Sometimes it is required or socially expected to offer an internet connection to untrusted devices. Segmentation in a guest network keeps these away from trusted devices. Hpwever, letting untrusted devices use the Internet connection directly can have unforeseen consequences, especially for the owner of the connection. In this guide an outgoing VPN connection on the router is configured as a mandatory WAN interface for a guest network. Traffic from and to the guest network will seemingly enter and exit the Internet at the VPN server.
OpenVPN can be used with an obfuscation proxy, such as obfsproxy or obfs4, to avoid identification of VPN traffic through deep packet inspection. In this post I explain a connectivity problem that client-side OpenVPN faces when such a proxy is approached as a local SOCKS proxy by OpenVPN. A solution is provided, of course.