Apple Mac Native VPN Drops Cisco IPSec VPN Connections


When using the Mac OS X (currently 10.9.4) native VPN client to connect over VPN to a Cisco device you might find it disconnects every 45 to 60 minutes without any warning and no attempt to redial to the VPN server. If you are like me and have a lot of sessions running, reconnecting them all again can be a real pain and that’s not even considering the transfers that also terminate and have to be restarted.

I was surprised to find this has been a “bug” for a while now, there does seem to be a fix but it’s designed for people that know Linux somewhat..

Here is how I solved the problem:

1. Connect to the VPN (this generates a file)

2. Copy the generated conf file to /etc/racoon

3. Edit the racoon file (I’m using vi but you could use vim or nano)

4. At the end of the file comment out the following line:

It should look like this:

5. Add the following line (Change to the IP address of your VPN server)

Save and close

6. Edit the following file /etc/racoon/ (change to the ip address of your VPN server)

7. Disable dead peer detection by changing the value to “0”:

8. Change proposal check from “obey” to “claim”

9. Change the proposed lifetime in each proposal from 3600 to 86400 (24 hours):

Note: Change them all, not just one!

10. Disconnect and reconnect

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Set up Apache as a reverse proxy using mod_proxy


Okay so I love Apache and at every chance I will use it over Microsoft IIS or any other web serving service, unless a specific application is only written for Microsoft IIS – such as (Citrix Web Interface) !!

So in the case of only having one public IP and Citrix Web Interface behind it but wanting to host on Apache, I had to set up an Apache box to proxy all traffic for a certain domain name to the IIS box. Did I explain that well, probably not, … lets draw a picture!

Apache mod_proxy


Apache mod_proxy

mod_proxy is the Apache module for redirecting web pages, it isn’t just one module but rather a collection of them:

  • mod_proxy
  • modproxyhttp
  • modproxyftp
  • modproxyconnect
  • modproxyajp
  • modproxywstunnel
  • modproxywstunnel
  • modproxybalancer
  • mod_cache
  • mod_headers
  • mod_deflate

Installing Apache mod_proxy

This assumes you have Apache installed and running, if not just run the following to install:

Install Essential Build Tools

The package is required to install from source code

Install Module and Dependancies

Activating the Modules

We need to enable the necessary modules before configuring Apache, to check to see what modules are available, run the following:

Input the following modules to load:

proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_htmla2enmod


Restart Apache

Configuring Apache vHosts for mod_proxy

In this example I will be using “” to a webserver at as a domain and IP to get mod_proxy to redirect to, you will need to change this to suit your needs.

Create a vhost

Copy and paste the following into the conf file

Save and quit (:wq)

Enable Site

Enable the site by running the following:

Restart Apache

Finally, restart Apache web server

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Using a Cisco router with Telstra FTTH Velocity Service


I recently got fibre to the home (FTTH) or as some other people like to call fibre to the premise (FTTP) thanks to Telstra and their Velocity service. Now is is quite straight forward, someone comes out and connect activates the ONT unit. In my case the fibre is terminated at the ONT unit and then patched to the lounge courtesy of CAT5E running into every room in the apartment. From there I was able to patch from the lounge straight to bedroom 1 (b1) and from there to the router (it sounds complicated but its not). Now from my learnings there are two ways to connect, both requiring PPPOE authentication, you can either set up a new connection on a Windows 7 machine (or other flavours of Windows) and create a PPPOE dialer or you can connect a PPPOE capable router and pass credentials that way.

Telstra Fibre Router

Why am I writing this post you ask…. well it has to do with the learnings I stumbled upon while connecting my Cisco 1801 series router and wish to share my experiences, even if they are not the same as yours you might find this useful in troubleshooting your own connection.

I’m not sure about the Australian National Broadband Network (NBN) connection but could have some relevancy to this >>

Telstra OTP

Turn on terminal monitor

Turn on ppp debugging (this will show you when the dialer is trying to auth)

First off, you don’t need the ATM interface if you have a config already set up for DSL so first thing is to disable the ATM interface

You will need a dialer interface, I have mine set up as “Dialer0” with the following (using CHAP)

Note “dialer-group 1”

Now we have to assign the Dialer0 to the interface, depending on your Cisco product and IOS version is dependant on what you do here but for me I had to create a vlan and assign the vlan to the layer 2 interface (FastEthernet8) in my case.

If you don’t have the vlan 999 created, it will create it for you (it doesn’t need to be vlan 999 but any number you aren’t using).

Now you have to enable pppoe and assign the dialer pool number in the vlan (note my dialer pool number is 1) and assign as a outside natting interface.

Check your interfaces to see if it is connected

A more complete configuration example would be the following:

NOTE: This is for a Cisco router that has eight ports, you will need to add/remove depending on physical ethernet ports.

