Skip to content

Instantly share code, notes, and snippets.

@salehjg
Forked from ShapeShifter499/vpn-hotspot.sh
Created January 4, 2023 21:03
Show Gist options
  • Save salehjg/f32ee9f0f0bd7a2f168a3f7c9d4aa271 to your computer and use it in GitHub Desktop.
Save salehjg/f32ee9f0f0bd7a2f168a3f7c9d4aa271 to your computer and use it in GitHub Desktop.
vpn hotspot script
#!/storage/xbin/bash
# This script should help forward VPN over any tethered connection on a Android device. Turn on tethering, then enable VPN, then run this script.
# Inital variable setup
tethering=0
# Setup iptables before forwarding VPN
iptables -A POSTROUTING -o tun0 -j MASQUERADE -t nat
# Check if bluetooth is tethered, if so forward VPN
blue=$(/system/bin/ifconfig bt-pan 2>/dev/null | grep "UP" | wc -l)
blueIP=$(ifconfig bt-pan | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$blue" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o bt-pan -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i bt-pan -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i bt-pan -o tun0 -j RETURN
ip rule add from $blueIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $blueIP.0/24 dev bt-pan scope link table 61
ip route add broadcast 255.255.255.255 dev bt-pan scope link table 61
blueTethered=1
tethering=1
echo "Set up VPN on Bluetooth sucessfully"
else
blueTethered=0
echo "Not tethering on Bluetooth"
fi
# Check if USB is tethered, if so forward VPN
usb=$(/system/bin/ifconfig rndis0 2>/dev/null | grep "UP" | wc -l)
usbIP=$(ifconfig rndis0 | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$usb" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i rndis0 -o tun0 -j RETURN
ip rule add from $usbIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $usbIP.0/24 dev rndis0 scope link table 61
ip route add broadcast 255.255.255.255 dev rndis0 scope link table 61
usbTethered=1
tethering=1
else
usbTethered=0
echo "Not tethering on USB"
fi
# Check if WIFI is tethered, if so forward VPN
wifi=$(dumpsys wifi | grep curState=TetheredState | wc -l)
wifiIP=$(ifconfig wlan0 | grep "inet addr" | cut -d":" -f2 | cut -d' ' -f1 | cut -d'.' -f1-3)
if [[ "$wifi" -gt 0 ]];
then
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -A FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan0 -o tun0 -j RETURN
ip rule add from $wifiIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $wifiIP.0/24 dev wlan0 scope link table 61
ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
wifiTethered=1
tethering=1
echo "Set up VPN on WIFI successfully"
else
wifiTethered=0
echo "Not tethering on WIFI"
fi
# Clean up if no tethering is occuring
if [[ "$tethering" -eq 0 ]];
then
iptables -D POSTROUTING -o tun0 -j MASQUERADE -t nat
if [[ "$blueTethered" -gt 0 ]];
then
iptables -D FORWARD -i tun0 -o bt-pan -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i bt-pan -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i bt-pan -o tun0 -j RETURN
ip rule add from $blueIP.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add $blueIP.0/24 dev bt-pan scope link table 61
ip route add broadcast 255.255.255.255 dev bt-pan scope link table 61
fi
if [[ "$usbTethered" -gt 0 ]];
iptables -D FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i rndis0 -o tun0 -j RETURN
ip rule delete from $usbIP.0/24 lookup 61
ip route delete default dev tun0 scope link table 61
ip route delete $usbIP.0/24 dev rndis0 scope link table 61
ip route delete broadcast 255.255.255.255 dev rndis0 scope link table 61
fi
if [[ "$wifiTethered" -gt 0 ]];
iptables -D FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j RETURN
iptables -D FORWARD -i wlan0 -o tun0 -m state --state INVALID -j DROP
iptables -D FORWARD -i wlan0 -o tun0 -j RETURN
ip rule delete from $wifiIP.0/24 lookup 61
ip route delete default dev tun0 scope link table 61
ip route delete $wifiIP.0/24 dev wlan0 scope link table 61
ip route delete broadcast 255.255.255.255 dev wlan0 scope link table 61
echo "Cleaned up iptables rules since we are not tethering"
else
echo "Sucessfully forwarding VPN over tethering"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment