"
I'm following this intently, as I've just ordered Zen and want to use 1508 MTU.
Please keep us updated...
Please keep us updated...
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
26.1 Series / Re: Post upgrade steps for ZFS - Major Upgrade
January 30, 2026, 09:43:29 AMQuote from: Patrick M. Hausen on January 30, 2026, 09:20:52 AMOnly if you upgrade your zpool. But in that case a definite yes.
I'm assuming even if I *don't* upgrade my zpool (not sure why I would ever do that in my case), there is no harm in doing this after every major upgrade?
In this instance I won't need to due to @franco comments. (Thanks, that helps)
#3
26.1 Series / Post upgrade steps for ZFS - Major Upgrade
January 30, 2026, 08:48:38 AM
Hey All,
Quick Question.
I've just upgraded one of my IPv6 OPNSense DEC 750v2 to 26.1.
I haven't migrated the rules over yet, going to wait until the water is settled before that.
With my installs all being ZFS is it still recommended to do this after a major upgrade:
cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
I have this in my notes, but blatantly forgot *why* I have this in my notes, but recall it is something to do with ZFS and the pool.
Thanks for any advice.
Quick Question.
I've just upgraded one of my IPv6 OPNSense DEC 750v2 to 26.1.
I haven't migrated the rules over yet, going to wait until the water is settled before that.
With my installs all being ZFS is it still recommended to do this after a major upgrade:
cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi
I have this in my notes, but blatantly forgot *why* I have this in my notes, but recall it is something to do with ZFS and the pool.
Thanks for any advice.
#4
Hardware and Performance / Re: Internet speeds reduced set to 2.5gb
January 13, 2026, 12:17:52 AM
This is a stab in the dark, but trying turning EEE off on OPNSense.
In the UK, we had issues with the 2.5G port on the DOCSIS 3.1 modem with specific firmware which were related to Energy Efficient Ethernet. We've since had a firmware upgrade on the modem to fix it, but hey...worth a try?
In the UK, we had issues with the 2.5G port on the DOCSIS 3.1 modem with specific firmware which were related to Energy Efficient Ethernet. We've since had a firmware upgrade on the modem to fix it, but hey...worth a try?
#5
General Discussion / Re: change the Web UI certificate via the API.
December 25, 2025, 11:20:26 PM
Powershell scripts. Let's see how this looks
param($result)
# ----- EDIT THESE -----
$FullchainPath = '/usr/share/certify/alanplum.crt'
$PrivKeyPath = '/usr/share/certify/alanplum.key'
$DescrCommon = 'CertifyTheWeb Wildcard'
$Targets = @(
@{ hostName='hide.me.net'; key='hidden'; secret='hidden' }
)
# --------------------------------
# Ensure PowerShell 7+ for -SkipCertificateCheck
if (-not ($PSVersionTable.PSVersion.Major -ge 7)) {
throw "This script requires PowerShell 7+ for -SkipCertificateCheck. Current: $($PSVersionTable.PSVersion)"
}
# Read PEMs once; use LEAF cert
if (!(Test-Path $FullchainPath)) { throw "Fullchain not found: $FullchainPath" }
if (!(Test-Path $PrivKeyPath)) { throw "Private key not found: $PrivKeyPath" }
$allPem = (Get-Content -Raw $FullchainPath) -replace "`r`n","`n"
$LeafPem = [regex]::Match(
$allPem,
'-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----'
).Value
$KeyPem = (Get-Content -Raw $PrivKeyPath) -replace "`r`n","`n"
function Invoke-OpnAddOrUpdate {
[CmdletBinding()]
param(
[Parameter(Mandatory)][string]$HostName,
[Parameter(Mandatory)][string]$Key,
[Parameter(Mandatory)][string]$Secret,
