Help setting up a open guest WiFi connection


I want to set up a open guest WiFi connection at home with restrictions.

I want to connect my router to another WiFi box totally isolated from my network so it's an open connection that anyone can use it on the street . I'd need to log all traffic, limit bandwidth, and block certain types of content and websites.

What is the best hardware for this?
I'm in UK on Vodafone thg 3000 vdsl2 modem router.
Also will it be difficult to configure, as I'm a total noob.

Any insights are welcome


Are you sure you want to do that?

1 Like

My idea was to have a separate public WiFi point that I can save months of connection logs for liability purposes. separated from the main household network and
a bandwidth limiter .and website blacklist
Also maybe blocking ports. How do I set this up, and what legal problems could encounter? I'm in UK

How would you do it?

Frankly, I wouldn’t. You’re putting the cart before the horse.

Go talk with a solicitor specialized in such matters that can advise you first.

1 Like

This is the tutorial for making a guest wifi isolated from your LAN that still has network access.

But you should still put a password and only use it for guests and friends that come to your house, not leave it wide open like that.

Making a wide open access point like that is VERY bad. Whatever is done from your internet connection will have your IP on it. If people abuse it to do or download illegal things, the police will track them down to your internet contract. It's like a car with the license plate. The license plate is connected to you, so even if you lend the car to someone, the police will still come at you if the car is used to do illegal actions.
And then you will have to convince them it was not you. Logging won't help you convince anyone, no logs can say it was not you because they just log information that is easy to forge.

Depending on your internet contract and the laws in your country, it may be illegal to share your internet connection to other random people, or you may need to follow laws put down for wifi hotspot providers

The amount of blocking you can do is very limited.
Yes you can block access to websites or things in the firewall if you want, but that is a weak block, good only to stop kids (parental controls). People can use proxies or VPNs to avoid any block you can set in the router, and still do what they want, as long as they have access to the Internet through it.

Exactly the purpose you describe is solved in Germany by an organization called Freifunk ( translated free or public wifi),

They use own openwrt images that tunnel the traffic to their servers. So nobody can trace back the traffic to your network, because the people using "your" public wifi connect into the freifunk network. And freifunk acts as a network provider, as far as I know.

With this everybody can provide free wifi without having to face legal consequences. You just buy one of the supported routers, download and install the inage, and voila, you have a public wifi completely separated from your local network tgat is tunneling everything into the freifunk network.

I do not know whether there is anything comparable in the UK.

I once installed 2 access points on Archer C7, because the church I was in wanted to offer public wifi. The whole installation procedure needed only one evening, since then their stuff is running stable without manual interference. I think the access points were restarted twice in 3 years time.

1 Like

I'm not sure Freifunk operates servers, that's not free (as it is like a commercial VPN account for each user). Afaik it was just sharing the network between the users with mesh wifi.

They had a "freedom fighter box" years ago
that was doing a VPN tunnel to servers in Sweden where laws are different. That type of device was designed to shield from legal issues from copyright (and would probably work well enough for most other things that are still illegal in Sweded since law enforcement of UK/germany does not cooperate all that much with Sweden's unless it's some very big thing that goes through Interpol)

Did they change all their devices to be like that? Is there an announcement about this?
It's very difficult to know things about them if you cannot read german since it is a mostly german project.

I read the description of my local freifunk group:

Under "Vorteile" (advantages) it basically says:

  • via VPN guests are securely separated from the local network of the person running the access point
  • as all traffic runs through the freifunk network, you are not responsible for any legal issues. And freifunk acts as a provider. In Germany providers are released from legal responsibilities resulting from actions done via this access point, called "Störerhaftung".

In addition these access points can act as mesh nodes and connect to other freifunk nodes. But this only makes sense if you do not have a fast internet connection yourself.

1 Like

google translate works for me for de -> it, but not for de -> en. Strange...

Google translate works for me: The important section a la google:

Once your router has been set up with our software, you simply connect it to your existing Internet connection. So you do n't have to make any changes to your existing hardware . Your private network is securely separated from the Freifunk network by our VPN , direct access is not possible. You can also specify how much of your bandwidth you want to make available for Freifunk.

As the operator of a Freifunk node, you don't have to worry about liability for interference . With the provider privilege, Freifunk Rhein-Neckar eV is exempt from liability for interference .

Several Freifunk nodes connect to each other automatically as soon as they are within range. This increases the Freifunk network and the "radio cloud". Additional nodes only need a power connection, no additional cables have to be pulled. If there are several Internet access points, so-called uplinks, in a radio cloud, the failure safety increases : If an uplink is lost, the data is automatically forwarded to the Internet via the other Internet connections.

1 Like

Thanks for the input.
Looks like it's not worth the bother as it's too easy to bypass any restrictions, and it's against my ISPs TOS.

Yes I know I can just pull all their website under google translate, it's annoying to do that and the translation is not that great. A person that is part of that community can answer faster than I can make sense of a website.

Btw I never bother with translations from a non-english to another non-english language, in my experience Google Translate is decent only for X-> english or english -> X.

There is not one freifunk entity, but many regional ones (with differing infrastructure, rules et al). Traffic is still usually tunneled through their endpoints, to shield the AP owners from what their guests are doing. Often no longer using an out-of-country, but their own IP space - which they're managing as an 'ISP' with little to no logging. Only very, very few freifunk groups offer a balls-of-steel setting, using the AP owners' internet connection directly, without tunneling it through freifunk infrastructure and IP space.

Disclaimer: I'm not involved in freifunk, nor using their services from any angle.