Hi all,
I'm thinking of replacing my Intel N series Chinese job for an official DEC750, the newer one with 2.5G Ethernet.
I'm used to doing all sorts of tunables for the N series.
I was wondering, if I wanted to put Community Edition on it, what would I need out of the box after a fresh install?
It would be used for routing only via SFP+, 5 gig (leased line), no NAT, or IDS or anything.
I'm assuming the AMD chipset as a minimum but just wondered what else I might need. I read about configuring RSS etc, but thought I'd ask the experts.
Thanks for any input.
p.S: it's 5Gb on a 10Gb bearer, so both sides are 10Gb.
If you use the N100 and higher series just for L3/L4 FW and routing it should have enough performance to route 5 to 10G.
You actually don't need to do anything out of box per say, if you choose such device that has fully supported NICs. There is a simple rule "do no tune for the sake of tuning." Tune only if you really need it.
Just be aware of few things:
1. Get a miniPC that has supported NIC, this goes for the TE and well SFP+
2. Be aware of temps. These miniPCs are small and SFP+ can increase temps quiet a lot of them.
3. Stability is sometimes questionable in regards of memory. You could hit such a box that will have problem with memory modules and you will have to try out various ones.
Regards,
S.
This is exactly why I'm looking at the DEC750.
I'm using an N100 in a business scenario already, which recently is displaying odd behaviour.
The price of the DEC is acceptable to the business, but I prefer to run community edition.
Rather than buying more Chinese variants on AliExpress, I'd rather get supported hardware for the job and hope, it just works.
I appreciate I'd have to fiddle with importing the config due to interface names, but hoping the DEC750 can directly replace the N100...which does currently route the 5 gig with no issues.
One of the best things about DEC is they provide specs. Specs in regards of performance.
System Performance
Firewall Throughput 10Gbps
Firewall Packets Per Second 830Kpps
Firewall Port to Port Throughput 8.5Gbps
Firewall Port to Port Packets Per Second 719Kpps
Concurrent Sessions 7000000
Firewall Latency (average) 150us
Firewall Policies (Recommended Maximum)1 10000
IPsec VPN Throughput (AES256GCM16) 1.2Gbps
IPsec VPN Packet Per Second (AES256GCM16) 107Kpps
Threat Protection Throughput Packet Per Second ~85Kpps
Threat Protection Throughput ~1Gbps
High Availability with State Synchronisation Requires Two
These specs are created by testing, their HW on their OS (OPNsense). So there is a guarantee that if you buy the official HW you should get this performance. When you buy the DEC it comes with 1y of BE, but nobody is stopping you to slap there CE right away. There is a lot of ppl that run DECs but using CE on them cause they like to get the newest features.
The MiniPC knockoffs are not bad, I am happy to see that we can run OPNsense on various HW. But if you do not want to tinker, or have enough of potential random stuff, going for DEC is the way.
Even tough I am running all my stuff of these knockoffs, I will always advice to go for DEC. Cause its a quality device and looks sexy. And not everyone has the strength to tinker.
Regards,
S.
I also agree.
I'm currently running 4 different OPNSense on the Chinese hardware, with no major issues, but as this is so critical for work, I think I'd feel better with a DEC.
The device in question is an R86S-G2, which has a super weird issue it has developed with one of the SFP+ ports which can be resolved by rebooting x number of times, but causes me a headache after upgrades. I have ordered another one, but it's going to take a month to get to me, so thought, why not just buy a DEC.
I'll look into ordering the DEC750 tomorrow, and see if I can import my config....
I have a few DEC750 and I run development, community and business versions on them and scrap their setups all the time to build new test setups.
One also runs as my main router with the community version.
Theres no limit in which software you can run. Its also very stable, nothing weird ever happens.
(Disclaimer I work for Deciso)
Migrating config between HW is actually easy, usually.
What you need to know is what are the names of the NICs on the new device. On you have it you just edit your config and replace the current interface name with the new one. After that you import it to new device, reboot and done. This is how I migrated HW from (APU) igb to (N5105) igc.
Regards,
S.
Quote from: Monviech (Cedrik) on December 07, 2025, 09:21:43 PMOne also runs as my main router with the community version.
I will nitpick :D.... Your signature says you use the older 740...
Regards,
S.
This might have a work-around (I'm curious to know) but my concern about DEC750 is the single USB port. The procedure for importing configs on a fresh install requires two ports in tandem: https://docs.opnsense.org/manual/install.html#opnsense-importer
Can you just pull out the live installer USB and insert the second one when prompted, then swap back?
