[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: ipsec vpn starts one-way
 Date:  Sun, 20 Apr 2008 22:20:49 -0400
On Sun, Apr 20, 2008 at 10:04 PM, Joe <j dot commisso at verizon dot net> wrote:
> Fred,
>  I removed the nic setting and now it is back to defaulting to
>  half-duplex.

Fred is 100% correct. I bet if you go look at Status -> Interfaces, if
you haven't already rebooted the box, you'll see your collisions went
up exponentially after you did that. Except these were late collisions
(m0n0wall doesn't differentiate, some managed switches do) which means
duplex mismatch, and is vastly worse than the normal collisions on

Never force speed and duplex. If you have to, make sure it's done on
both the switch and the device. You can never force full duplex with
unmanaged switches, they require autonegotiation and will fall back to
half duplex if they don't get it. That's a requirement of nway
autonegotiation, to retain backwards compatibility (old gear that
doesn't autonegotiate is half duplex).

Assuming you have just a two interface, LAN and WAN firewall, it's of
no consequence which side you use for the 10 Mb card. I'd leave it as
is until you can upgrade the hardware to something made in this
decade.  ;)