"Recent posts
#21
25.7, 25.10 Series / Re: Pi-hole -> Unbound. Client...
Last post by Monviech (Cedrik) - December 07, 2025, 09:18:07 PMNice job :)
#22
25.7, 25.10 Series / Re: vtnet offloading since 25....
Last post by franco - December 07, 2025, 09:14:59 PMI wanted to talk to Patrick about this, too. Our own testing was inconclusive.
Cheers,
Franco
Cheers,
Franco
#23
Hardware and Performance / Re: DEC750 Questions
Last post by ProximusAl - December 07, 2025, 09:02:10 PMI also agree.
I'm currently running 4 different OPNSense on the Chinese hardware, with no major issues, but as this is so critical for work, I think I'd feel better with a DEC.
The device in question is an R86S-G2, which has a super weird issue it has developed with one of the SFP+ ports which can be resolved by rebooting x number of times, but causes me a headache after upgrades. I have ordered another one, but it's going to take a month to get to me, so thought, why not just buy a DEC.
I'll look into ordering the DEC750 tomorrow, and see if I can import my config....
I'm currently running 4 different OPNSense on the Chinese hardware, with no major issues, but as this is so critical for work, I think I'd feel better with a DEC.
The device in question is an R86S-G2, which has a super weird issue it has developed with one of the SFP+ ports which can be resolved by rebooting x number of times, but causes me a headache after upgrades. I have ordered another one, but it's going to take a month to get to me, so thought, why not just buy a DEC.
I'll look into ordering the DEC750 tomorrow, and see if I can import my config....
#24
25.7, 25.10 Series / Re: Pi-hole -> Unbound. Client...
Last post by glenb2 - December 07, 2025, 09:00:44 PMThank you very much! Works perfectly. Much more straightforward than what I had found online.
#25
Hardware and Performance / Re: DEC750 Questions
Last post by Seimus - December 07, 2025, 08:48:25 PMOne of the best things about DEC is they provide specs. Specs in regards of performance.
These specs are created by testing, their HW on their OS (OPNsense). So there is a guarantee that if you buy the official HW you should get this performance. When you buy the DEC it comes with 1y of BE, but nobody is stopping you to slap there CE right away. There is a lot of ppl that run DECs but using CE on them cause they like to get the newest features.
The MiniPC knockoffs are not bad, I am happy to see that we can run OPNsense on various HW. But if you do not want to tinker, or have enough of potential random stuff, going for DEC is the way.
Even tough I am running all my stuff of these knockoffs, I will always advice to go for DEC. Cause its a quality device and looks sexy. And not everyone has the strength to tinker.
Regards,
S.
Code Select
System Performance
Firewall Throughput 10Gbps
Firewall Packets Per Second 830Kpps
Firewall Port to Port Throughput 8.5Gbps
Firewall Port to Port Packets Per Second 719Kpps
Concurrent Sessions 7000000
Firewall Latency (average) 150us
Firewall Policies (Recommended Maximum)1 10000
IPsec VPN Throughput (AES256GCM16) 1.2Gbps
IPsec VPN Packet Per Second (AES256GCM16) 107Kpps
Threat Protection Throughput Packet Per Second ~85Kpps
Threat Protection Throughput ~1Gbps
High Availability with State Synchronisation Requires Two
These specs are created by testing, their HW on their OS (OPNsense). So there is a guarantee that if you buy the official HW you should get this performance. When you buy the DEC it comes with 1y of BE, but nobody is stopping you to slap there CE right away. There is a lot of ppl that run DECs but using CE on them cause they like to get the newest features.
The MiniPC knockoffs are not bad, I am happy to see that we can run OPNsense on various HW. But if you do not want to tinker, or have enough of potential random stuff, going for DEC is the way.
Even tough I am running all my stuff of these knockoffs, I will always advice to go for DEC. Cause its a quality device and looks sexy. And not everyone has the strength to tinker.
Regards,
S.
#26
Hardware and Performance / Re: DEC750 Questions
Last post by ProximusAl - December 07, 2025, 08:39:51 PMThis is exactly why I'm looking at the DEC750.
I'm using an N100 in a business scenario already, which recently is displaying odd behaviour.
The price of the DEC is acceptable to the business, but I prefer to run community edition.
Rather than buying more Chinese variants on AliExpress, I'd rather get supported hardware for the job and hope, it just works.
I appreciate I'd have to fiddle with importing the config due to interface names, but hoping the DEC750 can directly replace the N100...which does currently route the 5 gig with no issues.
