Skip to content

Instantly share code, notes, and snippets.

@ShapeShifter499
Created September 3, 2016 18:53
Show Gist options
  • Save ShapeShifter499/61bac084f7c60c5edc7abc93544b48dd to your computer and use it in GitHub Desktop.
Save ShapeShifter499/61bac084f7c60c5edc7abc93544b48dd to your computer and use it in GitHub Desktop.
#!/storage/xbin/bash
# This script should help forward VPN over any tethered connection on a Android device.
# Turn on tethering, then enable VPN, then run this script.
# Inital variable setup
tethering=0
# Setup iptables before forwarding VPN
iptables -A POSTROUTING -o tun0 -j MASQUERADE -t nat
# Check if bluetooth is tethered, if so forward VPN
blue=$(/system/bin/ifconfig bt-pan 2>/dev/null | grep "UP" | wc -l)
blueIP=$(ifconfig bt-pan | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$blue" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o bt-pan -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i bt-pan -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i bt-pan -o tun0 -j RETURN
ip rule add from $blueIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $blueIP.0/24 dev bt-pan scope link table 61
ip route add broadcast 255.255.255.255 dev bt-pan scope link table 61
blueTethered=1
tethering=1
echo "Set up VPN on Bluetooth sucessfully"
else
blueTethered=0
echo "Not tethering on Bluetooth"
fi
# Check if USB is tethered, if so forward VPN
usb=$(/system/bin/ifconfig rndis0 2>/dev/null | grep "UP" | wc -l)
usbIP=$(ifconfig rndis0 | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$usb" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i rndis0 -o tun0 -j RETURN
ip rule add from $usbIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $usbIP.0/24 dev rndis0 scope link table 61
ip route add broadcast 255.255.255.255 dev rndis0 scope link table 61
usbTethered=1
tethering=1
echo "Set up VPN on USB successfully"
usbTethered=0
echo "Not tethering on USB"
fi
# Check if WIFI is tethered, if so forward VPN
wifi=$(dumpsys wifi | grep curState=TetheredState | wc -l)
wifiIP=$(ifconfig wlan0 | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$wifi" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan0 -o tun0 -j RETURN
ip rule add from $wifiIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $wifiIP.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
wifiTethered=1
tethering=1
echo "Set up VPN on WIFI successfully"
else
wifiTethered=0
echo "Not tethering on WIFI"
fi
# Clean up if no tethering is occuring
if [[ "$tethering" -eq 0 ]];
then
iptables -D POSTROUTING -o tun0 -j MASQUERADE -t nat
if [[ "$blueTethered" -gt 0 ]];
then
iptables -D FORWARD -i tun0 -o bt-pan -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i bt-pan -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i bt-pan -o tun0 -j RETURN
ip rule delete from $blueIP.0/24 lookup 61
ip route delete default dev tun0 scope link table 61
ip route delete $blueIP.0/24 dev bt-pan scope link table 61
ip route delete broadcast 255.255.255.255 dev bt-pan scope link table 61
fi
if [[ "$usbTethered" -gt 0 ]];
iptables -D FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i rndis0 -o tun0 -j RETURN
ip rule delete from $usbIP.0/24 lookup 61
ip route delete default dev tun0 scope link table 61
ip route delete $usbIP.0/24 dev rndis0 scope link table 61
ip route delete broadcast 255.255.255.255 dev rndis0 scope link table 61
fi
if [[ "$wifiTethered" -gt 0 ]];
iptables -D FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i wlan0 -o tun0 -j RETURN
ip rule delete from $wifiIP.0/24 lookup 61
ip route delete default dev tun0 scope link table 61
ip route delete $wifiIP.0/24 dev wlan0 scope link table 61
ip route delete broadcast 255.255.255.255 dev wlan0 scope link table 61
fi
echo "Cleaned up iptables rules since we are not tethering"
else
echo "Sucessfully forwarding VPN over tethering"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment