Cipher

Test suite to validate using one or multiple ciphers to protect DoH connection

Single Valid Cipher

Description

Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 04 19:41:50.336355 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:41:50.339275 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:41:50.339340 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:41:50.349251 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:41:50.649240 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 19:41:51.010113 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:41:51.175294 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:41:51.230621 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:41:51.364802 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:41:51.439041 osdx ubnt-cfgd[1028026]: inactive
Jun 04 19:41:51.458090 osdx INFO[1028032]: FRR daemons did not change
Jun 04 19:41:51.487249 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:41:51.535459 osdx WARNING[1028101]: No supported link modes on interface eth0
Jun 04 19:41:51.536815 osdx modulelauncher[1028101]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:41:51.536827 osdx modulelauncher[1028101]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:41:51.537960 osdx modulelauncher[1028101]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:41:51.537968 osdx modulelauncher[1028101]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:41:51.575410 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:41:51.588347 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:41:51.616392 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:41:51.796339 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 19:41:51.881172 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 19:41:52.055232 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:41:52.148280 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:41:52.242995 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:41:52.324457 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:41:52.461733 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:41:52.563740 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:41:52.659611 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 04 19:41:52.748969 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:41:52.848759 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:41:52.928549 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:41:53.080823 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:41:53.195657 osdx ubnt-cfgd[1028206]: inactive
Jun 04 19:41:53.217871 osdx INFO[1028214]: FRR daemons did not change
Jun 04 19:41:53.231590 osdx ca-certificates[1028230]: Updating certificates in /etc/ssl/certs...
Jun 04 19:41:53.849144 osdx ubnt-cfgd[1029242]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:41:53.859966 osdx ca-certificates[1029248]: 1 added, 0 removed; done.
Jun 04 19:41:53.863322 osdx ca-certificates[1029254]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:41:53.867191 osdx ca-certificates[1029256]: done.
Jun 04 19:41:53.927602 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:41:53.928851 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:41:53.930949 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:41:53.945881 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:41:53.949124 osdx dnscrypt-proxy[1029260]: dnscrypt-proxy 2.0.45
Jun 04 19:41:53.949183 osdx dnscrypt-proxy[1029260]: Network connectivity detected
Jun 04 19:41:53.949358 osdx dnscrypt-proxy[1029260]: Dropping privileges
Jun 04 19:41:53.951272 osdx dnscrypt-proxy[1029260]: Network connectivity detected
Jun 04 19:41:53.951304 osdx dnscrypt-proxy[1029260]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:41:53.951309 osdx dnscrypt-proxy[1029260]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:41:53.951328 osdx dnscrypt-proxy[1029260]: Firefox workaround initialized
Jun 04 19:41:53.951334 osdx dnscrypt-proxy[1029260]: Loading the set of cloaking rules from [/tmp/tmp2njs_n36]
Jun 04 19:41:54.075773 osdx dnscrypt-proxy[1029260]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 04 19:41:54.075788 osdx dnscrypt-proxy[1029260]: [RD] OK (DoH) - rtt: 108ms
Jun 04 19:41:54.075796 osdx dnscrypt-proxy[1029260]: Server with the lowest initial latency: RD (rtt: 108ms)
Jun 04 19:41:54.075800 osdx dnscrypt-proxy[1029260]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:41:54.151682 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Multiple Valid Cipher

