Hi there,

Today we switch to OpenVPN 2.6 including deferred authentication which we know some people have been waiting for. The routing subsystem received a refactor to integrate default gateway switching into the actual routing code.

Suricata was finally updated to a newer release since the Netmap (IPS) stall bug inside their code had been found and fixed while we were still using an older code base that did not have the error.

Please also note that OpenVPN does no longer support the XOR feature due to FreeBSD ports blocking these types of out-of-project contributions and OpenVPN itself was never interested in supporting it natively. We have been keeping this alive since 2015, but several alternatives exist now that were not available back then.

Here are the full patch notes:

A hotfix release was issued as 23.1.7_3:


Stay safe,
Your OPNsense team