diff --git a/roles/arp/files/apate/lib/apate_redis.py b/roles/arp/files/apate/lib/apate_redis.py
index 086ed272..fdc96593 100644
--- a/roles/arp/files/apate/lib/apate_redis.py
+++ b/roles/arp/files/apate/lib/apate_redis.py
@@ -267,13 +267,14 @@ def check_device_disabled(self, mac):
         """
         # True if devices is disabled
         # return self.redis.get(self._get_device_name(mac, network or self.network, enabled=False)) is not None
-        return self.redis.sismember(self.get_excluded_key(), mac)
+        return self.redis.sismember(self.get_excluded_key(), str(mac).lower())
 
     def _toggle_device(self, mac, ip, network, enabled):
         # add new device first and delete old device afterwards
         # this is done to avoid race conditions
         # self.add_device(mac, self.get_device_ip(mac, network, enabled=not enabled), network, enabled=enabled, force=True)
         # self.remove_device(mac, network, enabled=not enabled)
+        mac = str(mac).lower()
         if not enabled:
             self.redis.sadd(self.get_excluded_key(), mac)
         else:
diff --git a/roles/arp/files/apate/lib/daemon_app.py b/roles/arp/files/apate/lib/daemon_app.py
index 80898d51..2e9dc283 100644
--- a/roles/arp/files/apate/lib/daemon_app.py
+++ b/roles/arp/files/apate/lib/daemon_app.py
@@ -255,7 +255,7 @@ def __init__(self, logger, interface, pidfile, stdout, stderr, dns_file):
 
     def exit(self, signal_number, stack_frame):
         """This method is called from the python-daemon when the daemon is stopping.
-        Threads are stopped and clients are despoofed via _return_to_normal().
+        Processes are stopped and clients are despoofed via the processes _return_to_normal().
         """
         if self.processv4:
             self.processv4.shutdown()
@@ -282,7 +282,7 @@ def run(self):
 
         # a child-process object has to be created in the same parent process as the process that wants to start the child
         # __init__ is called inside the initial process, whereas run() is called inside the newly created deamon process
-        # therefore create the process here
+        # therefore create the processes here
         if self.ipv4:
             self.processv4 = SelectiveIPv4Process(self.logger, self.interface, self.ipv4)
             self.processv4.start()
diff --git a/roles/arp/files/apate/lib/daemon_process.py b/roles/arp/files/apate/lib/daemon_process.py
index ef2a69c0..211c4cd6 100644
--- a/roles/arp/files/apate/lib/daemon_process.py
+++ b/roles/arp/files/apate/lib/daemon_process.py
@@ -148,10 +148,7 @@ def __init__(self, logger, interface, ipv6):
         Args:
             logger (logging.Logger): Used for logging messages.
             interface (str): The network interface which should be used. (e.g. eth0)
-            pidfile (str): Path of the pidfile, used by the daemon.
-            stdout (str): Path of stdout, used by the daemon.
-            stderr (str): Path of stderr, used by the daemon.
-            dns_file (str): Path of file containing the nameservers.
+            ipv6 (collection.namedtuple): collection of network information
 
         Raises:
             DaemonError: Signalises the failure of the daemon.
@@ -182,18 +179,16 @@ def __init__(self, logger, interface, ipv6):
 
     def _return_to_normal(self):
         """This method is called when the daemon is stopping.
-        First, sends a GARP broadcast request to all clients to tell them the real gateway.
-        Then ARP replies for existing clients are sent to the gateway.
-        If IPv6 is enabled, Apate tells the clients the real gateway via neighbor advertisements.
+        Apate tells the clients the real gateway via neighbor advertisements.
         """
-        # spoof clients with GARP broadcast request
+        # spoof clients with nd advertisements
         with self.sleeper:
             # check if the impersonation of the DNS server is necessary
             tgt = (self.ipv6.gateway, self.ipv6.dns_servers[0]) if util.is_spoof_dns(self.ipv6) else (self.ipv6.gateway,)
 
             for source in tgt:
                 sendp(Ether(dst=ETHER_BROADCAST) / IPv6(src=source, dst=MulticastPingDiscoveryThread._MULTICAST_DEST) /
-                      ICMPv6ND_NA(tgt=source, R=0, S=0) / ICMPv6NDOptDstLLAddr(lladdr=self.ipv6.gate_mac))
+                      ICMPv6ND_NA(tgt=source, R=1, S=0, O=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ipv6.gate_mac))
 
     def shutdown(self):
         self.exit.set()
@@ -228,7 +223,7 @@ def run(self):
 
