- Start the VPN connection.
- Start WiFi hotspot.
- Open a terminal or ADB shell, run the following commands as su -:
iptables -t filter -F FORWARD iptables -t nat -F POSTROUTING iptables -t filter -A FORWARD -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE
thantos_mehak also posted his source code that makes above last step a simple click. I edited the code with above commands, compiled it and it worked fine. Note：
- Your phone must be root.
- You don't need to run VPN on other devices that are tethered to the phone.
- If other devices still cannot connect, but ping 220.127.116.11 is successful, then change their DNS servers to, say, 18.104.22.168 and 22.214.171.124. Or add another commands:
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 126.96.36.199
PS: WiFi Tether Router by Fabio Grasso works through VPN on its own (i.e. no need of above iptables commands). It is also the most featured among such apps I've seen. The only missing feature is auto WiFi channel. It works fine on my Galaxy S4 (root stock 4.3 ROM) but does not on my Pantech Burst.
PPS: Works for native Android Bluetooth PAN and USB tether too, and for proxy too (might need some extra routing work).
PPPS: For KitKat 4.4.2, some ip routes must be added as described in this XDA post:
ip rule add from 192.168.43.0/24 lookup 61 ip route add default dev tun0 scope link table 61 ip route add 192.168.43.0/24 dev wlan0 scope link table 61 ip route add broadcast 255.255.255.255 dev wlan0 scope link table 61
PPPPS：For some phones, even earlier than 4.4, the added lookup 61 will be removed randomly, hence need to be added again and again. Sometimes it is 60 instead of 61.