Best practice for an Open Wifi Network

[LL0rd]

Hi,

I decided to set up a guest WiFi network that allows guests to log in without needing credentials. Currently, I have 6 APs to cover every corner of my house, so the network extends widely over my property.

For the guest network, I use a separate VLAN, and traffic to the internet goes through a VPN tunnel. The idea is that if someone engages in malicious activities, they go through the VPN provider instead of my ISP.

I don't mind if guests use my network to go online or check emails. My concern is a bad actor (like a neighbor or visitor) accessing illegal websites, which could trigger criminal investigations (e.g., child pornography).

What is the best setup to prevent this? I have AdblockHome for DNS filtering, a VPN gateway that hopefully doesn’t log activity, and I plan to use Zenarmor as an additional security layer to filter such websites. To be clear, my threat model is not a skilled hacker but a typical user.

[sy]

Hi,

Please check the following link for best practise option of Zenarmor Deployment.
https://www.zenarmor.com/docs/guides/best-practices-for-zenarmor-deployment

You can use the block untrusted device option to deny unwanted network connections to your network in Zenarmor policy.