You da man!
* The switch is not managed. It is an inexpensive D-Link 24-port.
* I checked the capabilities of the LAN nic which is as follows:
$ ifconfig -m
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
media: Ethernet 10baseT/UTP <full-duplex>
media 10baseT/UTP mediaopt full-duplex
media 10baseT/UTP mediaopt half-duplex
I downloaded the config.xml file and edited the interfaces/(if)/mediaopt as follows:
I uploaded, it rebooted, and came up as full duplex!
Full duplex should give our users a better experience.
I also did a little test this morning where I updated the left end of the tunnel with my new IP
address, saved, applied changes, and then rebooted all three m0n0wall servers.
In the past, I never rebooted, because business was being conducted, but right now it is early
Sunday morning and I can reboot.
I tested by doing the ping from the "right" end and it worked!
So it's probably not a configuration problem.
The problem of the tunnel only initiating from the left apparently only happens when "Apply Changes"
is pressed on the ipsec page.
I just won't do that anymore until that is resolved.
I'll have to look into the dynamic DNS suggestion you gave us.
I didn't know I could use a DNS entry in the VPN page either.
In the meantime, if I have a new IP, I'll only connect using our PPTP connection.
I thank you,