WARNING: **Rooting is a very bad idea, as it will entirely break the security model of Android.** +
If you're considering using an unused phone to tether from (which is rooted, and contents were already wiped), check the bands it supports on link:https://www.kimovil.com/[Kimovil].
** Known kernels with support (and seem high-quality):
*** Freak07's link:https://forum.xda-developers.com/t/kernel-23-07-2021-android-11-kirisakura-1-1-8-for-asus-zenfone-8-aka-sake.4295287/[Kirisakura] for ASUS ZenFone 8
For kernel tweakers: link:https://web.archive.org/web/20210423030541/https://forum.xda-developers.com/t/magisk-stock-bypass-tether-restrictions.4262265/[an aid with enabling "xt_HL.ko" support through Magisk]
** Directly prove this method (link:https://github.com/RiFi2k/unlimited-tethering[among some others]) is being used
*** Telecoms do know about this, but the offensive (this guide) is much stronger than the defensive, their defense being: DPI software, and the OS (Android and iOS) telling the telecom that it's tethered +
This guide can solve the OS problem unless it's iOS (buy the latest Google Pixel next time, it has proper firmware & hardware & software security as iPhones do)
* Your telecom can (if no traffic encryptor such as Tor or a VPN is used):
** Check for specific domains being connected to that only a Windows PC or Mac would connect to, but not an Android phone.
** Use link:https://en.wikipedia.org/wiki/Deep_packet_inspection[DPI software] to shape traffic based on certain criteria(s), such as Video Streaming (throttling YouTube videos and/or Netflix, and/or forcing lower video quality)
* A paid VPN is recommended since it's easy to route all traffic through it, and shouldn't reduce speeds, given the following criteria:
** Protocol used is WireGuard (fastest, expect on unreliable links), IKEv2 (best on unreliable links), or SoftEther (reasonably fast and best at bypassing DPI). +
** If the speeds are lower than expected on all protocols, connect to the VPN on a different device, specifically one with link:https://en.wikipedia.org/wiki/AES_instruction_set#x86_architecture_processors[AES-NI supported]
WARNING: VPNs don't grant privacy, Tor and I2P do; these can easily be used alongside a VPN if desired +
For this guide, VPNs are used for the intention of hiding traffic from your telecom, and ensuring web content isn't blocked +
*`Ultimately, usage of a VPN is optional`*
.Good paid VPN providers do the following (and VPN recommendations)
[%collapsible]
====
* Transparent communication
* Use only dedicated/physical/bare metal servers
** Dedis are faster and more secure than virtual servers ("VPS" / "VDS")
** No hard drives installed in the servers is a good bonus
* No fake (geo-located) server locations
** Unless they are stated as such
* All server locations allow all traffic except outbound port 25 (to prevent email spam abuse)
* Ability to link:https://airvpn.org/faq/port_forwarding/[select ports to forward].
** AirVPN, hide.me, and TorGuard have the best implementations of port forwarding
*** link:https://teddit.net/r/VPNTorrents/comments/oqnnrq/list_of_vpns_that_allow_portforwarding_2021/[List of VPNs that allow P2P and Port Forwarding]
* Recommendations based on the above criteria and personal experiences:
. link:https://airvpn.org[AirVPN]
** Mirrors: link:https://airvpn.dev[AirVPN #2] | link:http://airvpn3epnw2fnsbx5x2ppzjs6vxtdarldas7wjyqvhscj7x43fxylqd.onion[AirVPN via Tor]
. link:https://mullvad.net[Mullvad]
** Mirror: link:http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion[Mullvad via Tor]
. link:https://hide.me[hide.me] (supports IKEv2 and SoftEther; the other recommendations don't)
* link:https://f-droid.org/en/packages/com.termux.boot/[Install Termux:Boot] and disable "battery optimizations" for Termux and Termux:Boot in your phone's settings
* Make the script:
. `$ mkdir -p ~/.termux/boot` +
. `$ cd ~/.termux/boot` +
. `$ nano set-tether-ttl.sh`
NOTE: Replace "v4-rmnet_data2" with your network interface if it's different
** `$ chmod +x set-tether-ttl.sh && sh set-tether-ttl.sh`
Termux:Boot will automatically run set-tether-ttl.sh after startup/boot, though it will break if the interface name changes, which I cannot test nor know if this happens on Android, and if it does it may be specific to a ROM