Plugin request: Support for AdGuard VPN "TrustTunnel" protocol #5165
Description
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
- I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- When the request is meant for an existing plugin, I've added its name to the title.
Is your feature request related to a problem? Please describe.
AdGuard has open-sourced their VPN protocol TrustTunnel. Currently, OPNsense users cannot natively connect to services using this specific protocol (e.g., AdGuard VPN or self-hosted instances).
While OPNsense supports standard protocols like IPsec or OpenVPN, it lacks native support for TrustTunnel, which offers specific benefits like traffic obfuscation (HTTPS masquerading) to bypass DPI and censorship. There is currently no way to utilize these protocol-specific features directly on the firewall.
Describe the solution you'd like
I request a new plugin (e.g., os-trusttunnel) that integrates the open-source TrustTunnel client into OPNsense.
The plugin should:
- Implement the client binary (Rust-based).
- Provide a UI for authentication (Credentials/Token) and endpoint configuration.
- Expose the connection as a strictly assignable Interface/Gateway for policy-based routing.
Describe alternatives you've considered
- External Gateway (VM/Docker): Running the client on a separate Linux host and routing traffic through it. This adds unnecessary maintenance overhead and complexity compared to a native integration.
Additional context
- Announcement: https://adguard-vpn.com/en/blog/adguard-vpn-protocol-goes-open-source-meet-trusttunnel.html
- GitHub Repo: https://github.com/TrustTunnel/TrustTunnel
- Protocol: The reference implementation is written in Rust, which is supported on FreeBSD/HardenedBSD.