Also curious: Ryzen V1500B supports ECC. Is it used?
Otherwise, from what I can tell, the N100 and embedded Ryzen are quite similar with tradeoffs mainly in clock speed (routing) vs. threads (VPN capacity, etc). Slight edge to N100 for power draw. Probably the edge goes to Ryzen for stabilty and lack of "quirks."
Design, hands down, goes to the DEC. If I have the budget for it, that is the device I would prefer to look at :)
The DEC740 is not older its the same as the DEC750 with 4GB/128GB instead of 8GB/256GB.
Regarding restore I usually advice to disregard the config importer during installation and just import in the WebGUI afterwards, way easier (for me).
As far as I know ECC isnt used.
Quote from: Monviech (Cedrik) on December 07, 2025, 10:06:58 PMThe DEC740 is not older its the same as the DEC750 with 4GB/128GB instead of 8GB/256GB.
Oh yes you are right!
I always forget there are 2 versions of DEC per its class.
Regards,
S.
I have ordered one this morning, FedEx priority shipping to the UK, so hope it will be here soon.
Fingers crossed...
Nice I hope you will like it, I think its great hardware.
So just to be extremely clear for me:
1. Should I install the AMD Microcode plugin on a DEC750, or not? Whats the recommended idealogy.
2. I'm assuming I'll update the BIOS day 1, to make sure it's fully up to date.
3. Is there any value in enabling HyperThreading? AMD CBS -> Zen Common Options -> Core/Thread Enablement -> SMTEN
I'm just looking at the BIOS update instructions, and 1 and 3 are mentioned, but no recommendation.
The final thing, is my current backup came from an install with the Intel Microcode plugin installed, which obviously I dont want with this device.
Is this easy to remove from the config before importing?
TIA
The plugins are not automatically installed. They will show in the Firmware page as missing after config import. Just don't install the ones you do not need.
I wouldn't update the bios nor install a microcode plugin, just keep it as it is. I'd only update or install these if there is a serious reason to do so, and currently I don't know of any (does not mean I assume I'm 100% right, "Jeder ist seines Glückes Schmied").
Quote from: Monviech (Cedrik) on December 08, 2025, 11:52:20 AM[...]I wouldn't update the bios nor install a microcode plugin[...]
I concur, if consensus matters. Although I do update my BIOS, as I use consumer motherboards.
Quote from: ProximusAl on December 08, 2025, 11:35:31 AM[...]3. Is there any value in enabling HyperThreading? AMD CBS -> Zen Common Options -> Core/Thread Enablement -> SMTEN[...]
It depends on your workload. SMT is generally not detrimental. You could always test it, although conclusive results might be hard to come by.
I leave it enabled on mine, but I use overpowered consumer hardware.
There is something wrong with the web shop.
It created me an account (still no emails about my order), but when I set a password for the web shop it says it's always weak and won't let me set it
Apparently niOpzEY$3Rie`3-G2`TQT6<(bTS1*Ejysu~4{K0v is a weak password.
So neither can I log in to check my order, or had any emails regarding the shipment of my order, only an acknowledgment email.
Just contact sales and they will help you. Email is at the bottom of the page
https://shop.opnsense.com/
No response from that email either :(
It's like the shop doesnt have anyone working there.
It let me place an order, and crickets since the order acknowledgement.
Joy. Shipped email received, should get it tomorrow. Happy days
Device received.....
Nice bit of kit...
I decided to ride the lightning and ignored previous advice and:
1. Updated the BIOS to .35 (Was on 33)
2. Formatted the NVMe and installed Community 25.7 from serial image (ZFS)
3. Added the AMD microcode plugin
4. Updated to 25.7.9_7
5. Did *not* enable HyperThreading in BIOS.
I ran out of time, so will play with importing (after modifying interfaces) my existing config.
If it runs stable and nice, I'll order another 3 to replace other Chinese devices :)
The only oddity I found, was when updating from 25.7 to 25.7.9, I did get an error throw on the screen to check the log (blueish background popup), but I found nothing and it installed and rebooted as expected anyway with no intervention. (This wasn't the original pkg update error...I got that first as expected)
Health checks all pass after the reboot.
Really looking forward to getting this into prod..
Well....thats was easy....popped into work today.
Just manually edited the config.xml to change mlxen0/1 to ax0/1.
I also removed the intel microcode plugin from the xml.
Imported....plugged it in, now in production.
I am now officially a massive fan of Deciso hardware :)
One last question if I may...
After import, the AMD microcode plugin shows (misconfigured).
