Roundcube and Dovecot, howto use TLSv1.2

by Darkray, 2015-09-19

A lot has been written about disabling SSLv3, not only for your webserver but also for the other services, like Dovecot for example. Now this is easy, but what they don't tell you, is how to exactly use TLSv1.2 with Roundcube webmail client.

Again, this should be easy too. But if you have PHP v5.6 on your system, some things have changed. Roundcube is written in PHP and it's configuration settings are PHP as well.


Howto reset Gnome 3 HiDPI settings

by Darkray, 2014-09-27

Today I was curious what the HiDPI setting in Gnome 3.12 did and how it worked, so I launched the gnome-tweak-tool and changed the HiDPI setting from 1 to 2. Don't just do this on a low-res screen, in my case a 1366x768 Thinkpad screen. Every Gnome window is blown up as if it's under a magnifier. Probably what you want on a high-res screen :–P

You can reset this by firing up a terminal by typing: ALT-F1 and gnome-terminal, in the terminal execute the following command to reset the HiDPI setting back to 1: gsettings reset org.gnome.settings-daemon.plugins.xsettings overrides

Howto setup an IPsec VPN with pfSense

by Darkray, 2014-06-07

Setup VPN on the router

Follow the excellent howto from the pfSense documentation: IPsec_Road_Warrior []
Personally I like to use 'Mutual PSK + Xauth' as authentication method of the tunnel.

Setup Client software on Linux

Install the Cisco-compatible VPN client on linux:

apt-get install vpnc

Use your favourite linux editor and create a new config file: /etc/vpnc/myvpn.conf

IPSec gateway <pfsense router address>
IPSec ID <Peer identifier>
IPSec secret <Pre-Shared Key>
Xauth username <Identifier or username>
Xauth password <Identifier password>

Start the VPN tunnel by entering the following command:

vpnc-connect myvpn.conf

Disconnect the VPN tunnel with


Setup client software in Gnome 3

Install the vpnc addon software for Network Manager

apt-get install network-manager-vpnc

Goto Settings, Network, Add, VPN, Cisco Compatible VPN (vpnc) and use the following settings:

Name: MyVPN
Gateway: <pfsense router address>
User name: <Identifier/username>
User password: <Identifier/username password>
Group name: <Peer identifier>
Group password: <Pre-Shared Key>


Encryption method: Secure
NAT traversal: NAT-T when available
IKE DH Group: DH Group 2 (default)
Perfect Forward Secrecy: Server (default)
Local port: 0

While passwords should be saved in the Gnome Keyring (bug?), it actually doesn't save the passwords anywhere.
If you however do want it to be saved, you could edit the Network Manager connection: /etc/NetworkManager/system-connections/MyVPN
and add the following lines, but make sure not to leave an empty line at the end. I also found out that Network Manager is very picky
about capitals in its configuration syntax.

IPSec secret=<Pre-Shared Key>
Xauth password=<Identifier/username password>


Howto disable Xorg 1.11 Screensaver bypass

by Darkray, 2012-01-21

With Xorg 1.11 it is possible to bypass the Screensaver Lock, without having to enter a password. This is already fixed in xkeyboard-config 2.5 and pushed in various distros. A simple fix for those who can't or do not want to update/patch their distribution :

Let's see if we are affected:

$ Xorg -version

X.Org X Server (1.11.4 RC 1)

Yes we are :-( Let's get the responsible keys from the keyboard map

$ xmodmap -pke | egrep "XF86Ungrab|XF86ClearGrab"
keycode 63 = KP_Multiply XF86ClearGrab KP_Multiply XF86ClearGrab
keycode 106 = KP_Divide XF86Ungrab KP_Divide XF86Ungrab

Create a .xmodmaprc file and redefine these two keys and add it to our .profile

$ cat > ~/.xmodmaprc <<EOF
keycode 63 = KP_Multiply
keycode 106 = KP_Divide
$ echo "/usr/bin/xmodmap ~/.xmodmaprc" >> ~/.profile

Now all you have to do is, logoff and login and you're done.

Openmoko: Neo Freerunner

by Darkray, 2008-03-07

Currently I'm very much interested in the Openmoko project, which are developing a linux based smartphone. Starting the project in 2007 with a "developers-only" version called Neo 1973, they are expecting to release the Neo Freerunner before the summer of 2008.