Sometimes it is required or socially expected to offer an internet connection to untrusted devices. Segmentation in a guest network keeps these away from trusted devices. However, letting untrusted devices use the internet connection directly can have unforeseen consequences, especially for the owner of the connection. In this guide an outgoing VPN connection on the router is configured as a mandatory WAN interface for a guest network. Traffic from and to the guest network will seemingly enter and exit the internet at the VPN server.