                 for source in tgt:
                     packets.extend([Ether(dst=dev[1]) / IPv6(src=source, dst=dev[0]) /
-                                    ICMPv6ND_NA(tgt=source, R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ipv6.mac)
+                                    ICMPv6ND_NA(tgt=source, R=1, S=1, O=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ipv6.mac)
                                     for dev in self.ipv6.redis.get_devices_values(filter_values=True)])
 
                 sendp(packets)
@@ -257,7 +252,7 @@ def spoof_devices(ip, devs, logger):
             for source in tgt:
                 if not ip.redis.check_device_disabled(util.get_device_mac(entry)):
                     sendp([Ether(dst=dev_hw) / IPv6(src=source, dst=dev_ip) /
-                           ICMPv6ND_NA(tgt=source, R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.mac)])
+                           ICMPv6ND_NA(tgt=source, R=1, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.mac)])
                 else:
                     sendp([Ether(dst=dev_hw) / IPv6(src=source, dst=dev_ip) /
-                           ICMPv6ND_NA(tgt=source, R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.gate_mac)])
+                           ICMPv6ND_NA(tgt=source, R=1, S=1) / ICMPv6NDOptDstLLAddr(lladdr=ip.gate_mac)])
diff --git a/roles/arp/files/apate/lib/misc_thread.py b/roles/arp/files/apate/lib/misc_thread.py
index e433d5dd..bfb0ab8a 100644
--- a/roles/arp/files/apate/lib/misc_thread.py
+++ b/roles/arp/files/apate/lib/misc_thread.py
@@ -122,6 +122,7 @@ class PubSubThread(threading.Thread):
     __SUBSCRIBE_TO = "__keyevent@{}__:expired"
     """Used to subscribe to the keyspace event expired."""
     __SUBSCRIBE_TOO = "__keyspace@{}__:{}"
+    """Used to subscribe to the keyspace event creation for a specific key."""
 
     def __init__(self, ip, logger, handler):
         """Initialises the thread.
diff --git a/roles/arp/files/apate/lib/sniff_thread.py b/roles/arp/files/apate/lib/sniff_thread.py
index a0aea33b..6462acb6 100644
--- a/roles/arp/files/apate/lib/sniff_thread.py
+++ b/roles/arp/files/apate/lib/sniff_thread.py
@@ -280,7 +280,7 @@ def _packet_handler(self, pkt):
             self.logger.exception(e)
 
     def _icmpv6_handler(self, pkt):
-        """"This method is called for each ICMPv6 echo reply packet or multicast listener report packet
+        """This method is called for each ICMPv6 echo reply packet or multicast listener report packet
         received through scapy's sniff function.
         Incoming packets are used to spoof involved devices and add new devices
         to the redis db.
@@ -293,7 +293,7 @@ def _icmpv6_handler(self, pkt):
         # impersonate gateway
         if not self.ip.redis.check_device_disabled(pkt[Ether].src):
             sendp(
-                Ether(dst=pkt[Ether].src) / IPv6(src=self.ip.gateway, dst=pkt[IPv6].src) / ICMPv6ND_NA(tgt=self.ip.gateway, R=0, S=1) /
+                Ether(dst=pkt[Ether].src) / IPv6(src=self.ip.gateway, dst=pkt[IPv6].src) / ICMPv6ND_NA(tgt=self.ip.gateway, R=1, S=1) /
                 ICMPv6NDOptDstLLAddr(lladdr=self.ip.mac)
             )
 
@@ -302,5 +302,5 @@ def _icmpv6_handler(self, pkt):
             if not self.ip.redis.check_device_disabled(pkt[Ether].src):
                 sendp(
                     Ether(dst=pkt[Ether].src) / IPv6(src=self.ip.dns_servers[0], dst=pkt[IPv6].src) /
-                    ICMPv6ND_NA(tgt=self.ip.dns_servers[0], R=0, S=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ip.mac)
+                    ICMPv6ND_NA(tgt=self.ip.dns_servers[0], R=1, S=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ip.mac)
                 )
diff --git a/roles/arp/files/apate/requirements.txt b/roles/arp/files/apate/requirements.txt
index e27c1f78..12f75655 100644
--- a/roles/arp/files/apate/requirements.txt
+++ b/roles/arp/files/apate/requirements.txt
@@ -3,5 +3,5 @@ netaddr==0.7.19
 netifaces==0.10.5
 python-daemon==2.1.2
 redis==2.10.5
-scapy==2.3.3
+scapy==2.4.3
 dnspython==1.15.0
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 5e27b0aa..c74bcd1e 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -21,6 +21,10 @@
   file: path=/var/log/log state=directory owner=root group=tmp-logger mode=0771
   when: env == "development"
 
