The announcement for the 1.2.3 snapshots advised caution because of some changes going in, and unknowns with the switch to FreeBSD 7.1. It has been well tested at this point, and I wouldn’t hesitate to use it in production if it contains something you need or a developer suggests using it. A timeline on a final release isn’t available at this time though.
The primary changes are:
IPsec connection reloading improvements – When making changes to a single IPsec connection, or adding an IPsec connection, it no longer reloads all your IPsec connections. Only the changed connections are reloaded. That wasn’t a big deal in most environments, but in some it means you can’t change anything in IPsec except during maintenance windows. This is being used in a critical production environment with 400 connections, and works well.
Dynamic site to site IPsec – because of the above change, it was trivial to add support for dynamic DNS hostnames in IPsec. While 1.2.x will not receive new features, this became an exception.
IPsec NAT-T support has also been added.
Upgrade to FreeBSD 7.1 – We never know what we might run into when changing FreeBSD versions. Sometimes a version change requires numerous changes in our code base, as going from 6.x to 7.0 did. Going from 7.0 to 7.1 hasn’t required many changes at all though. This was the primary reason for caution, and it has proven to be a non-issue. It also has proven to fix many hardware regressions between 6.2 and 7.0. A number of users have reported that hardware that worked fine on 6.2 stopped working on 7.0. In every case I’m aware of, 7.1 fixed that problem.
Wireless code update – Sam Leffler, one of the primary developers of wireless on FreeBSD, was kind enough to point us to the latest wireless code back ported from FreeBSD 8.0 to 7.1. There are companies shipping access points on this code base. Our 1.2.3 snapshots include this code, and several users have reported considerable improvements in compatibility, stability and performance.
Dynamic interface bridging bug fix – the bridging bug fix in 1.2.2 introduced a problem with bridging any dynamic/non-Ethernet interface, such as VLANs, tun, tap, etc. which has been fixed.