Tom, There are certain versions that are stable enough to use in production. Several of us are using trunk based images on production machines.
You can upgrade from 0.6.7 to trunk using the upgrade function, but several steps are required afterwards to upgrade the firewall configuration. If you use the web interface, you'll need to go to the Network tab, then select Firewall, and click 'save' on the Firewall page. When you click, 'Confirm restart firewall' it will prompt you to update the firewall config files. This assumes you are using the Arno firewall and not the astfw. astfw is not recommended any longer. It will not be included in the next release. I want to get a note on the documentation page on the website about this upgrade process and will try to do so before we release some beta images for testing. We have a few issues right now which affect very few people. Once that's worked out, I'll build some beta images. Darrick Tom Mazzotta wrote: > Darrick, > > I am interested in trying the trunk image. Is it stable enough to use in > production? If so, how do I go about downloading an image for a net 5501? > Should I flash a new CF card with it or is it safe enough to run an upgrade > on my existing CF image? Thanks! > > -tm > > -----Original Message----- > From: Darrick Hartman [mailto:dhart...@djhsolutions.com] > Sent: Thursday, September 17, 2009 6:33 PM > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] VPN with Cisco PIX > > Tom, > > If you're still struggling with this, let me know. I recently got this > working with a different Cisco end point using a trunk image. > > Darrick > > Lonnie Abelbeck wrote: >> Tom, >> >> IPsec "info" log level is usually quite useful on the AstLinux side. >> Either post it here, or email me privately. >> >> Yes, "Group 2" for Phase one and "PFS Group: 2" for Phase 2. If the >> PIX has "PFS Group: none" or "No perfect forward secrecy" this needs >> to be changed. >> >> Lonnie >> >> >> >> On Sep 15, 2009, at 12:26 PM, Tom Mazzotta wrote: >> >>> FYI, changing the address on the astlinux side definably helped. >>> However, even after doing that and adding double-quotes the pre- >>> shared key (on the PIX side only) we are still not connecting. The >>> final error is "phase1 negotiation failed due to time up", phase 2 >>> is also failing (due to timeout on phase 1). We will try to analyze >>> the logging on the PIX side next, but because the device is EOL, I >>> we won't get any support from Cisco. >>> >>> We are using "Group 2" for phase 1 in the PIX; should we be using >>> something else? I'm also checking if the PIX is configured for main >>> mode. Any other ideas? >>> >>> -----Original Message----- >>> From: Lonnie Abelbeck [mailto:li...@lonnie.abelbeck.com] >>> Sent: Tuesday, September 15, 2009 10:52 AM >>> To: AstLinux Users Mailing List >>> Subject: Re: [Astlinux-users] VPN with Cisco PIX >>> >>> >>> On Sep 15, 2009, at 8:33 AM, David Kerr wrote: >>> >>>> On Tue, Sep 15, 2009 at 9:10 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com >>>>> wrote: >>>> On Sep 14, 2009, at 10:17 PM, Tom Mazzotta wrote: >>>> >>>>> 3. Regarding the addressing, astlinux lead me to believe that it >>>>> supported a dynamic end-point because the default value in the >>>> local- >>>>> host ip field is $EXTIP. Is this a legit value, or should I change >>>>> it to the actual IP used by the WAN i/f, even if it might change in >>>>> the future? Is it possible that a future version might support at >>>>> least one dynamic endpoint? >>>> If you are using DHCP for the external interface, then you can't use >>>> $EXTIP as the local-host value, instead use the actual IP address. >>>> (or >>>> 0.0.0.0 wildcard) >>>> >>>> Would it be possible to use a URL and DNS lookup? For example >>>> xxxx.dyndns.org that is registered and kept up-to-date with inadyn? >>>> >>>> David >>> No, not with IPsec using 'main' mode, the actual IP address is a part >>> of the security policy. >>> >>> Using certificates is a solution, but trunk/0.7 does not support that. >>> >>> Also a FQDN 'could' be used as an identity, but that requires the use >>> of 'aggressive' mode which has security issues, so we chose not to >>> support that. >>> >>> Lonnie >>> >>> ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