+- name: try to disable swapfile
+  service: name=dphys-swapfile state=stopped enabled=no
+  ignore_errors: yes
+
 - name: create tmpfs for logging
   lineinfile:
     dest: /etc/fstab
diff --git a/roles/common/templates/logrotate_rsyslog b/roles/common/templates/logrotate_rsyslog
index 42cc35be..9a40e89a 100644
--- a/roles/common/templates/logrotate_rsyslog
+++ b/roles/common/templates/logrotate_rsyslog
@@ -3,11 +3,12 @@
     su root tmp-logger
 	rotate 0
 	daily
-    maxsize 10M
+    maxsize 5M
 	missingok
 	notifempty
 	postrotate
-		invoke-rc.d rsyslog rotate > /dev/null
+		service rsyslog rotate > /dev/null
+		service rsyslog restart > /dev/null
 	endscript
 }
 
@@ -32,6 +33,7 @@
     maxsize 10M
 	sharedscripts
 	postrotate
-		invoke-rc.d rsyslog rotate > /dev/null
+		service rsyslog rotate > /dev/null
+		service rsyslog restart > /dev/null
 	endscript
 }
diff --git a/roles/fingerprinting/files/registrar/lib/misc_thread.py b/roles/fingerprinting/files/registrar/lib/misc_thread.py
index c90fde16..67d93774 100644
--- a/roles/fingerprinting/files/registrar/lib/misc_thread.py
+++ b/roles/fingerprinting/files/registrar/lib/misc_thread.py
@@ -63,8 +63,10 @@ def run(self):
                         if devices:
                             ans, unans = arping(devices, iface=None, verbose=0)
                             for device in ans:
-                                if check_preconditions(device[1][ARP].psrc, device[1][ARP].hwsrc):
-                                    insert_or_update_fingerprint(self.conn, ip=device[1][ARP].psrc, mac=device[1][ARP].hwsrc)
+                                ip_addr = device[1][ARP].psrc
+                                mac_addr = str(device[1][ARP].hwsrc).lower()
+                                if check_preconditions(ip_addr, mac_addr):
+                                    insert_or_update_fingerprint(self.conn, ip=ip_addr, mac=mac_addr)
 
                         self.logger.info("checked no mode devices: " + str(devices))
 
diff --git a/roles/fingerprinting/files/registrar/requirements.txt b/roles/fingerprinting/files/registrar/requirements.txt
index 779bfde4..70364564 100644
--- a/roles/fingerprinting/files/registrar/requirements.txt
+++ b/roles/fingerprinting/files/registrar/requirements.txt
@@ -1,5 +1,5 @@
 python-daemon==2.1.2
-scapy==2.3.3
+scapy==2.4.3
 netaddr==0.7.19
 http-parser==0.8.3
 xmltodict==0.11.0
diff --git a/roles/nginx/templates/sites-available/upri_interface b/roles/nginx/templates/sites-available/upri_interface
index e0234ec4..05c602a8 100644
--- a/roles/nginx/templates/sites-available/upri_interface
+++ b/roles/nginx/templates/sites-available/upri_interface
@@ -14,8 +14,8 @@ server {
     # the port your site will be served on
     listen 80;
     listen [::]:80;
-    listen 4300 ssl;
-    listen [::]:4300 ssl;
+    listen 4300 ssl http2;
+    listen [::]:4300 ssl http2;
     ssl_certificate     /etc/ssl/certs/interfaceCert.pem;
     ssl_certificate_key /etc/ssl/private/interfaceKey.pem;
     ssl_protocols TLSv1.2;
@@ -33,6 +33,11 @@ server {
     error_log {{default_settings.log.general.path}}/{{default_settings.log.nginx.logfiles.interface_error}} error;
 
     location /static {
+        gzip on;
+        gzip_vary on;
+        gzip_min_length 10240;
+        gzip_types text/plain text/css text/javascript application/javascript;
+        gzip_disable "MSIE [1-6]\.";
         alias /usr/local/static/upribox_interface/; # your Django project's static files - amend as required
     }
 
diff --git a/roles/privoxy/tasks/main.yml b/roles/privoxy/tasks/main.yml
index 4f37718d..b6e57a28 100644
--- a/roles/privoxy/tasks/main.yml
+++ b/roles/privoxy/tasks/main.yml
@@ -58,5 +58,5 @@
   file: path={{other_env.default_settings.log.general.path}}/{{other_env.default_settings.log.privoxy.subdir}} state=absent
   when: res|changed
 
