Neil,

You da man!

* The switch is not managed. It is an inexpensive D-Link 24-port.
* I checked the capabilities of the LAN nic which is as follows:

$ ifconfig -m
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=9<RXCSUM,VLAN_MTU>
	capabilities=49<RXCSUM,VLAN_MTU,POLLING>
	inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
	ether 00:01:02:73:a3:9e
	media: Ethernet 10baseT/UTP <full-duplex>
	status: active
	supported media:
		media 10base2/BNC
		media 10baseT/UTP mediaopt full-duplex
		media 10baseT/UTP mediaopt half-duplex
		media 10baseT/UTP

I downloaded the config.xml file and edited the interfaces/(if)/mediaopt as follows:

<mediaopt>full-duplex</mediaopt>

I uploaded, it rebooted, and came up as full duplex!
Full duplex should give our users a better experience.



I also did a little test this morning where I updated the left end of the tunnel with my new IP
address, saved, applied changes, and then rebooted all three m0n0wall servers.
In the past, I never rebooted, because business was being conducted, but right now it is early
Sunday morning and I can reboot.

I tested by doing the ping from the "right" end and it worked!
So it's probably not a configuration problem.
The problem of the tunnel only initiating from the left apparently only happens when "Apply Changes"
is pressed on the ipsec page.

I just won't do that anymore until that is resolved.

I'll have to look into the dynamic DNS suggestion you gave us.
I didn't know I could use a DNS entry in the VPN page either.

In the meantime, if I have a new IP, I'll only connect using our PPTP connection.

I thank you,

Joe