Best Practices for Network Security & Privacy when using a hotel OpenWifi Network

Dear Forum :slightly_smiling_face:,

This group post is directed mainly but not exclusively at those having knowledge of privacy and security implementation good practices in a networking environment having potentially hostile actors.

The background to the story is that I am staying in a hotel in western EU for a relatively long period of time (one year) due to an ongoing work assignment. The hotel has an open, unsecured, 2.4 GHz WiFi network. A captive portal is in operation. No specific passwords are required to login behind the captive portal.

I have a Zyxel Z2 router having the bare unadulterated version of the OpenWRT v21.02 operating system installed on it.

I have some working technical concerns and I would appreciate any and all respectful contributions in relation to the problem statement that I have tried to encapsulate below.


  1. I want to use the hotel's open WiFi service by connecting it to the Zyxel Z2 router, and then connecting my other personal devices e.g. personal phone, laptop computer, and iPad Mini 5 to the Zyxel Z2 router in order to obtain private, safe, and secure internet access for these personal devices. The hotel must not know what sites I visit on their network or anything I download on the network - the only reason being for this is merely the defence of my own personal privacy.
    I do have a full subscription to ExpressVPN, for what it's worth.

  2. The Zyxel Z2 router must be protected from hacking by malicious actors that may be visiting the hotel and on the open network. My data and personal device's privacy and security must also be protected from any potential intrusion by malicious actors on the open WiFi network.


Would some kind soul(s) indicate if what I wish to do is feasible, and, if it is so, what is the best approach to going about implementing the most secure and private solution possible?
I am a relative noob with Linux/OpenWRT (but I am, however, keen and not profoundly stupid), so I would like to thank you so much in advance for all contributions - be they short or long - on this network security-privacy matter.

Yours faithfully,

  • Do not trust any wired or wireless network other than your own.
  • Always use VPN, or at least DNS encryption for untrusted networks.
  • The best VPN is a self-hosted one, or at least use a well-known provider.
  • Always verify your settings with IP/DNS leak services supporting IPv6.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.