[Parameter(Mandatory)][string]$Descr,
[Parameter(Mandatory)][string]$Leaf,
[Parameter(Mandatory)][string]$Prv
)
$base = "https://$HostName"
$pair = "${Key}:${Secret}"
$basic = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($pair))
$headers = @{
Authorization = $basic
Accept = 'application/json'
}
# 1) Search existing by description
$uuid = $null
try {
$search = Invoke-RestMethod -Method Get -Uri "$base/api/trust/cert/search" `
-Headers $headers -SkipCertificateCheck
if ($search -and $search.rows) {
$row = $search.rows | Where-Object { $_.descr -eq $Descr } | Select-Object -First 1
if ($row) { $uuid = $row.uuid }
}
} catch {
$status = $_.Exception.Response.StatusCode.value__ 2>$null
$msg = if ($_.ErrorDetails.Message) { $_.ErrorDetails.Message } else { $_.Exception.Message }
Write-Warning ("[FAIL] {0} search (HTTP {1}) {2}" -f $HostName,$status,$msg)
return
}
# 2) Build payload (PEMs via *_payload)
$payload = @{
cert = @{
action = 'import'
descr = $Descr
cert_type = 'usr_cert'
private_key_location = 'firewall'
crt_payload = $Leaf
prv_payload = $Prv
csr_payload = ''
}
} | ConvertTo-Json -Depth 8
# 3) Update if found, else add
if ($uuid) { $url = "$base/api/trust/cert/set/$uuid"; $action='UPDATED' }
else { $url = "$base/api/trust/cert/add" ; $action='ADDED' }
try {
$null = Invoke-RestMethod -Method Post -Uri $url -Headers $headers `
-ContentType 'application/json' -Body $payload -SkipCertificateCheck
Write-Host ("[OK] {0} {1}" -f $HostName,$action)
} catch {
$status = $_.Exception.Response.StatusCode.value__ 2>$null
$msg = if ($_.ErrorDetails.Message) { $_.ErrorDetails.Message } else { $_.Exception.Message }
Write-Warning ("[FAIL] {0} (HTTP {1}) {2}" -f $HostName,$status,$msg)
}
}
foreach ($t in $Targets) {
try {
$descr = if ($t.ContainsKey('descr') -and $t.descr) { $t.descr } else { $DescrCommon }
Invoke-OpnAddOrUpdate -HostName $t.hostName -Key $t.key -Secret $t.secret `
-Descr $descr -Leaf $LeafPem -Prv $KeyPem
} catch {
Write-Warning ("[FAIL] {0} unexpected error: {1}" -f $t.hostName, $_.Exception.Message)
}
}
That's was hard to get from my iPad at home :)
param($result)
# ----- EDIT THESE -----
$FullchainPath = '/usr/share/certify/alanplum.crt'
$PrivKeyPath = '/usr/share/certify/alanplum.key'
$DescrCommon = 'CertifyTheWeb Wildcard'
$Targets = @(
@{ hostName='hide.me.net'; key='hidden'; secret='hidden' }
)
# --------------------------------
# Ensure PowerShell 7+ for -SkipCertificateCheck
if (-not ($PSVersionTable.PSVersion.Major -ge 7)) {
throw "This script requires PowerShell 7+ for -SkipCertificateCheck. Current: $($PSVersionTable.PSVersion)"
}
# Read PEMs once; use LEAF cert
if (!(Test-Path $FullchainPath)) { throw "Fullchain not found: $FullchainPath" }
if (!(Test-Path $PrivKeyPath)) { throw "Private key not found: $PrivKeyPath" }
$allPem = (Get-Content -Raw $FullchainPath) -replace "`r`n","`n"
$LeafPem = [regex]::Match(
$allPem,
'-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----'
).Value
$KeyPem = (Get-Content -Raw $PrivKeyPath) -replace "`r`n","`n"
function Invoke-OpnAddOrUpdate {
[CmdletBinding()]
param(
[Parameter(Mandatory)][string]$HostName,
[Parameter(Mandatory)][string]$Key,
[Parameter(Mandatory)][string]$Secret,
[Parameter(Mandatory)][string]$Descr,
[Parameter(Mandatory)][string]$Leaf,
[Parameter(Mandatory)][string]$Prv
)
$base = "https://$HostName"
$pair = "${Key}:${Secret}"
$basic = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($pair))
$headers = @{
Authorization = $basic
Accept = 'application/json'
}
# 1) Search existing by description
$uuid = $null
try {
$search = Invoke-RestMethod -Method Get -Uri "$base/api/trust/cert/search" `
-Headers $headers -SkipCertificateCheck
if ($search -and $search.rows) {
$row = $search.rows | Where-Object { $_.descr -eq $Descr } | Select-Object -First 1
if ($row) { $uuid = $row.uuid }
}
} catch {
$status = $_.Exception.Response.StatusCode.value__ 2>$null
$msg = if ($_.ErrorDetails.Message) { $_.ErrorDetails.Message } else { $_.Exception.Message }
Write-Warning ("[FAIL] {0} search (HTTP {1}) {2}" -f $HostName,$status,$msg)
return
}
# 2) Build payload (PEMs via *_payload)
$payload = @{
cert = @{
action = 'import'
descr = $Descr
cert_type = 'usr_cert'
private_key_location = 'firewall'
crt_payload = $Leaf
prv_payload = $Prv
csr_payload = ''
}
} | ConvertTo-Json -Depth 8
# 3) Update if found, else add
if ($uuid) { $url = "$base/api/trust/cert/set/$uuid"; $action='UPDATED' }
else { $url = "$base/api/trust/cert/add" ; $action='ADDED' }
try {
$null = Invoke-RestMethod -Method Post -Uri $url -Headers $headers `
-ContentType 'application/json' -Body $payload -SkipCertificateCheck
Write-Host ("[OK] {0} {1}" -f $HostName,$action)
} catch {
$status = $_.Exception.Response.StatusCode.value__ 2>$null
$msg = if ($_.ErrorDetails.Message) { $_.ErrorDetails.Message } else { $_.Exception.Message }
Write-Warning ("[FAIL] {0} (HTTP {1}) {2}" -f $HostName,$status,$msg)
}
}
foreach ($t in $Targets) {
try {
$descr = if ($t.ContainsKey('descr') -and $t.descr) { $t.descr } else { $DescrCommon }
Invoke-OpnAddOrUpdate -HostName $t.hostName -Key $t.key -Secret $t.secret `
-Descr $descr -Leaf $LeafPem -Prv $KeyPem
} catch {
Write-Warning ("[FAIL] {0} unexpected error: {1}" -f $t.hostName, $_.Exception.Message)
}
}
That's was hard to get from my iPad at home :)
#6
General Discussion / Re: change the Web UI certificate via the API.
December 25, 2025, 11:02:28 PM
What I do is just replace the existing one via the api and restart the webgui. I think it matches on description.
I have scripts to do exactly this, but I can't share them until I'm back at work in January.
I have scripts to do exactly this, but I can't share them until I'm back at work in January.
#7
Hardware and Performance / Re: DEC750 Questions
December 22, 2025, 07:03:14 PM
If anyone is interested, I did successfully upgrade the i226-V's in a DEC750 to 2.32.
I used the 1MB bin file from BrandyWine.
All 5 of the DEC750s I ordered had the 2.25 EEPROM by default, and all have been successfully upgraded to 2.32, and had a bit of a hammer test. All seem to work fine.
I'm sure some of you are asking.....why?
I guess because I can. I just like to make sure that all BIOS and other firmware is up to date before putting it into prod.
I'm sure someone might be interested, but if not, I've at least shared it's possible. :)
I used the 1MB bin file from BrandyWine.
All 5 of the DEC750s I ordered had the 2.25 EEPROM by default, and all have been successfully upgraded to 2.32, and had a bit of a hammer test. All seem to work fine.
I'm sure some of you are asking.....why?
I guess because I can. I just like to make sure that all BIOS and other firmware is up to date before putting it into prod.
I'm sure someone might be interested, but if not, I've at least shared it's possible. :)
#8
Hardware and Performance / Re: DEC750 Questions
December 20, 2025, 12:32:49 PMQuote from: DEC670airp414user on December 20, 2025, 12:08:59 AMTo the original poster.
The appliance came with a 180 dollar business licenses that last a year.
Why did you decide to wipe and go to the community version?