Description

Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 04 19:42:02.347100 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:02.350639 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:02.350728 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:02.358775 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:02.643885 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 19:42:02.881582 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:03.000203 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:03.065588 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:03.181817 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:03.254263 osdx ubnt-cfgd[1030984]: inactive
Jun 04 19:42:03.275438 osdx INFO[1030990]: FRR daemons did not change
Jun 04 19:42:03.310634 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:03.358046 osdx WARNING[1031059]: No supported link modes on interface eth0
Jun 04 19:42:03.359401 osdx modulelauncher[1031059]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:03.359414 osdx modulelauncher[1031059]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:03.360542 osdx modulelauncher[1031059]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:03.360551 osdx modulelauncher[1031059]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:03.397258 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:03.411299 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:03.427904 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:03.589137 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 19:42:03.701126 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 19:42:03.876424 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:03.944636 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:04.035827 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:04.105571 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:04.198816 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:04.262527 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:04.362260 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 04 19:42:04.427176 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:04.567626 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:04.640363 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:04.709228 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:04.841129 osdx ubnt-cfgd[1031164]: inactive
Jun 04 19:42:04.862136 osdx INFO[1031172]: FRR daemons did not change
Jun 04 19:42:04.876510 osdx ca-certificates[1031188]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:05.439173 osdx ubnt-cfgd[1032200]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:05.447799 osdx ca-certificates[1032206]: 1 added, 0 removed; done.
Jun 04 19:42:05.451049 osdx ca-certificates[1032212]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:05.454165 osdx ca-certificates[1032214]: done.
Jun 04 19:42:05.542978 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:05.544518 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:05.547368 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:05.563519 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:05.568919 osdx dnscrypt-proxy[1032218]: dnscrypt-proxy 2.0.45
Jun 04 19:42:05.568992 osdx dnscrypt-proxy[1032218]: Network connectivity detected
Jun 04 19:42:05.569237 osdx dnscrypt-proxy[1032218]: Dropping privileges
Jun 04 19:42:05.571842 osdx dnscrypt-proxy[1032218]: Network connectivity detected
Jun 04 19:42:05.571874 osdx dnscrypt-proxy[1032218]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:05.571879 osdx dnscrypt-proxy[1032218]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:05.571896 osdx dnscrypt-proxy[1032218]: Firefox workaround initialized
Jun 04 19:42:05.571901 osdx dnscrypt-proxy[1032218]: Loading the set of cloaking rules from [/tmp/tmpur88_c44]
Jun 04 19:42:05.701716 osdx dnscrypt-proxy[1032218]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 04 19:42:05.701738 osdx dnscrypt-proxy[1032218]: [RD] OK (DoH) - rtt: 113ms
Jun 04 19:42:05.701747 osdx dnscrypt-proxy[1032218]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 04 19:42:05.701752 osdx dnscrypt-proxy[1032218]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:42:05.715904 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 04 19:42:05.911759 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:05.914639 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:05.914691 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:05.921872 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:06.220345 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:06.274396 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:42:06.391313 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:42:06.476476 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:06.547784 osdx ubnt-cfgd[1032271]: inactive
Jun 04 19:42:06.570104 osdx dnscrypt-proxy[1032218]: Stopped.
Jun 04 19:42:06.570159 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:42:06.571074 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:42:06.571207 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:06.633036 osdx WARNING[1032335]: No supported link modes on interface eth0
Jun 04 19:42:06.634412 osdx modulelauncher[1032335]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:06.634423 osdx modulelauncher[1032335]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:06.635569 osdx modulelauncher[1032335]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:06.635577 osdx modulelauncher[1032335]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:06.650994 osdx ca-certificates[1032360]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:42:06.937716 osdx ca-certificates[1032937]: done.
Jun 04 19:42:06.940567 osdx ca-certificates[1032946]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:07.395083 osdx ubnt-cfgd[1033804]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:07.404249 osdx ca-certificates[1033810]: 142 added, 0 removed; done.
Jun 04 19:42:07.407017 osdx ca-certificates[1033816]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:07.409666 osdx ca-certificates[1033818]: done.
Jun 04 19:42:07.424184 osdx INFO[1033821]: FRR daemons did not change
Jun 04 19:42:07.424445 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:07.426419 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:07.451969 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:08.887563 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:09.009302 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:09.108898 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:09.173206 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:09.268799 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:09.331663 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:09.439419 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 04 19:42:09.498214 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:09.618310 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:09.671358 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:09.779096 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:09.836712 osdx ubnt-cfgd[1033854]: inactive
Jun 04 19:42:09.857536 osdx INFO[1033862]: FRR daemons did not change
Jun 04 19:42:09.869172 osdx ca-certificates[1033878]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:10.374269 osdx ubnt-cfgd[1034890]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:10.382103 osdx ca-certificates[1034896]: 1 added, 0 removed; done.
Jun 04 19:42:10.384874 osdx ca-certificates[1034902]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:10.387485 osdx ca-certificates[1034904]: done.
Jun 04 19:42:10.438622 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:10.477464 osdx WARNING[1034971]: No supported link modes on interface eth0
Jun 04 19:42:10.478833 osdx modulelauncher[1034971]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:10.478843 osdx modulelauncher[1034971]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:10.480035 osdx modulelauncher[1034971]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:10.480045 osdx modulelauncher[1034971]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:10.590912 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:10.593277 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:10.605568 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:10.620662 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:10.621257 osdx dnscrypt-proxy[1035020]: dnscrypt-proxy 2.0.45
Jun 04 19:42:10.621327 osdx dnscrypt-proxy[1035020]: Network connectivity detected
Jun 04 19:42:10.621553 osdx dnscrypt-proxy[1035020]: Dropping privileges
Jun 04 19:42:10.623817 osdx dnscrypt-proxy[1035020]: Network connectivity detected
Jun 04 19:42:10.623852 osdx dnscrypt-proxy[1035020]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:10.623856 osdx dnscrypt-proxy[1035020]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:10.623874 osdx dnscrypt-proxy[1035020]: Firefox workaround initialized
Jun 04 19:42:10.623880 osdx dnscrypt-proxy[1035020]: Loading the set of cloaking rules from [/tmp/tmpxt5z3eu5]
Jun 04 19:42:10.755985 osdx dnscrypt-proxy[1035020]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 04 19:42:10.756002 osdx dnscrypt-proxy[1035020]: [RD] OK (DoH) - rtt: 114ms
Jun 04 19:42:10.756011 osdx dnscrypt-proxy[1035020]: Server with the lowest initial latency: RD (rtt: 114ms)
Jun 04 19:42:10.756017 osdx dnscrypt-proxy[1035020]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:42:10.776149 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 04 19:42:10.988841 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:10.990627 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:10.990697 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:10.999103 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:11.246201 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:11.299011 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:42:11.457646 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:42:11.518423 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:11.611625 osdx ubnt-cfgd[1035092]: inactive
Jun 04 19:42:11.633029 osdx dnscrypt-proxy[1035020]: Stopped.
Jun 04 19:42:11.633133 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:42:11.633932 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:42:11.634061 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:11.695242 osdx WARNING[1035156]: No supported link modes on interface eth0
Jun 04 19:42:11.696568 osdx modulelauncher[1035156]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:11.696578 osdx modulelauncher[1035156]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:11.697714 osdx modulelauncher[1035156]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:11.697721 osdx modulelauncher[1035156]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:11.714331 osdx ca-certificates[1035181]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:42:12.000358 osdx ca-certificates[1035758]: done.
Jun 04 19:42:12.004096 osdx ca-certificates[1035768]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:12.504169 osdx ubnt-cfgd[1036625]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:12.512697 osdx ca-certificates[1036631]: 142 added, 0 removed; done.
Jun 04 19:42:12.515582 osdx ca-certificates[1036637]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:12.518405 osdx ca-certificates[1036639]: done.
Jun 04 19:42:12.536802 osdx INFO[1036642]: FRR daemons did not change
Jun 04 19:42:12.537063 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:12.556753 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:12.574770 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:13.791798 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:13.845623 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:13.944807 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:14.007185 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:14.124572 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:14.219407 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:14.276079 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 04 19:42:14.373894 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:14.483322 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:14.550486 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:14.658825 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:14.736552 osdx ubnt-cfgd[1036675]: inactive
Jun 04 19:42:14.764771 osdx INFO[1036683]: FRR daemons did not change
Jun 04 19:42:14.780071 osdx ca-certificates[1036699]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:15.311806 osdx ubnt-cfgd[1037711]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:15.319468 osdx ca-certificates[1037717]: 1 added, 0 removed; done.
Jun 04 19:42:15.322155 osdx ca-certificates[1037723]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:15.324866 osdx ca-certificates[1037725]: done.
Jun 04 19:42:15.358644 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:15.408026 osdx WARNING[1037792]: No supported link modes on interface eth0
Jun 04 19:42:15.409415 osdx modulelauncher[1037792]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:15.409429 osdx modulelauncher[1037792]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:15.410577 osdx modulelauncher[1037792]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:15.410586 osdx modulelauncher[1037792]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:15.538956 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:15.540061 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:15.551895 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:15.558356 osdx dnscrypt-proxy[1037841]: dnscrypt-proxy 2.0.45
Jun 04 19:42:15.558420 osdx dnscrypt-proxy[1037841]: Network connectivity detected
Jun 04 19:42:15.558637 osdx dnscrypt-proxy[1037841]: Dropping privileges
Jun 04 19:42:15.560981 osdx dnscrypt-proxy[1037841]: Network connectivity detected
Jun 04 19:42:15.561010 osdx dnscrypt-proxy[1037841]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:15.561014 osdx dnscrypt-proxy[1037841]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:15.561029 osdx dnscrypt-proxy[1037841]: Firefox workaround initialized
Jun 04 19:42:15.561033 osdx dnscrypt-proxy[1037841]: Loading the set of cloaking rules from [/tmp/tmpu94o5ic0]
Jun 04 19:42:15.577592 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:15.693914 osdx dnscrypt-proxy[1037841]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 04 19:42:15.693955 osdx dnscrypt-proxy[1037841]: [RD] OK (DoH) - rtt: 112ms
Jun 04 19:42:15.693964 osdx dnscrypt-proxy[1037841]: Server with the lowest initial latency: RD (rtt: 112ms)
Jun 04 19:42:15.693969 osdx dnscrypt-proxy[1037841]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:42:15.727816 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---

