Sometimes it is required or socially expected to offer an internet connection to untrusted devices. Segmentation in a guest network keeps these away from trusted devices. However, letting untrusted devices use the internet connection directly can have unforeseen consequences, especially for the owner of the connection. In this guide an outgoing VPN connection on the router is configured as a mandatory WAN interface for a guest network. Traffic from and to the guest network will seemingly enter and exit the internet at the VPN server.
Using 64-bit ('aarch64') Arch Linux ARM on a Raspberry Pi 4 with 8 GB of RAM presents several challenges related to headless (no HDMI) boot, USB support, and a wireless network adapter that sometimes fails to initiate. This short guide can help in overcoming these challenges.