Archive for March, 2007

Prepare IPtables for the Cisco VPN Client

Hi out there,

installing the Cisco VPN Client 4.8.00 should be no problem (just run “vpninstall” with kernel headers installed). But running it from the notebook in an insecure environment needs a host firewall on the mobile device. I love setting the default policies of a chain to “DROP”!

But the VPN Client communicates via loopback interface, and complains with

The application was unable to communicate with
the VPN sub-system.

So use this ruleset for peace:
Read more…

By Martin Klier in Linux / Unix  .::. (Add your comment)

How to create a self-signed OpenSSL certificate

Hi folx,

if you want to create a self-signed certificate with OpenSSL (useful for encryption-only purposes, e.g. your own mailserver) just do the following:

openssl req -x509 -nodes -days 365
-subj '/C=DE/ST=Bayern/L=Munich/'
-newkey rsa:2048 -keyout key4cert.pem
-out cert.pem

It means:
“-nodes” makes the key unencrypted
“-days” makes it valid for n days
“-subj” provides your personal info for the cert, take care of the “CN” – it has to be your hostname as called by the client. Otherwise the client will always complain about a difference between the cert and the reality :)
“-newkey” makes it a rsa key with 2048 bits

Thanks a lot to!

Use it right, use it tight.


By Martin Klier in Linux / Unix  .::. (Add your comment)

Lost, deleted or corrupted a voting disk (quorum) in Oracle RAC 10.2 ?

Hi Folx,

whenever you lost, deleted or corrupted a quorum aka voting disk in Oracle Real Application Cluster (RAC) 10.2, you have three options:

1) Reinstall your Clusterware, see Metalink Note 279793.1

2) Replay a backup taken with
“dd if=/dev/votingdisk of=/backup/votingfile bs=4k”

3) Have a look at Metalink Note 399482.1 and the RAC Administration and Deployment Guide at
RAC Administration and Deployment Guide:
You will find the
“crsctl add css votedisk /dev/xyz [-force]” and the
“crsctl delete css votedisk /dev/xyz [-force]”
commands most useful, I guess.

You may want to use them on a “cold” RAC, so no (further) corruption must be feared. This is the only situation you can savely use the -force option. On “hot” RAC, -force probably will destroy your setup.

If you have only one single corrupted voting disk (like I had), you can add a “dummy” one (loopback device or spare LUN), drop the old/real one, create a new voting disk on the old device, and drop the dummy. Worked very well.

Good luck,

By Martin Klier in Oracle  .::. (Add your comment)

How to move or add a controlfile when ASM is involved

Hi folx,

sometimes, you may want to add or move a controlfile. On OS file system, this is no problem. Just “shutdown immediate”, change the CONTROL_FILES init parameter, copy or move the controlfile, and startup again.

With ASM involved this is not possible, since the ASM does not allow direct move or copy commands. You need the recovery manager RMAN for this. Easiest way is, use Oracle Managed Files (OMF) for all your files.

Please read the whole post before taking any action. You do everything posted here at your own risk, I am not responsible for damage to your database, your data or your machine at all.

My example tells how to move a controlfile from one disk to another, while another controlfile keeps untouched. Preface: control_files parameter has been
Read more…

By Martin Klier in Oracle  .::. (Add your comment)

Grid Control Agent install without Metalink Access

Hi folx,

if you ever need to install Grid Control Agent 10g, there will be no option to avoid configuration of your Metalink Access Data. But you may want to avoid this.

The trick is simple: Just decline the License Agreement in the middle of the runInstaller process. The function of agent will be installed, but not configured then.

Not very intuitive.


By Martin Klier in Oracle  .::. Read Comment (1)

Asterisk at Usn’s


Asterisk PBX is a very smart telephone system for home, office and enterprise use. In December 2006 I had to decide between purchasing a new ISDN/analogous system for about 2 external ISDN- and 20 internal extension lines or trying something new, even cheaper.

The Pros and Contras of Asterisk for me have been:
Read more…

By Martin Klier in Asterisk  .::. (Add your comment)

Just another blog?

Hi folx,

you may think: “Just another blog?” – and you may be right. But I had the intention to make notes about my IT work – why not publishing them? So this blog will provide hints and config snippets out of my daily life.

I hope, here you can find what you are looking for. If not, just come back later – stay tuned!


By Martin Klier in About this blog  .::. (Add your comment)

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.