Single Invalid Cipher

Description

Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 04 19:42:22.000302 osdx systemd-timedated[973784]: Changed local time to Thu 2026-06-04 19:42:22 UTC
Jun 04 19:42:22.002451 osdx systemd-journald[172397]: Time jumped backwards, rotating.
Jun 04 19:42:22.002855 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'set date 2026-06-04 19:42:22'.
Jun 04 19:42:22.306141 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:22.306775 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:22.306819 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:22.316818 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:22.555238 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 19:42:22.826853 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:22.917259 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:22.998571 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:23.107134 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:23.189849 osdx ubnt-cfgd[1039583]: inactive
Jun 04 19:42:23.210572 osdx INFO[1039589]: FRR daemons did not change
Jun 04 19:42:23.242426 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:23.288619 osdx WARNING[1039658]: No supported link modes on interface eth0
Jun 04 19:42:23.290056 osdx modulelauncher[1039658]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:23.290070 osdx modulelauncher[1039658]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:23.291265 osdx modulelauncher[1039658]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:23.291274 osdx modulelauncher[1039658]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:23.325971 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:23.336879 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:23.358128 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:23.533945 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 19:42:23.601059 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 19:42:23.785143 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:23.859363 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:23.964180 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:24.023676 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:24.122904 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:24.221340 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:24.272425 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:42:24.366979 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:24.450808 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:24.521321 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:24.587811 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:24.696320 osdx ubnt-cfgd[1039763]: inactive
Jun 04 19:42:24.723462 osdx INFO[1039771]: FRR daemons did not change
Jun 04 19:42:24.736402 osdx ca-certificates[1039787]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:25.293096 osdx ubnt-cfgd[1040799]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:25.302225 osdx ca-certificates[1040805]: 1 added, 0 removed; done.
Jun 04 19:42:25.305948 osdx ca-certificates[1040811]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:25.309475 osdx ca-certificates[1040813]: done.
Jun 04 19:42:25.366721 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:25.367817 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:25.369829 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:25.394877 osdx dnscrypt-proxy[1040817]: dnscrypt-proxy 2.0.45
Jun 04 19:42:25.394954 osdx dnscrypt-proxy[1040817]: Network connectivity detected
Jun 04 19:42:25.395193 osdx dnscrypt-proxy[1040817]: Dropping privileges
Jun 04 19:42:25.396934 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:25.399028 osdx dnscrypt-proxy[1040817]: Network connectivity detected
Jun 04 19:42:25.399063 osdx dnscrypt-proxy[1040817]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:25.399068 osdx dnscrypt-proxy[1040817]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:25.399119 osdx dnscrypt-proxy[1040817]: Firefox workaround initialized
Jun 04 19:42:25.399125 osdx dnscrypt-proxy[1040817]: Loading the set of cloaking rules from [/tmp/tmpt2o31s0v]
Jun 04 19:42:25.399978 osdx dnscrypt-proxy[1040817]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 04 19:42:25.532092 osdx dnscrypt-proxy[1040817]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 04 19:42:25.532110 osdx dnscrypt-proxy[1040817]: [RD] OK (DoH) - rtt: 113ms
Jun 04 19:42:25.532120 osdx dnscrypt-proxy[1040817]: Server with the lowest initial latency: RD (rtt: 113ms)
Jun 04 19:42:25.532125 osdx dnscrypt-proxy[1040817]: dnscrypt-proxy is ready - live servers: 1

