Jesse,

> Anyway, I guess it isn't a big deal as I've got it working now. It was
> just strange, and it took about 10 minutes to fix.
> 

I've got the same problem with 1.2b6 :-(

I've really been fighting against that for months and it believe that 
version 1.1b1 (or 1.2b2) had [partially] solved the problem.

Unfortunately, versions 1.2b5 and 1.2b6 do not include the new SA 
preferral patches (which were introduced in version 1.1b1). We'll have 
to wait until Manuel and Fred port the patch to FreeBSD 5.3...

See (from Manuel):

 > I still have several contributed patches lying around, waiting to be
 > integrated. Also, Fred Wright's ipfilter window scaling and IPsec new
 > SA preferral patches aren't in this release yet because they may need
 > changes for 5.3 (especially the IPsec one).


In addition, I can tell you that I use Fred Wright's "pinger trick" to 
trigger the link at boot time. Very usefull if you use PPPoE on WAN. See 
below:

<shellcmd>echo &gt;/tmp/pinger.sh sleep 10</shellcmd>
<shellcmd>echo &gt;&gt;/tmp/pinger.sh ping -i 10 -c 6 -S '$1' 
'$2'</shellcmd>
<shellcmd>echo &gt;&gt;/tmp/pinger.sh exec ping -i 600 -S '$1' 
'$2'</shellcmd>
<shellcmd>sh /tmp/pinger.sh 10.0.0.1 192.168.1.0 &gt;/dev/null 
2&gt;/dev/null&amp;</shellcmd>

where 10.0.0.1 = "local" m0n0wall IP (LAN interface)and 192.168.1.1 = 
remote *network* address (no need to actually reach something, we just 
want to "stimulate" IPsec a bit)

Cheers,

-- Vincent