Change the following for your own circumstances:

  • PPP CHAP username and password
  • Type and amount of Ethernet ports, could be only two or four ports and maybe Gigabit Ethernet instead (GigabitEthernet).

You should be able to add your nats and anything else you require for your inside LAN, I added some alias but you don’t need them.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to set up a email server using Postfix, Dovecot and Roundcube on Linux Debian


Domain and Records

Before you start anything, you need a domain. If you don’t have one, purchase one.

Because it takes time to replicate the records, you need to start this processes first.

You will need to create A records for the domain, I created the following:

  • @
  • www
  • mail
  • smtp
  • imap
  • webmail

I have them all pointing to the same IP address but for the purpose of using different addresses for each service makes it

You will also need to point the MX record of the domain to the public facing IP address of the Linux box (and set up any natting if required).

Platform Set Up

I am assuming you already have a working Linux installation, for my set up I am using Linux Debian 7 (Wheezy) kernel version 2.6.32-042 Stable 64bit.

There are various ways you can set this up, for my set up I will be using a single server for handling the mail, presenting the webmail and holding the mySQL database. You can separate these functions out to different servers depending on the load requirements and underlying infrastructure.

Make sure your system is up-to-date by running the following command:


This is how the whole solution hangs together. It makes sense to me, hopefully it will make sense to you at least by the time you finish reading this tutorial.Mail Hosting Design


MBox vs MailDir

The Unix world has two ways of storing mail messages, the traditional mbox format and the newer maildir format. Postfix and Dovecot supports the two mail storage format so you can use any format, but I highly recommend you use the maildir format.

For the purpose of this tutorial I will be setting it up with maildir, for me the main purpose of this was to allow subfolders to be created in the mailbox (mbox doesn’t allow this no matter how much I tried!)

I won’t explain how mbox works but I will explain how Maildir does:

Receiving and storing a mail

  1. Create a unique file in the tmp directory
  2. Write the mail into the newly created file
  3. Move the completely written mail into the new directory

Retrieving a mail

  1. Locate and read the mail
  2. Move the mail from new into the cur directory and append the mail status flag into the filename

Deleting a mail

  1. Delete the file containing the mail

Searching a mail

  1. Search each and every mail file


  • Locating, retrieving and deleting a specific mail is fast
  • Minimal to no file locking is needed
  • Can be used on a network file system
  • Immune to mailbox corruption assuming hardware will not fail


  • Some filesystems may not efficiently handle a large number of small files
  • Searching text is slow due to all mail files to be opened.

SSL Certificate

Don’t get mistaken, if you don’t have a SSL certificate from a certified certificate authority then you can still use a self signed one. For this tutorial we   are going to assume the certificate is saved in /etc/ssl/certs/mailcert.pem and the key is saved in /etc/ssl/private/mail.key. Make sure the key is only readable by the root user!

Create a self signed certificate

Fill in the details

Example only:

Note that this way you cannot create a certificate valid for more than one domain using the subjectAltName field without some additional work.

Check to see if the certs are created:


Remove packages

If you are using Debian there is a default MTA on Debian called exim4, you need to remove this or it will conflict with the port mappings.

Install Postfix

Install Postfix

Stop Postfix

Postfix manages it’s own daemons so the following commands work to manage Postfix

  • postfix start
  • postfix stop
  • postfix reload

Configuring Postfix

Postfix has two configuration files

  1. /etc/postfix/ = configuration of services Postfix should run on
  2. /etc/postfix/ = configuration options

Add the following into the, this will take mail from trusted clients for delivery to broader internet, this restricts unauthorised users.

The “-o” options override the settings that are taken from defaults.


It is better to start with a clean slate so make a copy of the first


Create a new file

Copy the following into the file

Change the following lines to reflect your domain:

  • myhostname =
  • mydestination =

Check /etc/mailname file and ensure the correct FQDN is there eg:

With mydestination, just change the first two.

Ensure the host name of the service is specified in /etc/mailname; if you have used the same A records then use the “mail” one unless you have specific requirements not to.

The purpose of “mydestination” sets the domains postfix accepts emails for.

Leaving “relayhost” empty disables Postfix from being used as a relaying server.

In the same file ( you need to specify alias maps, enter the following lines:

We need to also specify SSL settings, enter the following after alias maps in

Furthermore to the file is to add a line to enable Postfix to reject email to users that cannot be found in the table which in this case, is the aliases table.


Aliases are defined in the /etc/aliases file to tell Postfix what email addresses to accept; for example:

SMTP RFC 5321 mandates that any publicly accessible mail server that accepts any mail at all must also accept mail to the following addresses:

  • postmaster
  • hostmaster
  • abuse
  • webmaster

You can set up redirects from those email accounts to a specific user by adding in the aliases file “root: user” (user being the email address of a user).