---

Multiple Invalid Cipher

Description

Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 04 19:42:33.382268 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.9M, max 13.8M, 11.9M free.
Jun 04 19:42:33.383102 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:33.383164 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:33.394866 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:33.637467 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 19:42:33.895001 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:34.026288 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:34.083630 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:34.219466 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:34.281156 osdx ubnt-cfgd[1042534]: inactive
Jun 04 19:42:34.302018 osdx INFO[1042540]: FRR daemons did not change
Jun 04 19:42:34.339112 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:34.389904 osdx WARNING[1042609]: No supported link modes on interface eth0
Jun 04 19:42:34.391720 osdx modulelauncher[1042609]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:34.391733 osdx modulelauncher[1042609]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:34.393269 osdx modulelauncher[1042609]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:34.393282 osdx modulelauncher[1042609]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:34.433246 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:34.445264 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:34.461627 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:34.633251 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 19:42:34.747576 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 19:42:34.943269 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:35.005061 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:35.103803 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:35.170322 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:35.264518 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:35.363773 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:35.416190 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:42:35.529711 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:35.618488 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:35.686016 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:35.829729 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:35.904380 osdx ubnt-cfgd[1042714]: inactive
Jun 04 19:42:35.923942 osdx INFO[1042722]: FRR daemons did not change
Jun 04 19:42:35.936645 osdx ca-certificates[1042738]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:36.514190 osdx ubnt-cfgd[1043750]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:36.522572 osdx ca-certificates[1043755]: 1 added, 0 removed; done.
Jun 04 19:42:36.525532 osdx ca-certificates[1043762]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:36.528436 osdx ca-certificates[1043764]: done.
Jun 04 19:42:36.603486 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:36.604884 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:36.607168 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:36.626052 osdx dnscrypt-proxy[1043768]: dnscrypt-proxy 2.0.45
Jun 04 19:42:36.626127 osdx dnscrypt-proxy[1043768]: Network connectivity detected
Jun 04 19:42:36.626357 osdx dnscrypt-proxy[1043768]: Dropping privileges
Jun 04 19:42:36.628397 osdx dnscrypt-proxy[1043768]: Network connectivity detected
Jun 04 19:42:36.628430 osdx dnscrypt-proxy[1043768]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:36.628434 osdx dnscrypt-proxy[1043768]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:36.628450 osdx dnscrypt-proxy[1043768]: Firefox workaround initialized
Jun 04 19:42:36.628455 osdx dnscrypt-proxy[1043768]: Loading the set of cloaking rules from [/tmp/tmpzpg8af7_]
Jun 04 19:42:36.629207 osdx dnscrypt-proxy[1043768]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 04 19:42:36.645121 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 04 19:42:36.927697 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:36.931106 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:36.931162 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:36.936979 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:37.215838 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:37.289926 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:42:37.410904 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:42:37.470480 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:37.560928 osdx ubnt-cfgd[1043817]: inactive
Jun 04 19:42:37.620679 osdx dnscrypt-proxy[1043768]: Stopped.
Jun 04 19:42:37.620833 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:42:37.622355 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:42:37.622588 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:37.702363 osdx WARNING[1043881]: No supported link modes on interface eth0
Jun 04 19:42:37.704219 osdx modulelauncher[1043881]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:37.704237 osdx modulelauncher[1043881]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:37.705790 osdx modulelauncher[1043881]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:37.705800 osdx modulelauncher[1043881]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:37.721911 osdx ca-certificates[1043906]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:42:38.008546 osdx ca-certificates[1044483]: done.
Jun 04 19:42:38.011528 osdx ca-certificates[1044493]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:38.503266 osdx ubnt-cfgd[1045350]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:38.513612 osdx ca-certificates[1045356]: 142 added, 0 removed; done.
Jun 04 19:42:38.517271 osdx ca-certificates[1045362]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:38.520208 osdx ca-certificates[1045364]: done.
Jun 04 19:42:38.536480 osdx INFO[1045367]: FRR daemons did not change
Jun 04 19:42:38.536820 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:38.538873 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:38.556580 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:39.862364 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:39.921629 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:40.020660 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:40.084019 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:40.176240 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:40.249516 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:40.331299 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 04 19:42:40.410476 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:40.565614 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:40.649676 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:40.783297 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:40.894597 osdx ubnt-cfgd[1045401]: inactive
Jun 04 19:42:40.921437 osdx INFO[1045409]: FRR daemons did not change
Jun 04 19:42:40.935847 osdx ca-certificates[1045425]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:41.537208 osdx ubnt-cfgd[1046437]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:41.548226 osdx ca-certificates[1046443]: 1 added, 0 removed; done.
Jun 04 19:42:41.552132 osdx ca-certificates[1046449]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:41.555777 osdx ca-certificates[1046451]: done.
Jun 04 19:42:41.587190 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:41.637136 osdx WARNING[1046518]: No supported link modes on interface eth0
Jun 04 19:42:41.638544 osdx modulelauncher[1046518]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:41.638558 osdx modulelauncher[1046518]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:41.639679 osdx modulelauncher[1046518]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:41.639688 osdx modulelauncher[1046518]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:41.739401 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:41.740874 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:41.755178 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:41.761154 osdx dnscrypt-proxy[1046567]: dnscrypt-proxy 2.0.45
Jun 04 19:42:41.761225 osdx dnscrypt-proxy[1046567]: Network connectivity detected
Jun 04 19:42:41.761485 osdx dnscrypt-proxy[1046567]: Dropping privileges
Jun 04 19:42:41.763876 osdx dnscrypt-proxy[1046567]: Network connectivity detected
Jun 04 19:42:41.763928 osdx dnscrypt-proxy[1046567]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:41.763933 osdx dnscrypt-proxy[1046567]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:41.763953 osdx dnscrypt-proxy[1046567]: Firefox workaround initialized
Jun 04 19:42:41.763959 osdx dnscrypt-proxy[1046567]: Loading the set of cloaking rules from [/tmp/tmp65cpyfi0]
Jun 04 19:42:41.764944 osdx dnscrypt-proxy[1046567]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 04 19:42:41.784577 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file

Show output

Jun 04 19:42:42.044293 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:42.047100 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:42.047159 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:42.055132 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:42.324768 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:42.380435 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:42:42.497714 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:42:42.559963 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:42.648351 osdx ubnt-cfgd[1046636]: inactive
Jun 04 19:42:42.672847 osdx dnscrypt-proxy[1046567]: Stopped.
Jun 04 19:42:42.672913 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:42:42.673961 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:42:42.674096 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:42.733716 osdx WARNING[1046700]: No supported link modes on interface eth0
Jun 04 19:42:42.735046 osdx modulelauncher[1046700]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:42.735057 osdx modulelauncher[1046700]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:42.736207 osdx modulelauncher[1046700]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:42.736214 osdx modulelauncher[1046700]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:42.752843 osdx ca-certificates[1046726]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:42:43.062035 osdx ca-certificates[1047304]: done.
Jun 04 19:42:43.065078 osdx ca-certificates[1047312]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:43.522167 osdx ubnt-cfgd[1048170]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:43.530755 osdx ca-certificates[1048176]: 142 added, 0 removed; done.
Jun 04 19:42:43.533674 osdx ca-certificates[1048182]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:43.536487 osdx ca-certificates[1048184]: done.
Jun 04 19:42:43.551449 osdx INFO[1048187]: FRR daemons did not change
Jun 04 19:42:43.551846 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:43.579885 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:43.596987 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:44.781817 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:44.838508 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:44.934192 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:44.994972 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:45.084890 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:45.142718 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:45.232897 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:42:45.286765 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 04 19:42:45.380863 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:45.475800 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:45.562409 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:45.690115 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:45.751514 osdx ubnt-cfgd[1048221]: inactive
Jun 04 19:42:45.773662 osdx INFO[1048229]: FRR daemons did not change
Jun 04 19:42:45.786922 osdx ca-certificates[1048245]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:46.413088 osdx ubnt-cfgd[1049257]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:46.421544 osdx ca-certificates[1049262]: 1 added, 0 removed; done.
Jun 04 19:42:46.424734 osdx ca-certificates[1049269]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:46.427901 osdx ca-certificates[1049271]: done.
Jun 04 19:42:46.459103 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:46.506417 osdx WARNING[1049338]: No supported link modes on interface eth0
Jun 04 19:42:46.507906 osdx modulelauncher[1049338]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:46.507925 osdx modulelauncher[1049338]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:46.509097 osdx modulelauncher[1049338]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:46.509106 osdx modulelauncher[1049338]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:46.635582 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:46.637354 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:46.652744 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:46.658839 osdx dnscrypt-proxy[1049387]: dnscrypt-proxy 2.0.45
Jun 04 19:42:46.658906 osdx dnscrypt-proxy[1049387]: Network connectivity detected
Jun 04 19:42:46.659143 osdx dnscrypt-proxy[1049387]: Dropping privileges
Jun 04 19:42:46.661618 osdx dnscrypt-proxy[1049387]: Network connectivity detected
Jun 04 19:42:46.661653 osdx dnscrypt-proxy[1049387]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:46.661657 osdx dnscrypt-proxy[1049387]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:46.661677 osdx dnscrypt-proxy[1049387]: Firefox workaround initialized
Jun 04 19:42:46.661682 osdx dnscrypt-proxy[1049387]: Loading the set of cloaking rules from [/tmp/tmp4idswouf]
Jun 04 19:42:46.662650 osdx dnscrypt-proxy[1049387]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Jun 04 19:42:46.687697 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:46.796445 osdx dnscrypt-proxy[1049387]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 04 19:42:46.796463 osdx dnscrypt-proxy[1049387]: [RD] OK (DoH) - rtt: 116ms
Jun 04 19:42:46.796470 osdx dnscrypt-proxy[1049387]: Server with the lowest initial latency: RD (rtt: 116ms)
Jun 04 19:42:46.796475 osdx dnscrypt-proxy[1049387]: dnscrypt-proxy is ready - live servers: 1

