NameCheap DDNS update script for Microtik routers




Add this script to your router, edit the variables and test it. Once working, schedule it in the MT scheduler.

# Dynamic DNS Update / Simple Edition
# Modified by Roland Giesler,
# Based on
# 2009-06-22 RouterOS 3.25 Tested
# 2009-10-05 RouterOS 4.01rc1 Tested
# This script will update a dynamic dns hostname
# with an ip address located directly on an interface.
# %
# NOTES: %
# Once you have created this script and tested that it works by running it
# manually you can schedule it to run every few minutes.
# %
# ddnsuser: Enter your account user id.
# ddnspass: Enter your NameCheap dyndns generated password.
# ddnshost: Enter the hostname ( to update.
# ddnsinterface: Enter an interface name - case sensative.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:global ddnsuser "myusername"
:global ddnspass "blablablalongcodegeneratedbynamecheapddns"
:global ddnsserver ""
:global ddnsinterface "PPPoE-ISP"
:global ddnshostname "myhomepc"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global ddnssystem ("mt-" . [/system package get [/system package find name=system] version] )
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface] address ]
:global ddnslastip

:if ([:len [/interface find name=$ddnsinterface]] = 0 ) do={ :log info "DDNS: No interface named $ddnsinterface, please check configuration." }

:if ([ :typeof $ddnslastip ] = "nothing" ) do={ :global ddnslastip }

:if ([ :typeof $ddnsip ] = "nothing" ) do={

:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")

} else={

:if ($ddnsip != $ddnslastip) do={

:log info "DDNS: Sending UPDATE!"
:log info [ :put "https://$ddnsserver?host=$ddnshostname&domain=$ddnsuser&password=$ddnspass" ]
:global ddnslastip $ddnsip

} else={

:log info "DDNS: No changes necessary."





Firefox 31+, pkix, Java and self-signed certificates

Self signed digital certificates are great and may even be more secure than those certified by a CA if the CA’s security is compromised, as has happened in the recent past.  But since Firefox 31, mozilla::pkix is the default certificate verifier, which causes some problems for sites with self-signed certificates.  Two specific application that have given us a lot of grief in particular are Sun & HP iLOM web interfaces.  They use Java on top of it and the remote consoles just don’t load with the default settings anymore.

The solution is two-fold:

  1. Disable the pkix default setting.  In Firefox go to about:config and search for pkix. Set security.use_mozillapkix_verification to false.Firefox pkix settings
  2. In the Java console, allow the site (e.g. to be used.  On Ubuntu, in the IcedTea Web Control Panel, go to Security and ensure that “Allow users to grant permission to content from an untrusted authority” is ticked.IcedTea config
  3. If you’re running Windows (or Ubuntu) with Java 7, go the the Java Control Panel and under the Security tab, add the site address as a security exception to be allowed.

Windows Java 7

That should do it.

Of course, when you’re prompted, you have to allow the site to load!

Older Sun/Oracle servers ELOM/ILOM remote consoles:

When running these on Ubuntu with Firefox, the only way I have found to make it work is to lower the security level of Java.  If you’re unhappy with this, simply raise the level to high again when you’re done with the remote console.  I tried to get to the bottom of this and it seems that Firefox and/or Java consider the self signed certificate valid, but somehow authentication is not allowed.  It has been suggest to run an i386 JRE instead of a 64bit one, but I have not had success with that.

In Ubuntu 14.04 open the Icedtea-Web Control Panel from the HUD:

Launch IcedTea

Select the low security level:

IcedTead Security Level

Hope that helps someone, somewhere.

Why you should consider changing your telephone company

The telecoms landscape has changed over the last few year and more change is eminent.  The cost of calls has come down substantially, but it is nowhere close to the level it can actually go down to.  But chances are that you’re not seeing these saving at all, since your contract locks you into the old prices!


By opting for a Connection Telecom solution, you will be guaranteed the lowest price for calls by design.  All clients on the network already call each other free of charge, so if you’re calling specific suppliers or clients frequently you can already save substantially.

Medical practices who call Medical Aid companies many times a day can now totally eliminate that cost!  Stores that call other branches or their headoffice frequently can do the same.

Integrating mobiles into the company network is just a simple.

Getting reports or even billing for each department is all there and integration to accounting systems is provided for.

Call centre?  Predictive dialling and agent wrap codes, integration with CRM systems?  Consider it done!

If you’ve had bad experiences with el-cheapo operators or you’ve been flogged by the incumbent telco, we have good news for you…

Upgrade to the next level!

Contact us asap and we’ll propose a solution to you.


Need to become PoPI compliant?

The Protection of Personal Information Act (PoPI) requires that organisations and business keep track of how, when and by whom personal information is access and used.  For more details see this Mail & Guardian article.

Did you know that we offer Laserfiche in three flavours?

  • Laserfiche Cloud, a no installation hosted solution at a simple affordable monthly fee
  • Laserfiche Avante for SME’s, NGO’s or other smaller operations
  • Laserfiche Rio for Enterprises

What is Laserfiche?

