TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by ‘non-standard traffic’ include Handshake, I2P, ZeroNet, and Tor.

2 points
*

You mean run those programs directly on opnsense? I don’t believe there is any way to do that.

No configuration is needed on opnsense to use them as normal on your devices though, so that’s your best option.

permalink
report
reply
2 points

Not sure if you mean to run the service on the FW or what ‘handle’ means here. If you have a second box though it would be easy enough to run all those services on a distinct server and then route their relevant ports through there with a policy based route on the firewall. That way you would only have to set up one for node for example and just have the client machines use that.

permalink
report
reply
1 point

Sorry, I should clarify. I’m hoping to possibly have a setup like this:

  1. Browser makes a request to an eepsite
  2. The router sees the request is to a domain ending in .i2p and forwards the request to a service running on the router
  3. That service then performs the necessary encryption and establishes connection with the I2P network.

I’d imagine it’s a similar process for other protocols and networks. No idea if this is possible or desirable.

permalink
report
parent
reply
2 points

https://www.grepular.com/Transparent_Access_to_I2P_eepSites

Something like this makes logical sense, but can’t say I’ve ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I’d create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.

permalink
report
parent
reply
1 point

If your looking to allow that kind of traffic in and out of opensense, then yes if you use it. Just be mindful of what you need and only allow that in, outbound is normally everything.

permalink
report
reply

Selfhosted

!selfhosted@lemmy.world

Create post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

Community stats

  • 4.9K

    Monthly active users

  • 3.5K

    Posts

  • 75K

    Comments