TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by ‘non-standard traffic’ include Handshake, I2P, ZeroNet, and Tor.

  • ShellMonkey@lemmy.socdojo.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    Not sure if you mean to run the service on the FW or what ‘handle’ means here. If you have a second box though it would be easy enough to run all those services on a distinct server and then route their relevant ports through there with a policy based route on the firewall. That way you would only have to set up one for node for example and just have the client machines use that.

    • fenndev@leminal.spaceOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      Sorry, I should clarify. I’m hoping to possibly have a setup like this:

      1. Browser makes a request to an eepsite
      2. The router sees the request is to a domain ending in .i2p and forwards the request to a service running on the router
      3. That service then performs the necessary encryption and establishes connection with the I2P network.

      I’d imagine it’s a similar process for other protocols and networks. No idea if this is possible or desirable.

      • ShellMonkey@lemmy.socdojo.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        https://www.grepular.com/Transparent_Access_to_I2P_eepSites

        Something like this makes logical sense, but can’t say I’ve ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I’d create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.