---

Invalid Cipher With Fallback

Description

Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 04 19:42:54.291884 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:42:54.293018 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:42:54.293068 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:42:54.302642 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:42:54.519679 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 19:42:54.815198 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:54.931022 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:55.017429 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:55.154853 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:55.212111 osdx ubnt-cfgd[1051123]: inactive
Jun 04 19:42:55.234285 osdx INFO[1051129]: FRR daemons did not change
Jun 04 19:42:55.265065 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:42:55.309567 osdx WARNING[1051198]: No supported link modes on interface eth0
Jun 04 19:42:55.311356 osdx modulelauncher[1051198]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:42:55.311368 osdx modulelauncher[1051198]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:42:55.312937 osdx modulelauncher[1051198]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:42:55.312945 osdx modulelauncher[1051198]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:42:55.352901 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:55.366541 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:55.395335 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:55.534239 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 19:42:55.620213 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 19:42:55.782613 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:42:56.497583 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:42:56.565518 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:42:56.682061 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:42:56.736559 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:42:56.834113 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:42:56.884129 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:42:56.981393 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 04 19:42:57.038489 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:42:57.162520 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:42:57.244062 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:42:57.362451 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:42:57.431599 osdx ubnt-cfgd[1051304]: inactive
Jun 04 19:42:57.457227 osdx INFO[1051312]: FRR daemons did not change
Jun 04 19:42:57.471853 osdx ca-certificates[1051328]: Updating certificates in /etc/ssl/certs...
Jun 04 19:42:58.071932 osdx ubnt-cfgd[1052340]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:42:58.080875 osdx ca-certificates[1052346]: 1 added, 0 removed; done.
Jun 04 19:42:58.084685 osdx ca-certificates[1052352]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:42:58.088274 osdx ca-certificates[1052354]: done.
Jun 04 19:42:58.157460 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:42:58.158823 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:42:58.161306 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:42:58.178748 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:42:58.178919 osdx dnscrypt-proxy[1052358]: dnscrypt-proxy 2.0.45
Jun 04 19:42:58.178988 osdx dnscrypt-proxy[1052358]: Network connectivity detected
Jun 04 19:42:58.179212 osdx dnscrypt-proxy[1052358]: Dropping privileges
Jun 04 19:42:58.181732 osdx dnscrypt-proxy[1052358]: Network connectivity detected
Jun 04 19:42:58.181770 osdx dnscrypt-proxy[1052358]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:42:58.181775 osdx dnscrypt-proxy[1052358]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:42:58.181795 osdx dnscrypt-proxy[1052358]: Firefox workaround initialized
Jun 04 19:42:58.181801 osdx dnscrypt-proxy[1052358]: Loading the set of cloaking rules from [/tmp/tmpfrfngd_z]
Jun 04 19:42:58.327781 osdx dnscrypt-proxy[1052358]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 04 19:42:58.327803 osdx dnscrypt-proxy[1052358]: [RD] OK (DoH) - rtt: 126ms
Jun 04 19:42:58.327813 osdx dnscrypt-proxy[1052358]: Server with the lowest initial latency: RD (rtt: 126ms)
Jun 04 19:42:58.327818 osdx dnscrypt-proxy[1052358]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:03.344410 osdx OSDxCLI[937600]: User 'admin' entered an invalid command: 'show host lookup teldat.com type A'.
Jun 04 19:43:13.451390 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 04 19:43:13.657491 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:43:13.661054 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:43:13.661142 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:43:13.671720 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:43:14.045383 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:14.112001 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:43:14.239855 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:43:14.311093 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:14.409158 osdx ubnt-cfgd[1052416]: inactive
Jun 04 19:43:14.430116 osdx dnscrypt-proxy[1052358]: Stopped.
Jun 04 19:43:14.430187 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:43:14.431046 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:43:14.431169 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:14.488657 osdx WARNING[1052480]: No supported link modes on interface eth0
Jun 04 19:43:14.490189 osdx modulelauncher[1052480]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:14.490205 osdx modulelauncher[1052480]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:14.491440 osdx modulelauncher[1052480]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:14.491449 osdx modulelauncher[1052480]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:14.508635 osdx ca-certificates[1052506]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:43:14.794070 osdx ca-certificates[1053083]: done.
Jun 04 19:43:14.797917 osdx ca-certificates[1053092]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:15.245281 osdx ubnt-cfgd[1053950]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:15.254516 osdx ca-certificates[1053956]: 142 added, 0 removed; done.
Jun 04 19:43:15.257329 osdx ca-certificates[1053962]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:15.260005 osdx ca-certificates[1053964]: done.
Jun 04 19:43:15.274541 osdx INFO[1053967]: FRR daemons did not change
Jun 04 19:43:15.274807 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:15.293486 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:15.308846 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:16.548650 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:17.303251 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:43:17.372996 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:43:17.515480 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:43:17.627008 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:43:17.748031 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:43:17.842650 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:43:17.940955 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 04 19:43:17.994322 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:43:18.114751 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:43:18.168046 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:43:18.274877 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:18.337980 osdx ubnt-cfgd[1054002]: inactive
Jun 04 19:43:18.365928 osdx INFO[1054010]: FRR daemons did not change