-- name: modify logrotate.d entry
-  file: path=/etc/logrotate.d/privoxy state=absent
+- name: create logrotate.d entry
+  template: src=privoxy-logrotate.j2 dest=/etc/logrotate.d/privoxy
diff --git a/roles/privoxy/templates/privoxy-logrotate.j2 b/roles/privoxy/templates/privoxy-logrotate.j2
new file mode 100644
index 00000000..3e555568
--- /dev/null
+++ b/roles/privoxy/templates/privoxy-logrotate.j2
@@ -0,0 +1,13 @@
+{{default_settings.log.general.path}}/{{default_settings.log.privoxy.subdir}}/{{ default_settings.log.privoxy.logfiles.logname }}
+{
+  su root tmp-logger
+  rotate 0
+  daily
+  missingok
+  notifempty
+  maxsize 10M
+  sharedscripts
+  postrotate
+        /etc/init.d/privoxy restart > /dev/null
+  endscript
+}
\ No newline at end of file
diff --git a/roles/squid/templates/conf b/roles/squid/templates/conf
index 04374f89..718b3931 100644
--- a/roles/squid/templates/conf
+++ b/roles/squid/templates/conf
@@ -53,7 +53,7 @@ http_port 3128 intercept
 #
 cache_peer 127.0.0.1 parent 8118 0 no-query default no-digest no-netdb-exchange
 cache_peer ::1 parent 8119 0 no-query default no-digest no-netdb-exchange
-cache_mem 128 MB
+cache_mem 64 MB
 
 logformat useragent_short %>eui;|;%>a;|;%"{User-Agent}>h;|;%ts.%tu
 access_log daemon:{{ default_settings.log.general.path }}/{{ default_settings.log.squid.subdir }}/{{ default_settings.log.squid.logfiles.logname }} useragent_short
diff --git a/roles/upri_config/files/upri-config/requirements.txt b/roles/upri_config/files/upri-config/requirements.txt
index 1b6bc25d..a3a1ae98 100644
--- a/roles/upri_config/files/upri-config/requirements.txt
+++ b/roles/upri_config/files/upri-config/requirements.txt
@@ -4,6 +4,6 @@ redis==2.10.5
 netifaces==0.10.5
 netaddr==0.7.19
 argcomplete==1.8.2
-scapy==2.3.3
+scapy==2.4.3
 requests[security]==2.20.0
 miniupnpc==1.9
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 3be1c08c..ca31d9fc 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -136,6 +136,9 @@
     - restart openvpn
     - restart openvpn-su
 
+- name: deploy Server Certificate renewal cronjob
+  template: src=server-cert-renewal.sh dest=/etc/cron.weekly/openvpn-server-cert owner=root group=root mode=0755
+
 - name: deleting unused files
   file: path={{item}} state=absent
   with_items:
diff --git a/roles/vpn/templates/server-cert-renewal.sh b/roles/vpn/templates/server-cert-renewal.sh
new file mode 100644
index 00000000..02977608
--- /dev/null
+++ b/roles/vpn/templates/server-cert-renewal.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+days=60
+
+#Test if certificate expires in the next 60 days
+/usr/bin/openssl x509 -checkend $(($days * 24 * 3600)) -in /etc/openvpn/ca/serverCert.pem
+
+if [ $? -eq 1 ]
+then
+  openssl ca -in /etc/openvpn/ca/serverReq.pem -days 730 -batch -out /etc/openvpn/ca/serverCert.pem -notext -cert /etc/openvpn/ca/caCert.pem -keyfile /etc/openvpn/ca/caKey.pem
+  service openvpn-su restart
+fi
diff --git a/upribox_interface/www/templates/base.html b/upribox_interface/www/templates/base.html
index b55db409..e4595d0f 100644
--- a/upribox_interface/www/templates/base.html
+++ b/upribox_interface/www/templates/base.html
@@ -99,7 +99,7 @@ <h1>
 		<!--<script type="text/javascript" src="{% static "js/vendor/chartist.min.js" %}"></script>
 		<script type="text/javascript" src="{% static "js/vendor/chartist-plugin-fill-donut.min.js" %}"></script>-->
 
-		<script type="text/javascript" src="{% static "js/vendor/plotly_customized.js" %}"></script>
+		<script async type="text/javascript" src="{% static "js/vendor/plotly_customized.js" %}"></script>
 		<!--
             there are two things customized in ploty.js.
              For this two changes, three (very small) parts in the code have been added and one line has been slightly changed.
@@ -112,7 +112,7 @@ <h1>
 		<script type="text/javascript" src="{% static "js/vendor/zxcvbn.js" %}"></script>
 
         <script type="text/javascript" src="{% static "js/vendor/js-cookie-2.0.2.js" %}"></script>
-        <script type="text/javascript" src="{% static "js/vendor/qrcode.min.js" %}"></script>
+        <script async type="text/javascript" src="{% static "js/vendor/qrcode.min.js" %}"></script>
 
         {% block mainjs %}
 		      <script type="text/javascript" src="{% static "js/main.js" %}"></script>