Laserfiche ECM provides the ability to establish and deploy information management standards throughout the enterprise while giving individual business units tools to customize the system to meet their specific needs. With document imaging, document management, business process management and records management baked into the core system architecture, Laserfiche makes it possible to standardize on a single ECM system – revolutionizing the way information is managed, shared and presented. (

Laserfiche foundation

Laserfiche forms a great foundation for document management in any organisation.

What is ECM?

Enterprise Content Management (ECM) is a formalized means of organizing and storing an organization’s documents, and other content, that relate to the organization’s processes. The term encompasses strategies, methods, and tools used throughout the lifecycle of the content. (Wikipedia)

Contact us for more details or a demonstration.

Supporting machines on an ADSL line (NAT) without port forwarding

We have often had the need to access client machines that are connected via an ADSL or other consumer type connections, but that typically requires the following to be done.

  1. Setup a dynamic DNS client (e.g. ddclient) on a machine inside the network to update the ddns address of the host whenever the IP address of the router on the client site changes.  See the note about ADSL in South Africa.  For instance could be updated by ddclient if the machine is running Linux. This could be the same machine that will be made accessible from outside the network (which is always a better idea than having this a windows since it will be accessible from the internet).
  2. Setup a port forward on the ADSL router for the port that you wish to access from an outside machine.  To access a web service on an machine behind an ADSL router, set up port 80 to forward to internal IP (e.g. port 80.  Of course, it is entirely feasible to set up port 88 to translate to 192.168.10:80 as well.  It makes a lot of sense to forward port 22 to this the machine, since ssh is secure and setting up a tunnel allows other services to be used as well via this port.

The above is totally in order if the machine that is set up internally is properly secured.  Using ssh to connect to the server with a password is however potentially a weak link, since the only this between a hacker and access to the machine is a password. There are better ways to make a secure connection.

Using digital keys allows the connection to made only from machines that have the key, provided we’re seeking ssh access.  If we want to access a database or webservice or another insecure service, making a persistent connection from inside to a designated server outside provides a very good and safe connection without any of the disadvantages of the above mentioned options.

AutoSSH persistent tunnels provide a great way to achieve this.  It doesn’t require a ddns client or port forwarding to deal with the NAT.  The connection is established automatically when the inside machine starts.



Note about ADSL in South Africa (and possible elsewhere)

In South Africa all ADSL connections are essentially from Telkom despite other ISPs reselling them.  Telkom changes the IP address every 24 hours in a crude attempt to prevent self-hosting on inhouse servers via relatively low cost ADSL services.  Using DDNS to fix this works well, except that for about 5 minutes per day when the update happens the potential is there to have the DNS still pointing at the old address (which has now been assigned to a new client) and any connection then routing to a different server than the intended one.  The place where this can potentially cause real trouble is if both the “old” client and the “new” one are running an email server and emails are delivered to the wrong server, which will probably bounce the messages back to the sender.

pfSense 2.1.2 has been released

pfSense Firewalland we are ready to implement it!

If you’re directly connected to the internet and don’t have a firewall, your computers are being pounded by botnets and hackers on a daily basis.  If you’re running Windows computers, they will get in sooner or later, but even Macintosh and Linux systems can leave you vulnerable although the latter one is probably the best bet in terms of security.   A firewall is the solution to having control over the situation.

While commercial “hardware” firewalls may sound better, the fact is that they’re not.


Get ready for Telviva!

Telviva will do for VoIP Telephony what Amazon EC2 is doing for server clouds.  Both where conceived in Cape Town, South Africa and both have the potential to turn the world as we know it upside down.

In essence Telviva is a cloud based telephony solution.  It means that you get whatever is necessary to make calls, record them, log them, and whatever else may be needed.  What a nice big VoIP server or two would give you, except you don’t pay for it (only actually a tiny portion of it), you don’t have to maintain it and it gets updated for you any time when needed.

All you need is a good internet connection, some decent phones (although less decent ones will work but no guarantees). If you want redundancy (a good idea if you’re in the bundus and your internet goes down from time to time) add a Runway-1 Appliance (which is a commoditised local Asterisk switch that will dial via an alternative provider like Telkom or Neotel should your internet link be down)

Please contact us for prices, call costs and further details.

References: Telviva, Amazon EC2, Asterisk

pfSense 2 is almost ready!

pfSense FirewallWe have been using m0n0wall and pfSense as a router and firewall solution for clients for quite some time now.  Both are rock solid workhorses that rival commercial routers and firewalls in stability, functionality and performance, yet are built on an open platform.   The latest version of pfSense brings some enterprise grade features needed in a larger network, as well as complete user administration. It all comes with the GUI that easy to use, yet offers access to practically all the features.

Not only do we support the pfSense and M0n0wall platforms, we will also install and maintain systems for SME’s and corporates.

It’s is a well known secret that Cisco, Microsoft, Apple and most other OEM’s have based their TCP/IP stack on FreeBSD.  Some have based their whole OS on it, like for example Apple with Mac OSX.  So it should come as no surprise that a firewall built on FreeBSD should be a best of breed product and provide a fully secure platform to be used as access gateway for any network.

With secure wireless support, multiple secure VPN protocol support, logging and failover and load balancing on internet and WAN links, this may just be the solution you have been looking for.

See full specs at the documentation page

More about m0nowall here and pfSense over here.