I didn't realise there was anything to configure, so for now, I've just removed the plugin.
I'll be placing an order for 3 more next week. Brilliant hardware..
That (missconfigured) next to the packages doesn't mean its a configurable package. You usually see it when its out of repo (or something like that cant remember exactly).
Yes DECs are sexy. Plus each sold unit support the company thus development of OPN ;)
Regards,
S.
Quote from: ProximusAl on December 13, 2025, 06:27:59 PMI am now officially a massive fan of Deciso hardware :)
I made a journey from "too expensive" to "massive fan", with the bonus support reason cited by Seimus. It is great that you can get a Community Edition of Opnsense and stick it on what you have (as I first did), or a VM, or cheap fancy-spec new hardware (as I next did) but for anyone for whom DEC hardware is in reach, I suggest the plunge is most rewarding.
Even running community edition on Deciso hardware is great. For some installations I want CE "where the action is". Frequent updates, easy contributions via merge requests. Awesome.
Well, the DEC750 has been absolutely rock solid in production now, including upgrading it tonight to .10 CE release.
I've ordered 4 more DEC750s from the shop :). FedEx says arriving Monday.
I honestly wish I'd done this sooner. They are more expensive than other Chinese alternatives but so worth it in terms of stability and issues.
For anyone in the UK considering ordering from the web shop, make sure you have an EORI number. (Google it)
I had a small issue with customs because I didn't have an EORI number, but was easy to apply due to my company being VAT registered. (We've never imported anything before to the UK)
Over the next few weeks, all of my OPNSense routers will be running on official Deciso hardware.
The major thing I noticed, was the 750 (which is fanless) runs consistently at about 37C, whereas my Chinese alternatives (with a cpu fan) run about 55C! This is on a 10G leased line with SFP+ optics.
If you can afford to get a DEC.....you won't regret it.
One last thing.....and I'm going to ask it, even though I think I know what the response will be :)
The DEC750 has the i226V. Should I...(I'm going to try anyway on one of them) do @BrandyWine firmware update on them to the latest firmware? I successfully did my Chinese device ones, but don't know where I would stand with Deciso on warranty if I did it.
The one currently in prod is using SFP+, so I won't touch it, but one of the others isn't, using all 3 i226 ports.
One advice: if you ever have to open one of their desktop units, e.g. because you need to swap a defective SSD, make sure you have fresh thermal paste and some alcohol for removing the old one ready. They rely on contact of the CPU to the case for heat dissipation.
To the original poster.
The appliance came with a 180 dollar business licenses that last a year.
Why did you decide to wipe and go to the community version?
Quote from: DEC670airp414user on December 20, 2025, 12:08:59 AMTo the original poster.
The appliance came with a 180 dollar business licenses that last a year.
Why did you decide to wipe and go to the community version?
I don't need business edition, and these 750s are replacing devices already running CE.
I considered using BE, but then I have just increased my annual running costs x 4.
I've had zero issues running CE for the last 5 or so years, so why change.
Plus...CE gets cool things sooner than BE.
If anyone is interested, I did successfully upgrade the i226-V's in a DEC750 to 2.32.
I used the 1MB bin file from BrandyWine.
All 5 of the DEC750s I ordered had the 2.25 EEPROM by default, and all have been successfully upgraded to 2.32, and had a bit of a hammer test. All seem to work fine.
I'm sure some of you are asking.....why?
I guess because I can. I just like to make sure that all BIOS and other firmware is up to date before putting it into prod.
I'm sure someone might be interested, but if not, I've at least shared it's possible. :)
Quote from: ProximusAl on December 22, 2025, 07:03:14 PMIf anyone is interested, I did successfully upgrade the i226-V's in a DEC750 to 2.32.
I used the 1MB bin file from BrandyWine.
I tried to search for any sort of changelog or release notes for the firmware, but could not find... I'm now thingking of upgrading too as they rarely put engineering effort for new firmware unless there is reason to...
I've in the middle of https://forum.opnsense.org/index.php?topic=48695.30 (post #39) and I seem to have I225-V in my DEC750 instead I226(?)
[1] igc0: <Intel(R) Ethernet Controller I225-V> mem 0xd0a00000-0xd0afffff,0xd0b00000-0xd0b03fff at device 0.0 on pci2
[1] igc0: EEPROM V1.82-0 eTrack 0x80000266
EDIT: Apparently filling in the nvm.cfg with latest 1M file for I225 made it work, so now I have 1.89 of I225-v Firmwares in all 3 wired NICs in my DEC750.