Jun 04 19:43:18.379267 osdx ca-certificates[1054026]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:18.943993 osdx ubnt-cfgd[1055038]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:18.952041 osdx ca-certificates[1055044]: 1 added, 0 removed; done.
Jun 04 19:43:18.955109 osdx ca-certificates[1055050]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:18.958096 osdx ca-certificates[1055052]: done.
Jun 04 19:43:18.989029 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:43:19.034881 osdx WARNING[1055119]: No supported link modes on interface eth0
Jun 04 19:43:19.036656 osdx modulelauncher[1055119]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:19.036668 osdx modulelauncher[1055119]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:19.037908 osdx modulelauncher[1055119]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:19.037916 osdx modulelauncher[1055119]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:19.145332 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:19.146546 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:19.158335 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:19.165236 osdx dnscrypt-proxy[1055168]: dnscrypt-proxy 2.0.45
Jun 04 19:43:19.165306 osdx dnscrypt-proxy[1055168]: Network connectivity detected
Jun 04 19:43:19.165522 osdx dnscrypt-proxy[1055168]: Dropping privileges
Jun 04 19:43:19.167532 osdx dnscrypt-proxy[1055168]: Network connectivity detected
Jun 04 19:43:19.167564 osdx dnscrypt-proxy[1055168]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:43:19.167568 osdx dnscrypt-proxy[1055168]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:43:19.167584 osdx dnscrypt-proxy[1055168]: Firefox workaround initialized
Jun 04 19:43:19.167587 osdx dnscrypt-proxy[1055168]: Loading the set of cloaking rules from [/tmp/tmpyz130a0k]
Jun 04 19:43:19.175898 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:19.301358 osdx dnscrypt-proxy[1055168]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 04 19:43:19.301372 osdx dnscrypt-proxy[1055168]: [RD] OK (DoH) - rtt: 117ms
Jun 04 19:43:19.301380 osdx dnscrypt-proxy[1055168]: Server with the lowest initial latency: RD (rtt: 117ms)
Jun 04 19:43:19.301384 osdx dnscrypt-proxy[1055168]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:19.309956 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 04 19:43:19.535605 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:43:19.537021 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:43:19.537070 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:43:19.544942 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:43:19.816272 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:19.871629 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:43:19.994864 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:43:20.069552 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:20.141750 osdx ubnt-cfgd[1055241]: inactive
Jun 04 19:43:20.166581 osdx dnscrypt-proxy[1055168]: Stopped.
Jun 04 19:43:20.166601 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:43:20.167976 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:43:20.168120 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:20.236161 osdx WARNING[1055305]: No supported link modes on interface eth0
Jun 04 19:43:20.237915 osdx modulelauncher[1055305]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:20.237927 osdx modulelauncher[1055305]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:20.239431 osdx modulelauncher[1055305]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:20.239440 osdx modulelauncher[1055305]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:20.260845 osdx ca-certificates[1055330]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:43:20.577552 osdx ca-certificates[1055907]: done.
Jun 04 19:43:20.580965 osdx ca-certificates[1055916]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:21.067815 osdx ubnt-cfgd[1056774]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:21.076400 osdx ca-certificates[1056779]: 142 added, 0 removed; done.
Jun 04 19:43:21.080038 osdx ca-certificates[1056786]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:21.083511 osdx ca-certificates[1056788]: done.
Jun 04 19:43:21.098959 osdx INFO[1056791]: FRR daemons did not change
Jun 04 19:43:21.099196 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:21.101069 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:21.116189 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:22.309730 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:23.018859 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:43:23.079887 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:43:23.184170 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:43:23.263734 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:43:23.366093 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:43:23.426852 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'.
Jun 04 19:43:23.537500 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 04 19:43:23.596372 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:43:23.738568 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:43:23.796220 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:43:23.928783 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:23.994951 osdx ubnt-cfgd[1056825]: inactive
Jun 04 19:43:24.018574 osdx INFO[1056833]: FRR daemons did not change
Jun 04 19:43:24.032145 osdx systemd[1]: systemd-timedated.service: Deactivated successfully.
Jun 04 19:43:24.033860 osdx ca-certificates[1056849]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:24.636819 osdx ubnt-cfgd[1057865]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:24.646951 osdx ca-certificates[1057870]: 1 added, 0 removed; done.
Jun 04 19:43:24.650027 osdx ca-certificates[1057877]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:24.653854 osdx ca-certificates[1057879]: done.
Jun 04 19:43:24.689032 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:43:24.735501 osdx WARNING[1057946]: No supported link modes on interface eth0
Jun 04 19:43:24.736938 osdx modulelauncher[1057946]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:24.736952 osdx modulelauncher[1057946]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:24.738145 osdx modulelauncher[1057946]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:24.738154 osdx modulelauncher[1057946]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:24.865478 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:24.867023 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:24.883532 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:24.891684 osdx dnscrypt-proxy[1057995]: dnscrypt-proxy 2.0.45
Jun 04 19:43:24.891756 osdx dnscrypt-proxy[1057995]: Network connectivity detected
Jun 04 19:43:24.892018 osdx dnscrypt-proxy[1057995]: Dropping privileges
Jun 04 19:43:24.894456 osdx dnscrypt-proxy[1057995]: Network connectivity detected
Jun 04 19:43:24.894493 osdx dnscrypt-proxy[1057995]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:43:24.894499 osdx dnscrypt-proxy[1057995]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:43:24.894521 osdx dnscrypt-proxy[1057995]: Firefox workaround initialized
Jun 04 19:43:24.894527 osdx dnscrypt-proxy[1057995]: Loading the set of cloaking rules from [/tmp/tmp_kczgg0n]
Jun 04 19:43:24.901156 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:25.039381 osdx dnscrypt-proxy[1057995]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 04 19:43:25.039397 osdx dnscrypt-proxy[1057995]: [RD] OK (DoH) - rtt: 125ms
Jun 04 19:43:25.039407 osdx dnscrypt-proxy[1057995]: Server with the lowest initial latency: RD (rtt: 125ms)
Jun 04 19:43:25.039412 osdx dnscrypt-proxy[1057995]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:25.063039 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49199