I'm using an N100 in a business scenario already, which recently is displaying odd behaviour.
The price of the DEC is acceptable to the business, but I prefer to run community edition.
Rather than buying more Chinese variants on AliExpress, I'd rather get supported hardware for the job and hope, it just works.
I appreciate I'd have to fiddle with importing the config due to interface names, but hoping the DEC750 can directly replace the N100...which does currently route the 5 gig with no issues.
#27
General Discussion / Re: TUI for viewing and analys...
Last post by patient0 - December 07, 2025, 08:34:13 PMQuote from: allddd on December 05, 2025, 10:24:05 PMShould be even faster now with v0.4.0.It certainly feels faster. And in general I very much admire the fact that you update the application and the documentation!
QuoteOne way to improve it could be to skip the loading screen and go straight to the TUI, with indexing happening in the background. The advantage of this would be that the TUI opens instantly, and while some features might not be available right away, most users probably wouldn't even notice this since indexing is quick.It would be helpful if it could read multiple file or a directory and then it may become more of an issue.
You got time until someone presses <Enter> in a filter field :)
QuoteAnother option, at least in theory, would be to skip building the index altogether and just process everything on the fly. We could cache the lines we've already interacted with to avoid doing the same thing over and over again. However, I'm not sure how well this would perform on low spec devices.That would need some testing, I assume that it will be very slow with lots of data. It would not only depend on the CPU/RAM specs but also on the read speed of the disk.
#28
Hardware and Performance / Re: DEC750 Questions
Last post by Seimus - December 07, 2025, 08:28:25 PMIf you use the N100 and higher series just for L3/L4 FW and routing it should have enough performance to route 5 to 10G.
You actually don't need to do anything out of box per say, if you choose such device that has fully supported NICs. There is a simple rule "do no tune for the sake of tuning." Tune only if you really need it.
Just be aware of few things:
1. Get a miniPC that has supported NIC, this goes for the TE and well SFP+
2. Be aware of temps. These miniPCs are small and SFP+ can increase temps quiet a lot of them.
3. Stability is sometimes questionable in regards of memory. You could hit such a box that will have problem with memory modules and you will have to try out various ones.
Regards,
S.
You actually don't need to do anything out of box per say, if you choose such device that has fully supported NICs. There is a simple rule "do no tune for the sake of tuning." Tune only if you really need it.
Just be aware of few things:
1. Get a miniPC that has supported NIC, this goes for the TE and well SFP+
2. Be aware of temps. These miniPCs are small and SFP+ can increase temps quiet a lot of them.
3. Stability is sometimes questionable in regards of memory. You could hit such a box that will have problem with memory modules and you will have to try out various ones.
Regards,
S.
#29
Hardware and Performance / DEC750 Questions
Last post by ProximusAl - December 07, 2025, 08:16:14 PMHi all,
I'm thinking of replacing my Intel N series Chinese job for an official DEC750, the newer one with 2.5G Ethernet.
I'm used to doing all sorts of tunables for the N series.
I was wondering, if I wanted to put Community Edition on it, what would I need out of the box after a fresh install?
It would be used for routing only via SFP+, 5 gig (leased line), no NAT, or IDS or anything.
I'm assuming the AMD chipset as a minimum but just wondered what else I might need. I read about configuring RSS etc, but thought I'd ask the experts.
Thanks for any input.
p.S: it's 5Gb on a 10Gb bearer, so both sides are 10Gb.
I'm thinking of replacing my Intel N series Chinese job for an official DEC750, the newer one with 2.5G Ethernet.
I'm used to doing all sorts of tunables for the N series.
I was wondering, if I wanted to put Community Edition on it, what would I need out of the box after a fresh install?
It would be used for routing only via SFP+, 5 gig (leased line), no NAT, or IDS or anything.
I'm assuming the AMD chipset as a minimum but just wondered what else I might need. I read about configuring RSS etc, but thought I'd ask the experts.
Thanks for any input.
p.S: it's 5Gb on a 10Gb bearer, so both sides are 10Gb.
#30
25.7, 25.10 Series / Re: Unwanted route that keeps ...
Last post by abenaou - December 07, 2025, 07:49:28 PMQuote from: Patrick M. Hausen on December 07, 2025, 12:54:23 AMInterfaces > LAN - is there a gateway set?Here is what my LAN interface looks like (didn't set anything there) as well as the second lan98 interface that connects through dhcp:
Screenshot attached
