TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by ‘non-standard traffic’ include Handshake, I2P, ZeroNet, and Tor.
Not sure if you mean to run the service on the FW or what ‘handle’ means here. If you have a second box though it would be easy enough to run all those services on a distinct server and then route their relevant ports through there with a policy based route on the firewall. That way you would only have to set up one for node for example and just have the client machines use that.
Sorry, I should clarify. I’m hoping to possibly have a setup like this:
- Browser makes a request to an eepsite
- The router sees the request is to a domain ending in
.i2p
and forwards the request to a service running on the router - That service then performs the necessary encryption and establishes connection with the I2P network.
I’d imagine it’s a similar process for other protocols and networks. No idea if this is possible or desirable.
https://www.grepular.com/Transparent_Access_to_I2P_eepSites
Something like this makes logical sense, but can’t say I’ve ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I’d create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.
You mean run those programs directly on opnsense? I don’t believe there is any way to do that.
No configuration is needed on opnsense to use them as normal on your devices though, so that’s your best option.