Ok so a while back I discovered that after you gain root access to the BIONIC (probably works with other too. idk...) you can make changes to iptables. For those who don't know what that is: It's a built in firewall that handles packets as they come in and leave your phone. This is pretty much the defacto standard for any Linux machine to date (please enlighten me if I'm wrong). Anyhow, after discovering this I came up with an idea to see if I could pipe my hotspot directly into my openvpn tunnel. Well, after a bit of web research on how iptables works I was able to get it up and running. HOWEVER I'm not an expert at this yet, and my config definitely has a flaw in the fact that I leave the phone completely vulnerable on the "rmnetX" interface, as I completely flush the old tables to add mine, leavign the firewall WIDE OPEN. I'll post a fix as soon as I can come up with one. In the mean time here's the steps to take to get your phone to be a hotspot access point to your openvpn network!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!
