Android Hotspot though a VPN
When your network disallows tethering
Warning: Although your network provider won’t be able to see the content of the traffic to/from your tethered devices, they will still see its presence and may become suspicious.
My girlfriend and I are currently driving though America — as a result there are long stretches of dead time that I could be spending learning or developing. Although our UK data plan has a very generous usage limit, it prohibits using the connection with tethered devices thus (officially) killing any chance of some quality laptop-internet time in between arguing about who interpreted Google maps wrong this time.
I am in the process of learning Go with the added procrastination bonus of switching my text editor to Spacemacs after 10 years as a Vim user. Despite my best preparations the night before it was less than a second after creating my first empty .go file that I realized I hadn’t downloaded all the groovy Go stuff that I was hoping to learn during the journey. Here’s how I was very naughty and downloaded a few kB from my tethered laptop.
- An Android device running the paid-for version of JuiceSSH (£4.79 at the moment)
- A DigitalOcean droplet publicly accessible over SSH
- A crummy Macbook Air with the SSH server set up
Set up a SOCKS proxy on the android device to the DigitalOcean droplet and forward the port to my laptop.
Hotspot (Connect the laptop to the phone)
This should be fairly straightforward — on the android device enable the hotspot and connect to it on the laptop as you would any WiFi connection.
Setting up the connection from the Android device to the laptop
We need to connect the android device to both the laptop and the remote server.
On the laptop find the IP address that the WiFi connection is using by typing
into a terminal (for my laptop the relevant IP address can be found following
en0 just after the
inet field). You can also use your favourite graphical method to find this out.
Using this IP address create a new connection in JuiceSSH to the laptop.
Setting up the connection from the android device to the remote VM
Create another new connection in JuiceSSH to log into the remote server (in this case the DigitalOcean droplet). I recommend using mosh for this if available as it will handle spotty connections much better.
Either use the domain name if you have registered one, or the IP address of the VM.
It may be worth testing both of these connections before the next stage.
Set up the SOCKS proxy on the Android device
On the Port Forwards tab in JuiceSSH, create a new item and give it a name such as
Local SOCKS proxy. Choose the connection to the droplet that you created in the previous step. Change the mode to
Dynamic (SOCKS) and choose a port number >1024.
When activated, this will now forward any traffic that port 5000 receives on the Android device across an encrypted connection to the remote computer. The network provider should not be able to inspect the content of this, but can see that data is being sent and received, which may look suspicious but should be OK for limited use.
Forward a port on the laptop to the SOCKS proxy on the Android device
Create another Port Forward in JuiceSSH with the following attributes
Port (From) matches the port chosen in step 3 and
Port (To) is again chosen to be >1024.
When this is activated, anything that is received in port 5000 on the laptop is sent to port 5000 on the Android device, i.e. there is now a SOCKS proxy available on port 5000 of the laptop.
Forwarding traffic on the laptop to the SOCKS proxy
To set the system wide proxy on OSX go to:
System Preferences -> Network -> Advanced -> Proxies -> SOCKS Proxy
127.0.0.1 as the address underneath ‘SOCKS Proxy Server’ and
5000 in the box immediately to the right (or the port number used in the
Port (To) field in step 4).
Anything set up to use the system proxy should now be able to connect to the internet (e.g. Chrome).
At the time I was trying to download the Go package for Spacemacs, so had to tell it to use the proxy by setting the two environment variables
https_proxy. To save on the typing I placed the following shell function in my
so when I call
socks set the appropriate environment variables are set. Calling
socks by itself resets the variables.
This probably took around 2 hours to figure out and set up (after a false start trying to reverse-SSH about the place) after which it was my turn to drive and so no coding was done that day — another win for acute technological meandering syndrome!