Show output

Jun 04 19:43:25.277141 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:43:25.281017 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:43:25.281070 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:43:25.286829 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:43:25.538018 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:25.590902 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:43:25.725321 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:43:25.804294 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:25.905624 osdx ubnt-cfgd[1058068]: inactive
Jun 04 19:43:25.928678 osdx dnscrypt-proxy[1057995]: Stopped.
Jun 04 19:43:25.928764 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:43:25.929581 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:43:25.929694 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:25.990805 osdx WARNING[1058132]: No supported link modes on interface eth0
Jun 04 19:43:25.992346 osdx modulelauncher[1058132]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:25.992358 osdx modulelauncher[1058132]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:25.993962 osdx modulelauncher[1058132]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:25.993971 osdx modulelauncher[1058132]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:26.012107 osdx ca-certificates[1058157]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:43:26.319495 osdx ca-certificates[1058734]: done.
Jun 04 19:43:26.323287 osdx ca-certificates[1058744]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:26.787456 osdx ubnt-cfgd[1059601]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:26.795707 osdx ca-certificates[1059607]: 142 added, 0 removed; done.
Jun 04 19:43:26.798610 osdx ca-certificates[1059613]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:26.801369 osdx ca-certificates[1059615]: done.
Jun 04 19:43:26.819567 osdx INFO[1059618]: FRR daemons did not change
Jun 04 19:43:26.819883 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:26.836865 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:26.862484 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:28.065066 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:28.668260 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:43:28.734576 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:43:28.841313 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:43:28.897996 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:43:29.057340 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:43:29.151622 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 04 19:43:29.264580 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'.
Jun 04 19:43:29.375584 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:43:29.519428 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:43:29.593603 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:43:29.714674 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:29.779901 osdx ubnt-cfgd[1059652]: inactive
Jun 04 19:43:29.806242 osdx INFO[1059660]: FRR daemons did not change
Jun 04 19:43:29.818298 osdx ca-certificates[1059676]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:30.346133 osdx ubnt-cfgd[1060688]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:30.355918 osdx ca-certificates[1060694]: 1 added, 0 removed; done.
Jun 04 19:43:30.359558 osdx ca-certificates[1060700]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:30.362664 osdx ca-certificates[1060702]: done.
Jun 04 19:43:30.393033 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:43:30.437256 osdx WARNING[1060769]: No supported link modes on interface eth0
Jun 04 19:43:30.438711 osdx modulelauncher[1060769]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:30.438724 osdx modulelauncher[1060769]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:30.439899 osdx modulelauncher[1060769]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:30.439909 osdx modulelauncher[1060769]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:30.565467 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:30.567526 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:30.582243 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:30.589313 osdx dnscrypt-proxy[1060818]: dnscrypt-proxy 2.0.45
Jun 04 19:43:30.589391 osdx dnscrypt-proxy[1060818]: Network connectivity detected
Jun 04 19:43:30.589624 osdx dnscrypt-proxy[1060818]: Dropping privileges
Jun 04 19:43:30.592559 osdx dnscrypt-proxy[1060818]: Network connectivity detected
Jun 04 19:43:30.592609 osdx dnscrypt-proxy[1060818]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:43:30.592614 osdx dnscrypt-proxy[1060818]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:43:30.592636 osdx dnscrypt-proxy[1060818]: Firefox workaround initialized
Jun 04 19:43:30.592642 osdx dnscrypt-proxy[1060818]: Loading the set of cloaking rules from [/tmp/tmpf21am2ln]
Jun 04 19:43:30.616095 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:30.716955 osdx dnscrypt-proxy[1060818]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199
Jun 04 19:43:30.716975 osdx dnscrypt-proxy[1060818]: [RD] OK (DoH) - rtt: 104ms
Jun 04 19:43:30.716984 osdx dnscrypt-proxy[1060818]: Server with the lowest initial latency: RD (rtt: 104ms)
Jun 04 19:43:30.716987 osdx dnscrypt-proxy[1060818]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:30.785065 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 5

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 49200

Show output

Jun 04 19:43:31.013865 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:43:31.017021 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:43:31.017087 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:43:31.023707 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:43:31.318993 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:31.372359 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:43:31.521583 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:43:31.582055 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:31.683443 osdx ubnt-cfgd[1060891]: inactive
Jun 04 19:43:31.706990 osdx dnscrypt-proxy[1060818]: Stopped.
Jun 04 19:43:31.707158 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:43:31.708032 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:43:31.708139 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:31.767342 osdx WARNING[1060955]: No supported link modes on interface eth0
Jun 04 19:43:31.769269 osdx modulelauncher[1060955]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:31.769283 osdx modulelauncher[1060955]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:31.770596 osdx modulelauncher[1060955]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:31.770606 osdx modulelauncher[1060955]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:31.790112 osdx ca-certificates[1060980]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:43:32.115384 osdx ca-certificates[1061557]: done.
Jun 04 19:43:32.118616 osdx ca-certificates[1061566]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:32.574039 osdx ubnt-cfgd[1062424]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:32.583169 osdx ca-certificates[1062429]: 142 added, 0 removed; done.
Jun 04 19:43:32.586045 osdx ca-certificates[1062436]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:32.588752 osdx ca-certificates[1062438]: done.
Jun 04 19:43:32.604400 osdx INFO[1062441]: FRR daemons did not change
Jun 04 19:43:32.604683 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:32.642854 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:32.667445 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:33.851577 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:34.434566 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:43:34.495076 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:43:34.598608 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:43:34.651323 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:43:34.748978 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:43:34.799549 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 04 19:43:34.894897 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'.
Jun 04 19:43:34.946967 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:43:35.069944 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:43:35.123514 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:43:35.235440 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:35.296683 osdx ubnt-cfgd[1062475]: inactive
Jun 04 19:43:35.320573 osdx INFO[1062483]: FRR daemons did not change
Jun 04 19:43:35.334375 osdx ca-certificates[1062499]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:35.909196 osdx ubnt-cfgd[1063511]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:35.919963 osdx ca-certificates[1063516]: 1 added, 0 removed; done.
Jun 04 19:43:35.924034 osdx ca-certificates[1063523]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:35.927602 osdx ca-certificates[1063525]: done.
Jun 04 19:43:35.965035 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:43:36.016755 osdx WARNING[1063592]: No supported link modes on interface eth0
Jun 04 19:43:36.018590 osdx modulelauncher[1063592]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:36.018603 osdx modulelauncher[1063592]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:36.020429 osdx modulelauncher[1063592]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:36.020439 osdx modulelauncher[1063592]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:36.149433 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:36.150713 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:36.164488 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:36.170126 osdx dnscrypt-proxy[1063641]: dnscrypt-proxy 2.0.45
Jun 04 19:43:36.170199 osdx dnscrypt-proxy[1063641]: Network connectivity detected
Jun 04 19:43:36.170423 osdx dnscrypt-proxy[1063641]: Dropping privileges
Jun 04 19:43:36.173060 osdx dnscrypt-proxy[1063641]: Network connectivity detected
Jun 04 19:43:36.173089 osdx dnscrypt-proxy[1063641]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:43:36.173094 osdx dnscrypt-proxy[1063641]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:43:36.173112 osdx dnscrypt-proxy[1063641]: Firefox workaround initialized
Jun 04 19:43:36.173117 osdx dnscrypt-proxy[1063641]: Loading the set of cloaking rules from [/tmp/tmpunuqea5y]
Jun 04 19:43:36.193410 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:36.312313 osdx dnscrypt-proxy[1063641]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200
Jun 04 19:43:36.312331 osdx dnscrypt-proxy[1063641]: [RD] OK (DoH) - rtt: 122ms
Jun 04 19:43:36.312339 osdx dnscrypt-proxy[1063641]: Server with the lowest initial latency: RD (rtt: 122ms)
Jun 04 19:43:36.312343 osdx dnscrypt-proxy[1063641]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:36.377205 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

