt-proxy[246451]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 04 23:06:08.983164 osdx dnscrypt-proxy[246451]: [RD] OK (DoH) - rtt: 316ms
May 04 23:06:08.983173 osdx dnscrypt-proxy[246451]: Server with the lowest initial latency: RD (rtt: 316ms)
May 04 23:06:08.983178 osdx dnscrypt-proxy[246451]: dnscrypt-proxy is ready - live servers: 1
May 04 23:06:10.031612 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
May 04 23:06:13.808845 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:06:23.903479 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

May 04 23:06:24.307386 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:06:24.310633 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:06:24.310692 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:06:24.317190 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:06:24.562514 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:24.614090 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:06:24.724745 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:06:24.783573 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:24.871280 osdx ubnt-cfgd[246530]: inactive
May 04 23:06:24.893657 osdx dnscrypt-proxy[246451]: Stopped.
May 04 23:06:24.893700 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:06:24.894689 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:06:24.894817 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:24.950505 osdx WARNING[246594]: No supported link modes on interface eth0
May 04 23:06:24.951787 osdx modulelauncher[246594]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:24.951797 osdx modulelauncher[246594]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:24.952892 osdx modulelauncher[246594]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:24.952900 osdx modulelauncher[246594]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:24.967775 osdx ca-certificates[246620]: Clearing symlinks in /etc/ssl/certs...
May 04 23:06:25.239114 osdx ca-certificates[247198]: done.
May 04 23:06:25.241877 osdx ca-certificates[247207]: Updating certificates in /etc/ssl/certs...
May 04 23:06:25.668084 osdx ubnt-cfgd[248064]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:25.676079 osdx ca-certificates[248070]: 142 added, 0 removed; done.
May 04 23:06:25.678779 osdx ca-certificates[248076]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:25.681426 osdx ca-certificates[248078]: done.
May 04 23:06:25.695266 osdx INFO[248081]: FRR daemons did not change
May 04 23:06:25.695520 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:25.697546 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:25.712092 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:26.845724 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:27.365088 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:06:27.417643 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:06:27.518070 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:06:27.571203 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:06:27.663153 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:06:27.711866 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 04 23:06:27.819140 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
May 04 23:06:27.873309 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:06:27.987694 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:06:28.038655 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:06:28.145189 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:28.204094 osdx ubnt-cfgd[248115]: inactive
May 04 23:06:28.226115 osdx INFO[248123]: FRR daemons did not change
May 04 23:06:28.239893 osdx ca-certificates[248139]: Updating certificates in /etc/ssl/certs...
May 04 23:06:28.782133 osdx ubnt-cfgd[249151]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:28.789911 osdx ca-certificates[249156]: 1 added, 0 removed; done.
May 04 23:06:28.792814 osdx ca-certificates[249163]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:28.795532 osdx ca-certificates[249165]: done.
May 04 23:06:28.830648 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:06:28.873140 osdx WARNING[249232]: No supported link modes on interface eth0
May 04 23:06:28.874453 osdx modulelauncher[249232]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:28.874467 osdx modulelauncher[249232]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:28.875569 osdx modulelauncher[249232]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:28.875579 osdx modulelauncher[249232]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:28.986913 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:28.988882 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:29.000055 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:29.012734 osdx dnscrypt-proxy[249281]: dnscrypt-proxy 2.0.45
May 04 23:06:29.012789 osdx dnscrypt-proxy[249281]: Network connectivity detected
May 04 23:06:29.012961 osdx dnscrypt-proxy[249281]: Dropping privileges
May 04 23:06:29.015311 osdx dnscrypt-proxy[249281]: Network connectivity detected
May 04 23:06:29.015347 osdx dnscrypt-proxy[249281]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:06:29.015352 osdx dnscrypt-proxy[249281]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:06:29.015372 osdx dnscrypt-proxy[249281]: Firefox workaround initialized
May 04 23:06:29.015377 osdx dnscrypt-proxy[249281]: Loading the set of cloaking rules from [/tmp/tmpnjoko2ek]
May 04 23:06:29.024481 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:29.380043 osdx dnscrypt-proxy[249281]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
May 04 23:06:29.380064 osdx dnscrypt-proxy[249281]: [RD] OK (DoH) - rtt: 349ms
May 04 23:06:29.380073 osdx dnscrypt-proxy[249281]: Server with the lowest initial latency: RD (rtt: 349ms)
May 04 23:06:29.380079 osdx dnscrypt-proxy[249281]: dnscrypt-proxy is ready - live servers: 1
May 04 23:06:34.174009 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:06:44.254513 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

May 04 23:06:44.466890 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:06:44.470649 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:06:44.470706 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:06:44.476338 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:06:44.765760 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:44.814870 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:06:44.924878 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:06:44.980202 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:45.070442 osdx ubnt-cfgd[249358]: inactive
May 04 23:06:45.090157 osdx dnscrypt-proxy[249281]: Stopped.