I don't need business edition, and these 750s are replacing devices already running CE.
I considered using BE, but then I have just increased my annual running costs x 4.
I've had zero issues running CE for the last 5 or so years, so why change.
Plus...CE gets cool things sooner than BE.
#9
Hardware and Performance / Re: DEC750 Questions
December 19, 2025, 10:44:35 PM
Well, the DEC750 has been absolutely rock solid in production now, including upgrading it tonight to .10 CE release.
I've ordered 4 more DEC750s from the shop :). FedEx says arriving Monday.
I honestly wish I'd done this sooner. They are more expensive than other Chinese alternatives but so worth it in terms of stability and issues.
For anyone in the UK considering ordering from the web shop, make sure you have an EORI number. (Google it)
I had a small issue with customs because I didn't have an EORI number, but was easy to apply due to my company being VAT registered. (We've never imported anything before to the UK)
Over the next few weeks, all of my OPNSense routers will be running on official Deciso hardware.
The major thing I noticed, was the 750 (which is fanless) runs consistently at about 37C, whereas my Chinese alternatives (with a cpu fan) run about 55C! This is on a 10G leased line with SFP+ optics.
If you can afford to get a DEC.....you won't regret it.
One last thing.....and I'm going to ask it, even though I think I know what the response will be :)
The DEC750 has the i226V. Should I...(I'm going to try anyway on one of them) do @BrandyWine firmware update on them to the latest firmware? I successfully did my Chinese device ones, but don't know where I would stand with Deciso on warranty if I did it.
The one currently in prod is using SFP+, so I won't touch it, but one of the others isn't, using all 3 i226 ports.
I've ordered 4 more DEC750s from the shop :). FedEx says arriving Monday.
I honestly wish I'd done this sooner. They are more expensive than other Chinese alternatives but so worth it in terms of stability and issues.
For anyone in the UK considering ordering from the web shop, make sure you have an EORI number. (Google it)
I had a small issue with customs because I didn't have an EORI number, but was easy to apply due to my company being VAT registered. (We've never imported anything before to the UK)
Over the next few weeks, all of my OPNSense routers will be running on official Deciso hardware.
The major thing I noticed, was the 750 (which is fanless) runs consistently at about 37C, whereas my Chinese alternatives (with a cpu fan) run about 55C! This is on a 10G leased line with SFP+ optics.
If you can afford to get a DEC.....you won't regret it.
One last thing.....and I'm going to ask it, even though I think I know what the response will be :)
The DEC750 has the i226V. Should I...(I'm going to try anyway on one of them) do @BrandyWine firmware update on them to the latest firmware? I successfully did my Chinese device ones, but don't know where I would stand with Deciso on warranty if I did it.
The one currently in prod is using SFP+, so I won't touch it, but one of the others isn't, using all 3 i226 ports.
#10
Hardware and Performance / Re: DEC750 Questions
December 13, 2025, 06:27:59 PM
Well....thats was easy....popped into work today.
Just manually edited the config.xml to change mlxen0/1 to ax0/1.
I also removed the intel microcode plugin from the xml.
Imported....plugged it in, now in production.
I am now officially a massive fan of Deciso hardware :)
One last question if I may...
After import, the AMD microcode plugin shows (misconfigured).
I didn't realise there was anything to configure, so for now, I've just removed the plugin.
I'll be placing an order for 3 more next week. Brilliant hardware..
Just manually edited the config.xml to change mlxen0/1 to ax0/1.
I also removed the intel microcode plugin from the xml.
Imported....plugged it in, now in production.
I am now officially a massive fan of Deciso hardware :)
One last question if I may...
After import, the AMD microcode plugin shows (misconfigured).
I didn't realise there was anything to configure, so for now, I've just removed the plugin.
I'll be placing an order for 3 more next week. Brilliant hardware..
#11
Hardware and Performance / Re: DEC750 Questions
December 12, 2025, 11:57:29 PM
Device received.....
Nice bit of kit...