Example 6

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.215.168.64/24
set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA
set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
set service dns proxy log level 0
set service dns proxy server-name RD
set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b
set service dns proxy static RD protocol dns-over-https host name remote.dns
set service dns proxy static RD protocol dns-over-https ip 10.215.168.1
set system certificate trust 'running://remote.dns-server.crt'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:

teldat.com has address 19.18.17.16

Show output

;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
teldat.com has address 19.18.17.16

Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:

Cipher suite: 52392

Show output

Jun 04 19:43:36.641655 osdx systemd-journald[172397]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 19:43:36.645015 osdx systemd-journald[172397]: Received client request to rotate journal, rotating.
Jun 04 19:43:36.645064 osdx systemd-journald[172397]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 19:43:36.651794 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 19:43:36.933089 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:36.983283 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'delete '.
Jun 04 19:43:37.131549 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'.
Jun 04 19:43:37.201497 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:37.331091 osdx ubnt-cfgd[1063714]: inactive
Jun 04 19:43:37.351847 osdx dnscrypt-proxy[1063641]: Stopped.
Jun 04 19:43:37.351878 osdx systemd[1]: Stopping dnscrypt-proxy.service - DNSCrypt client proxy...
Jun 04 19:43:37.352569 osdx systemd[1]: dnscrypt-proxy.service: Deactivated successfully.
Jun 04 19:43:37.352666 osdx systemd[1]: Stopped dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:37.407536 osdx WARNING[1063778]: No supported link modes on interface eth0
Jun 04 19:43:37.409291 osdx modulelauncher[1063778]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:37.409306 osdx modulelauncher[1063778]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:37.410788 osdx modulelauncher[1063778]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:37.410800 osdx modulelauncher[1063778]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:37.427501 osdx ca-certificates[1063803]: Clearing symlinks in /etc/ssl/certs...
Jun 04 19:43:37.717009 osdx ca-certificates[1064380]: done.
Jun 04 19:43:37.720644 osdx ca-certificates[1064390]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:38.193290 osdx ubnt-cfgd[1065247]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:38.202373 osdx ca-certificates[1065252]: 142 added, 0 removed; done.
Jun 04 19:43:38.205509 osdx ca-certificates[1065259]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:38.208329 osdx ca-certificates[1065261]: done.
Jun 04 19:43:38.223866 osdx INFO[1065264]: FRR daemons did not change
Jun 04 19:43:38.224152 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:38.305818 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:38.322178 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:39.565477 osdx OSDxCLI[937600]: User 'admin' entered the configuration menu.
Jun 04 19:43:40.304568 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'.
Jun 04 19:43:40.359612 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'.
Jun 04 19:43:40.465451 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'.
Jun 04 19:43:40.522275 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'.
Jun 04 19:43:40.622497 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 7a29a0b37ebaaede8a38645ac1ef0ebcf68cb59eec2cc37db7bb962a1ff5c77b'.
Jun 04 19:43:40.677864 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'.
Jun 04 19:43:40.768214 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'.
Jun 04 19:43:40.820843 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'.
Jun 04 19:43:41.014704 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'.
Jun 04 19:43:41.095623 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'.
Jun 04 19:43:41.222098 osdx OSDxCLI[937600]: User 'admin' added a new cfg line: 'show working'.
Jun 04 19:43:41.327529 osdx ubnt-cfgd[1065298]: inactive
Jun 04 19:43:41.348424 osdx INFO[1065306]: FRR daemons did not change
Jun 04 19:43:41.361039 osdx ca-certificates[1065322]: Updating certificates in /etc/ssl/certs...
Jun 04 19:43:41.891556 osdx ubnt-cfgd[1066334]: rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
Jun 04 19:43:41.901999 osdx ca-certificates[1066340]: 1 added, 0 removed; done.
Jun 04 19:43:41.905045 osdx ca-certificates[1066346]: Running hooks in /etc/ca-certificates/update.d...
Jun 04 19:43:41.908136 osdx ca-certificates[1066348]: done.
Jun 04 19:43:41.937019 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 19:43:41.985336 osdx WARNING[1066415]: No supported link modes on interface eth0
Jun 04 19:43:41.986757 osdx modulelauncher[1066415]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 19:43:41.986770 osdx modulelauncher[1066415]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 19:43:41.987917 osdx modulelauncher[1066415]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 19:43:41.987925 osdx modulelauncher[1066415]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 19:43:42.097526 osdx systemd[1]: Started dnscrypt-proxy.service - DNSCrypt client proxy.
Jun 04 19:43:42.099082 osdx cfgd[1850]: [937600]Completed change to active configuration
Jun 04 19:43:42.114273 osdx OSDxCLI[937600]: User 'admin' committed the configuration.
Jun 04 19:43:42.118521 osdx dnscrypt-proxy[1066464]: dnscrypt-proxy 2.0.45
Jun 04 19:43:42.118599 osdx dnscrypt-proxy[1066464]: Network connectivity detected
Jun 04 19:43:42.118815 osdx dnscrypt-proxy[1066464]: Dropping privileges
Jun 04 19:43:42.121057 osdx dnscrypt-proxy[1066464]: Network connectivity detected
Jun 04 19:43:42.121099 osdx dnscrypt-proxy[1066464]: Now listening to 127.0.0.1:53 [UDP]
Jun 04 19:43:42.121104 osdx dnscrypt-proxy[1066464]: Now listening to 127.0.0.1:53 [TCP]
Jun 04 19:43:42.121131 osdx dnscrypt-proxy[1066464]: Firefox workaround initialized
Jun 04 19:43:42.121137 osdx dnscrypt-proxy[1066464]: Loading the set of cloaking rules from [/tmp/tmpl_n3wu2v]
Jun 04 19:43:42.131808 osdx OSDxCLI[937600]: User 'admin' left the configuration menu.
Jun 04 19:43:42.263627 osdx dnscrypt-proxy[1066464]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392
Jun 04 19:43:42.263646 osdx dnscrypt-proxy[1066464]: [RD] OK (DoH) - rtt: 121ms
Jun 04 19:43:42.263656 osdx dnscrypt-proxy[1066464]: Server with the lowest initial latency: RD (rtt: 121ms)
Jun 04 19:43:42.263661 osdx dnscrypt-proxy[1066464]: dnscrypt-proxy is ready - live servers: 1
Jun 04 19:43:42.292715 osdx OSDxCLI[937600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.

---