May 04 23:06:45.090220 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:06:45.091351 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:06:45.091458 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:45.144600 osdx WARNING[249422]: No supported link modes on interface eth0
May 04 23:06:45.145897 osdx modulelauncher[249422]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:45.145907 osdx modulelauncher[249422]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:45.147085 osdx modulelauncher[249422]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:45.147094 osdx modulelauncher[249422]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:45.161965 osdx ca-certificates[249447]: Clearing symlinks in /etc/ssl/certs...
May 04 23:06:45.431838 osdx ca-certificates[250024]: done.
May 04 23:06:45.437331 osdx ca-certificates[250033]: Updating certificates in /etc/ssl/certs...
May 04 23:06:45.860890 osdx ubnt-cfgd[250891]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:45.870698 osdx ca-certificates[250897]: 142 added, 0 removed; done.
May 04 23:06:45.873384 osdx ca-certificates[250903]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:45.875998 osdx ca-certificates[250905]: done.
May 04 23:06:45.889534 osdx INFO[250908]: FRR daemons did not change
May 04 23:06:45.889768 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:45.891608 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:45.906817 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:47.074354 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:47.593365 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:06:47.645199 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:06:47.744348 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:06:47.795697 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:06:47.888038 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:06:47.938699 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 04 23:06:48.031193 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
May 04 23:06:48.078437 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:06:48.194151 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:06:48.244460 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:06:48.346847 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:48.410554 osdx ubnt-cfgd[250942]: inactive
May 04 23:06:48.432273 osdx INFO[250950]: FRR daemons did not change
May 04 23:06:48.447093 osdx ca-certificates[250966]: Updating certificates in /etc/ssl/certs...
May 04 23:06:48.940161 osdx ubnt-cfgd[251978]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:48.948892 osdx ca-certificates[251984]: 1 added, 0 removed; done.
May 04 23:06:48.952483 osdx ca-certificates[251990]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:48.956291 osdx ca-certificates[251992]: done.
May 04 23:06:48.986636 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:06:49.026674 osdx WARNING[252059]: No supported link modes on interface eth0
May 04 23:06:49.028047 osdx modulelauncher[252059]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:49.028059 osdx modulelauncher[252059]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:49.029202 osdx modulelauncher[252059]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:49.029211 osdx modulelauncher[252059]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:49.122982 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:49.124388 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:49.136335 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:49.143315 osdx dnscrypt-proxy[252108]: dnscrypt-proxy 2.0.45
May 04 23:06:49.143649 osdx dnscrypt-proxy[252108]: Network connectivity detected
May 04 23:06:49.143837 osdx dnscrypt-proxy[252108]: Dropping privileges
May 04 23:06:49.145854 osdx dnscrypt-proxy[252108]: Network connectivity detected
May 04 23:06:49.145887 osdx dnscrypt-proxy[252108]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:06:49.145892 osdx dnscrypt-proxy[252108]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:06:49.145911 osdx dnscrypt-proxy[252108]: Firefox workaround initialized
May 04 23:06:49.145917 osdx dnscrypt-proxy[252108]: Loading the set of cloaking rules from [/tmp/tmpjxeizjpe]
May 04 23:06:49.170794 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:49.298893 osdx dnscrypt-proxy[252108]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
May 04 23:06:49.298907 osdx dnscrypt-proxy[252108]: [RD] OK (DoH) - rtt: 138ms
May 04 23:06:49.298914 osdx dnscrypt-proxy[252108]: Server with the lowest initial latency: RD (rtt: 138ms)
May 04 23:06:49.298918 osdx dnscrypt-proxy[252108]: dnscrypt-proxy is ready - live servers: 1
May 04 23:06:49.317056 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

May 04 23:06:49.529374 osdx systemd-journald[1908]: Runtime Journal (/run/log/journal/9e2a66651dea45ed982d8152051049c2) is 1.8M, max 13.8M, 11.9M free.
May 04 23:06:49.530642 osdx systemd-journald[1908]: Received client request to rotate journal, rotating.
May 04 23:06:49.530689 osdx systemd-journald[1908]: Vacuuming done, freed 0B of archived journals from /run/log/journal/9e2a66651dea45ed982d8152051049c2.
May 04 23:06:49.541155 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'system journal clear'.
May 04 23:06:49.778367 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:49.837655 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'delete '.
May 04 23:06:49.943442 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
May 04 23:06:50.012387 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:50.090763 osdx ubnt-cfgd[252181]: inactive
May 04 23:06:50.110664 osdx dnscrypt-proxy[252108]: Stopped.
