Dear all,

We are deliberately skipping waiting for OpenSSL to announce their new version today as the roundtrip time for incorporating patches and updates into FreeBSD and maybe also LibreSSL will likely delay an update to next week. We will simply do a 16.7.5 next week as well and let 16.7.4 stand on its own feet.

The prominent theme of this update is CARP. We have identified a number of issues with the way it was being set up and reverted the process back to what BSD standards recommend. We have a shiny new test lab to preview and scrutinise these changes in a larger environment. The tests were promising. Let us know what you think!

Another thing is the introduction of the Intel Gigabit driver plugin based on the stock driver code version 7.6.2 as multiple reports popped up regarding driver reliability. If you are having trouble with CARP or intrusion detection IPS mode with your em(4) driver, try installing the new plugin and reboot to activate.

The full list of changes is a follows:


Stay safe,
Your OPNsense team