"
📦 System context
Hardware: OPNsense DEC2687 (official appliance)
License: Business Subscription (active)
Version: OPNsense 24.10.7 (latest)
🌐 Network setup
Internet via Livebox Orange (192.168.2.1) – DHCP
Secondary WAN via Bouygues – fallback (Tier 2)
Multi-WAN configured using a gateway group WANGROUP
Default gateway is the WAN interface from Orange (WAN_DHCP)
⚙️ OPNsense configuration
Unbound DNS enabled with forwarding to public resolvers (8.8.8.8, 1.1.1.1)
Floating firewall rule to allow This Firewall on UDP port 53 via WANGROUP
Outbound NAT set to automatic
No firewall or NAT rule appears to block outbound DNS
❌ Symptoms
✅ ping to public IPs (e.g. 8.8.8.8) works
❌ No DNS resolution works:
drill, dig, or host to any resolver (8.8.8.8, 1.1.1.1) → fail
Even dig @192.168.2.1 (Livebox itself) → no response
Even with TCP (+tcp) instead of UDP → fails
Manually editing /etc/resolv.conf to force public DNS → no change
Disabling Unbound DNS → no effect
pkg update and firmware updates fail with "host does not resolve"
🧠 Most likely cause
The Livebox Orange blocks or intercepts all outbound DNS traffic, including TCP.
It likely acts as a DNS proxy and prevents the firewall from using any external resolver.
✅ What has already been tested
Proper floating rule with gateway assignment ✅
Unbound forwarding and custom servers ✅
NAT working ✅
Tried using only Livebox DNS (192.168.2.1) ❌
Tried using dig @8.8.8.8 google.com +tcp ❌
No DNS traffic succeeds in any form from OPNsense
🙏 What I'm asking
As an OPNsense Business customer using official hardware, I'd like to know:
Has anyone successfully deployed OPNsense behind a Livebox Orange?
Does the Livebox really block outbound DNS (UDP and TCP)?
Is DoH via cloudflared the only viable solution?
Is bridging the Livebox the only clean fix? If so, how do I proceed (e.g. external ONT or modem)?
Any help from the community or the Deciso support team is greatly appreciated.
Hardware: OPNsense DEC2687 (official appliance)
License: Business Subscription (active)
Version: OPNsense 24.10.7 (latest)
🌐 Network setup
Internet via Livebox Orange (192.168.2.1) – DHCP
Secondary WAN via Bouygues – fallback (Tier 2)
Multi-WAN configured using a gateway group WANGROUP
Default gateway is the WAN interface from Orange (WAN_DHCP)
⚙️ OPNsense configuration
Unbound DNS enabled with forwarding to public resolvers (8.8.8.8, 1.1.1.1)
Floating firewall rule to allow This Firewall on UDP port 53 via WANGROUP
Outbound NAT set to automatic
No firewall or NAT rule appears to block outbound DNS
❌ Symptoms
✅ ping to public IPs (e.g. 8.8.8.8) works
❌ No DNS resolution works:
drill, dig, or host to any resolver (8.8.8.8, 1.1.1.1) → fail
Even dig @192.168.2.1 (Livebox itself) → no response
Even with TCP (+tcp) instead of UDP → fails
Manually editing /etc/resolv.conf to force public DNS → no change
Disabling Unbound DNS → no effect
pkg update and firmware updates fail with "host does not resolve"
🧠 Most likely cause
The Livebox Orange blocks or intercepts all outbound DNS traffic, including TCP.
It likely acts as a DNS proxy and prevents the firewall from using any external resolver.
✅ What has already been tested
Proper floating rule with gateway assignment ✅
Unbound forwarding and custom servers ✅
NAT working ✅
Tried using only Livebox DNS (192.168.2.1) ❌
Tried using dig @8.8.8.8 google.com +tcp ❌
No DNS traffic succeeds in any form from OPNsense
🙏 What I'm asking
As an OPNsense Business customer using official hardware, I'd like to know:
Has anyone successfully deployed OPNsense behind a Livebox Orange?
Does the Livebox really block outbound DNS (UDP and TCP)?
Is DoH via cloudflared the only viable solution?
Is bridging the Livebox the only clean fix? If so, how do I proceed (e.g. external ONT or modem)?
Any help from the community or the Deciso support team is greatly appreciated.