May 04 23:06:50.110706 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
May 04 23:06:50.111291 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
May 04 23:06:50.111392 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:50.176964 osdx WARNING[252245]: No supported link modes on interface eth0
May 04 23:06:50.178280 osdx modulelauncher[252245]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:50.178293 osdx modulelauncher[252245]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:50.179384 osdx modulelauncher[252245]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:50.179392 osdx modulelauncher[252245]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:50.195448 osdx ca-certificates[252270]: Clearing symlinks in /etc/ssl/certs...
May 04 23:06:50.454666 osdx ca-certificates[252847]: done.
May 04 23:06:50.457476 osdx ca-certificates[252856]: Updating certificates in /etc/ssl/certs...
May 04 23:06:50.866463 osdx ubnt-cfgd[253714]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:50.876210 osdx ca-certificates[253719]: 142 added, 0 removed; done.
May 04 23:06:50.879012 osdx ca-certificates[253726]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:50.881720 osdx ca-certificates[253728]: done.
May 04 23:06:50.896098 osdx INFO[253731]: FRR daemons did not change
May 04 23:06:50.896415 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:50.898664 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:50.913860 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:52.036189 osdx OSDxCLI[130064]: User 'admin' entered the configuration menu.
May 04 23:06:52.553774 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
May 04 23:06:52.608534 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
May 04 23:06:52.710069 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
May 04 23:06:52.763113 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
May 04 23:06:52.858817 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 2f188ce6386e1a21b422ea2145dc5bb65c4e8922988c617cdd6046218cd8885b'.
May 04 23:06:52.908619 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
May 04 23:06:53.004421 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
May 04 23:06:53.055980 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
May 04 23:06:53.187167 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
May 04 23:06:53.242233 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
May 04 23:06:53.347738 osdx OSDxCLI[130064]: User 'admin' added a new cfg line: 'show working'.
May 04 23:06:53.404582 osdx ubnt-cfgd[253765]: inactive
May 04 23:06:53.425414 osdx INFO[253773]: FRR daemons did not change
May 04 23:06:53.438035 osdx ca-certificates[253789]: Updating certificates in /etc/ssl/certs...
May 04 23:06:53.935489 osdx ubnt-cfgd[254801]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
May 04 23:06:53.943065 osdx ca-certificates[254807]: 1 added, 0 removed; done.
May 04 23:06:53.945715 osdx ca-certificates[254813]: Running hooks in /etc/ca-certificates/update.d...
May 04 23:06:53.948279 osdx ca-certificates[254815]: done.
May 04 23:06:53.974634 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
May 04 23:06:54.018399 osdx WARNING[254882]: No supported link modes on interface eth0
May 04 23:06:54.020019 osdx modulelauncher[254882]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
May 04 23:06:54.020030 osdx modulelauncher[254882]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
May 04 23:06:54.021448 osdx modulelauncher[254882]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
May 04 23:06:54.021455 osdx modulelauncher[254882]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
May 04 23:06:54.123025 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
May 04 23:06:54.124527 osdx cfgd[1648]: [130064]Completed change to active configuration
May 04 23:06:54.154346 osdx OSDxCLI[130064]: User 'admin' committed the configuration.
May 04 23:06:54.173888 osdx dnscrypt-proxy[254931]: dnscrypt-proxy 2.0.45
May 04 23:06:54.173945 osdx dnscrypt-proxy[254931]: Network connectivity detected
May 04 23:06:54.174124 osdx dnscrypt-proxy[254931]: Dropping privileges
May 04 23:06:54.176051 osdx dnscrypt-proxy[254931]: Network connectivity detected
May 04 23:06:54.176089 osdx dnscrypt-proxy[254931]: Now listening to 127.0.0.1:53 [UDP]
May 04 23:06:54.176094 osdx dnscrypt-proxy[254931]: Now listening to 127.0.0.1:53 [TCP]
May 04 23:06:54.176113 osdx dnscrypt-proxy[254931]: Firefox workaround initialized
May 04 23:06:54.176118 osdx dnscrypt-proxy[254931]: Loading the set of cloaking rules from [/tmp/tmpg6n_cvt4]
May 04 23:06:54.181123 osdx OSDxCLI[130064]: User 'admin' left the configuration menu.
May 04 23:06:54.345036 osdx dnscrypt-proxy[254931]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
May 04 23:06:54.345059 osdx dnscrypt-proxy[254931]: [RD] OK (DoH) - rtt: 150ms
May 04 23:06:54.345066 osdx dnscrypt-proxy[254931]: Server with the lowest initial latency: RD (rtt: 150ms)
May 04 23:06:54.345071 osdx dnscrypt-proxy[254931]: dnscrypt-proxy is ready - live servers: 1
May 04 23:06:59.327831 osdx OSDxCLI[130064]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
May 04 23:07:09.421359 osdx OSDxCLI[130064]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---