I decided to ride the lightning and ignored previous advice and:
1. Updated the BIOS to .35 (Was on 33)
2. Formatted the NVMe and installed Community 25.7 from serial image (ZFS)
3. Added the AMD microcode plugin
4. Updated to 25.7.9_7
5. Did *not* enable HyperThreading in BIOS.
I ran out of time, so will play with importing (after modifying interfaces) my existing config.
If it runs stable and nice, I'll order another 3 to replace other Chinese devices :)
The only oddity I found, was when updating from 25.7 to 25.7.9, I did get an error throw on the screen to check the log (blueish background popup), but I found nothing and it installed and rebooted as expected anyway with no intervention. (This wasn't the original pkg update error...I got that first as expected)
Health checks all pass after the reboot.
Really looking forward to getting this into prod..
Nice bit of kit...
I decided to ride the lightning and ignored previous advice and:
1. Updated the BIOS to .35 (Was on 33)
2. Formatted the NVMe and installed Community 25.7 from serial image (ZFS)
3. Added the AMD microcode plugin
4. Updated to 25.7.9_7
5. Did *not* enable HyperThreading in BIOS.
I ran out of time, so will play with importing (after modifying interfaces) my existing config.
If it runs stable and nice, I'll order another 3 to replace other Chinese devices :)
The only oddity I found, was when updating from 25.7 to 25.7.9, I did get an error throw on the screen to check the log (blueish background popup), but I found nothing and it installed and rebooted as expected anyway with no intervention. (This wasn't the original pkg update error...I got that first as expected)
Health checks all pass after the reboot.
Really looking forward to getting this into prod..
#12
Hardware and Performance / Re: DEC750 Questions
December 10, 2025, 10:13:59 PM
Joy. Shipped email received, should get it tomorrow. Happy days
#13
Hardware and Performance / Re: DEC750 Questions
December 09, 2025, 11:26:56 AM
No response from that email either :(
It's like the shop doesnt have anyone working there.
It let me place an order, and crickets since the order acknowledgement.
It's like the shop doesnt have anyone working there.
It let me place an order, and crickets since the order acknowledgement.
#14
Hardware and Performance / Re: DEC750 Questions
December 08, 2025, 10:04:18 PM
There is something wrong with the web shop.
It created me an account (still no emails about my order), but when I set a password for the web shop it says it's always weak and won't let me set it
Apparently niOpzEY$3Rie`3-G2`TQT6<(bTS1*Ejysu~4{K0v is a weak password.
So neither can I log in to check my order, or had any emails regarding the shipment of my order, only an acknowledgment email.
It created me an account (still no emails about my order), but when I set a password for the web shop it says it's always weak and won't let me set it
Apparently niOpzEY$3Rie`3-G2`TQT6<(bTS1*Ejysu~4{K0v is a weak password.
So neither can I log in to check my order, or had any emails regarding the shipment of my order, only an acknowledgment email.
#15
Hardware and Performance / Re: DEC750 Questions
December 08, 2025, 11:35:31 AM
So just to be extremely clear for me:
1. Should I install the AMD Microcode plugin on a DEC750, or not? Whats the recommended idealogy.
2. I'm assuming I'll update the BIOS day 1, to make sure it's fully up to date.
3. Is there any value in enabling HyperThreading? AMD CBS -> Zen Common Options -> Core/Thread Enablement -> SMTEN
I'm just looking at the BIOS update instructions, and 1 and 3 are mentioned, but no recommendation.
The final thing, is my current backup came from an install with the Intel Microcode plugin installed, which obviously I dont want with this device.
Is this easy to remove from the config before importing?
TIA
1. Should I install the AMD Microcode plugin on a DEC750, or not? Whats the recommended idealogy.
2. I'm assuming I'll update the BIOS day 1, to make sure it's fully up to date.
3. Is there any value in enabling HyperThreading? AMD CBS -> Zen Common Options -> Core/Thread Enablement -> SMTEN
I'm just looking at the BIOS update instructions, and 1 and 3 are mentioned, but no recommendation.
The final thing, is my current backup came from an install with the Intel Microcode plugin installed, which obviously I dont want with this device.
Is this easy to remove from the config before importing?
TIA
