Securely connect an untrusted device to my home net

Hi,

I just got a new solar power unit that offers remote monitoring but I did not connect it to our home net yet because I don't trust it not to snoop around.

Is there an easy way to use my OpenWrt router to only let the device connect to the internet without accessing the rest of the network?

Thanks!

Create a own VLAN/Interface for it. And if it is Wifi then also own SSID that you then bridge to the new Interface. Then you can create a firewall rule to only allow internet communication.

It would be something like it is explained in Guest WLAN
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan-webinterface

4 Likes

That sounds good! The only point is that I need to use a wired connection. I guess I could use one of the LAN 1-4 connectors and define an interface for that but that would also mean that I required a dedicated cable from the device to the router and I could not use an already existing line (switch) nearby, right?

https://openwrt.org/docs/guide-user/network/vlan/creating_virtual_switches

3 Likes

Yes, on the "Switch" page configure a new VLAN as "untagged" on the port you connect that device to and "off" on all other ports.

Unless that switch is managed and allows you to configure the VLANs. Or your Solar device allows VLAN tagging.

2 Likes

Thanks - that is very helpful!

Just thought about an alternative solution of setting up a router between the solar device and my home network. Like this I can make sure that VLAN tagging is available (and respected)

1 Like