TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by ‘non-standard traffic’ include Handshake, I2P, ZeroNet, and Tor.
https://www.grepular.com/Transparent_Access_to_I2P_eepSites
Something like this makes logical sense, but can’t say I’ve ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I’d create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.