After updating aliases you must update the aliases database by issuing the following command:


Install Dovecot

Configuring Dovecot

Clearing out the configuration file is best for this too

Add the following:

This enables plaintext authentication (the plain text is tunnelled through TLS) and tells Dovecot to use the “mail” system group for accessing local mailboxes and uses Unix authentication system to autenticate users and enable imap only.

It’s probably best to have Dovecot automatically create the Draft, Junk, Trash, Sent folders so add the following to the dovecot.conf file:

We need to open a socket that Postfix can use to piggy-back on Dovecot’s authentication, add the following in dovecot.conf

Also configure SSL by adding the following into dovecot.conf

Start Processes

This should be it, execute the following to start Postfix and Dovecot


You don’t have to do this but it is good to see it all working, create two users:

Add the users into aliases

Recreate aliases database

Send an email to user1 and user2

Log into user1

Check mail for user1

You should be able to connect IMAP clients such as Outlook or Apple iPhone clients. If you created the same A records as mine then you should use the following settings:

incoming mail server: (SSL on port 993)
user: user1
password: what ever password you specified
outgoing mail server: (SSL on port 587)

If this isn’t working out so far, re-read the instructions above, if that fails I have added a troubleshooting section at the end of this post.


Okay, if all is going well at this point, then lets install Roundcube.  If you prefer using a different webmail solution or if you wish not to use one then skip this step.

Roundcube is ajax driven webmail solution that runs on a typical LAMPP stack. There are customisable skins (two pre-installed) that use the latest web standards (XHTML and CSS 2)

If Apache, mySQL and PHP isn’t installed, follow the steps

Install Apache2

Install mySQL

You will need to specify a mysql root password, make this secure and save in a password manager – you will need this later

Install PHP 5

Restart Apache

An example only:

Change to root folder

Extract the archive out (install tar if not already installed)

Install additional packages

Configure time zone in Apache

Change the following line to a time zone specific to your location

Okay, so that is the base for Roundcube to be installed on, now you have to configure a vhost for Apache which can be followed using this process. I recommending using the A record webmail for your vhost and locating it in the /var/www/vhosts directory.

Create a folder for Roundcube to be installed

Copy the Roundcube files to the vhost location (my example is Roundcube version 1.0.2)


You will need to create a new database and grant privileges to it for a local mySQL account using the steps below. If you require further mySQL commands.

Log into mySQL

Use the password you specified earlier when installing mySQL

Create a database

Grant privileges

Change the ‘password’ to something secure

Flush privileges

Exit mySQL command line interface

Launch Roundcube Installer

So, if that is all set up correctly you should have a Apache, PHP and mySQL installed with a database ready to be used.

Go to the following address to run the Roundcube installer

Follow the prompts

If everything works out you should be able to go to your new webmail console at

Roundcube Webmail

Roundcube Plugins

So if you are using the Roundcube webmail you will find a basic web mailing features. If you desire more than that then you can install a multitude of plugins to add certain functionality.

Roundcube Security

Change the encryption key in the file to a new 24 character string

Find the string:

Message Attachment Size Limit


By default, Postfix limits the file attachment size to 10 megabytes. You can can this by executing the following:

This limits file sizes from 10M to 100M (This is not recommended if you don’t have a good internet connection on the server)


Once you have changed the attachment size in Postfix, you might want to change it in Roundcube

Make a backup of php.ini first

Search for the following two lines:

post_max_size =
upload_max_filesize =

Change the values to your desired size.

Restart Apache for settings to take effect


To see any problems with the setup


To see the mail queue in Postfix

To clear the mail queue

Location mail is stored:

For root:


For users:


If you cannot see mail in the web mail client, browse to the Maildir directory for the user and see if you see any files in the cur folders

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

WordPress Security Keys


Using strong security keys is an important part of securing WordPress against external attack. WordPress security Keys refer to four authentication keys and four hashing salts (random bits of data) that work to add an extra layer of security to your cookies and password. The security keys are defined in your WordPress configuration file aka wp-config.php.

Out of the box there are keys predefined however if you want a super strong WordPress installation, you should really change these to something else. As of WordPress 3.0, there are eight security keys in the following format:

  • WordPress 2.7: NONCE_KEY

View the Security Keys

1. Edit the wp-config.php file


Each key needs to be completely random and different from the others. You can do this manually or you can use the WordPress online service for an automatic key-generation.

Official WordPress Secret Key Generator (opens a new window)

You can refresh the page to generate new keys until you find the key set you desire the most

You will need to copy the entire block of code and replace the eight default keys with the eight random ones.

Other Considerations

  • Never reveal your security keys to anyone
  • Any logged in users will need to log back in if you change the keys
  • Security keys can be changed at anytime

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.