Android Hotspot though a VPN

When your network disallows tethering

Warning: Although your network provider won’t be able to see the content of the traffic to/from your tethered devices, they will still see its presence and may become suspicious.

Pretending to be a Digital Nomad with my tripod — sock desk (Patent Pending)

My girlfriend and I are currently driving though America — as a result there are long stretches of dead time that I could be spending learning or developing. Although our UK data plan has a very generous usage limit, it prohibits using the connection with tethered devices thus (officially) killing any chance of some quality laptop-internet time in between arguing about who interpreted Google maps wrong this time.

I am in the process of learning Go with the added procrastination bonus of switching my text editor to Spacemacs after 10 years as a Vim user. Despite my best preparations the night before it was less than a second after creating my first empty .go file that I realized I hadn’t downloaded all the groovy Go stuff that I was hoping to learn during the journey. Here’s how I was very naughty and downloaded a few kB from my tethered laptop.

My equipment

  1. An Android device running the paid-for version of JuiceSSH (£4.79 at the moment)
  2. A DigitalOcean droplet publicly accessible over SSH
  3. A crummy Macbook Air with the SSH server set up

The Idea

Set up a SOCKS proxy on the android device to the DigitalOcean droplet and forward the port to my laptop.

Step 1

Hotspot (Connect the laptop to the phone)

This should be fairly straightforward — on the android device enable the hotspot and connect to it on the laptop as you would any WiFi connection.

Step 2

Setting up the connection from the Android device to the laptop

We need to connect the android device to both the laptop and the remote server.

On the laptop find the IP address that the WiFi connection is using by typing


into a terminal (for my laptop the relevant IP address can be found following en0 just after the inet field). You can also use your favourite graphical method to find this out.

Using this IP address create a new connection in JuiceSSH to the laptop.

Setting up the connection from the android device to the remote VM

Create another new connection in JuiceSSH to log into the remote server (in this case the DigitalOcean droplet). I recommend using mosh for this if available as it will handle spotty connections much better.

Either use the domain name if you have registered one, or the IP address of the VM.

It may be worth testing both of these connections before the next stage.

Step 3

Set up the SOCKS proxy on the Android device

On the Port Forwards tab in JuiceSSH, create a new item and give it a name such as Local SOCKS proxy. Choose the connection to the droplet that you created in the previous step. Change the mode to Dynamic (SOCKS) and choose a port number >1024.

When activated, this will now forward any traffic that port 5000 receives on the Android device across an encrypted connection to the remote computer. The network provider should not be able to inspect the content of this, but can see that data is being sent and received, which may look suspicious but should be OK for limited use.

Step 4

Forward a port on the laptop to the SOCKS proxy on the Android device

Create another Port Forward in JuiceSSH with the following attributes

Mode: Remote
Port(From): 5000
Port(To): 5000

where Port (From) matches the port chosen in step 3 and Port (To) is again chosen to be >1024.

When this is activated, anything that is received in port 5000 on the laptop is sent to port 5000 on the Android device, i.e. there is now a SOCKS proxy available on port 5000 of the laptop.

Step 5

Forwarding traffic on the laptop to the SOCKS proxy

To set the system wide proxy on OSX go to:

 System Preferences -> Network -> Advanced -> Proxies -> SOCKS Proxy

Enter as the address underneath ‘SOCKS Proxy Server’ and 5000 in the box immediately to the right (or the port number used in the Port (To) field in step 4).

Anything set up to use the system proxy should now be able to connect to the internet (e.g. Chrome).

At the time I was trying to download the Go package for Spacemacs, so had to tell it to use the proxy by setting the two environment variables http_proxy and https_proxy. To save on the typing I placed the following shell function in my .bashrc.local.

A shell script doesn’t work in this context as the variables will only be set in the spawned sub-shell

so when I call socks set the appropriate environment variables are set. Calling socks by itself resets the variables.

This probably took around 2 hours to figure out and set up (after a false start trying to reverse-SSH about the place) after which it was my turn to drive and so no coding was done that day — another win for acute technological meandering syndrome!