This hotspot/tethering limitation bypass beats PDANet, FoxFi, NetShare, EasyTether, WiFi Tether Router, and sshuttle tunneling. Reasons being:
This method compared to PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, and sshuttle tunneling:
. Least amount or no speed reduction, is reliable, doesn't break apps/programs/software, and no increase in https://www.waveform.com/tools/bufferbloat[bufferbloat]/ping spikes.
. Reliable with little to no speed reduction.
. Works for as many client (tethered to) devices as possible. It's plug and play after setup.
** This means no programs are required to be installed on client devices.
. Plug and play, works with other devices without installing apps.
. Difficult for telecoms to prove intentional bypassing of their tethering detections.
. Safe from your telecom, but make sure to lie well if questioned for excessive data usage.
. Bypassing DPI (Deep Packet Inspection); used to throttle & tamper with streaming services by limiting video quality, and sometimes enacting censorship.
. Bypasses throttling such as limited video quality on YouTube, and censorship.
== Requirements
* A rooted Android 5.0 or newer device with an active SIM card or eSIM.
** Android 4.4.4 is compatible if Magisk v20.4 or up to v22.0 is used.
== Requirements can't be met
* Get an unlocked Google Pixel phone that support all radio bands of your telecom.
** Use https://www.kimovil.com/en/[Kimovil] to check radio band support. Note that the same phone from different countries have different bands supported.
** The recommendation is an unlocked https://swappa.com/listings/google-pixel-4a-5g/unlocked[Pixel 4a (5G)] for $100 USD from https://swappa.com/vs/ebay[Swappa instead of Ebay].
This guide is tested from an unlocked US https://swappa.com/listings/google-pixel-4a-5g/unlocked[Pixel 4a 5G], it can be had for $100.
* The https://f-droid.org/en/packages/com.termux/[Termux] terminal emulator from F-Droid only (https://wiki.termux.com/wiki/Termux_Google_Play[why?]).
* https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] for its radio band locking; helps maintain and potentially increase network speeds.
* https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] for its radio band locking to maintain and increase network speeds.
** Tinkering is required to find your current location's best radio bands.
* https://github.com/AdAway/AdAway/releases[AdAway] to block Network Signal Guru's advertising.
** AdAway requires you to enable "Systemless Hosts" in Magisk's settings.
=== A custom kernel with "xt_HL.ko" support
.Testing if "xt_HL.ko" (netfilter's TTL/HL packet mangling) is present:
* If the TTL and/or HL isn't exactly the same as the tethering device, then modify the `ttl-inc` and `hl-inc` to match.
** inc = increment, dec = decrement; `ttl-inc 2` adds to the TTL by 2, `ttl-dec 1` subtracts the TTL by 1.
* IPv4/TTL: `$ ping -4 bing.com`
** For Android & macOS: `$ ping bing.com`
* IPv6/HL: `$ ping -6 bing.com`
** For Android & macOS: `$ ping6 bing.com`
== 3. Using a VPN to bypass DPI-based throttling, shaping, and censorship
== 2. Using a VPN to bypass DPI-based throttling and censorship
.Least shady free VPNs; not recommended.
[%collapsible]
@ -203,7 +174,7 @@ ___
* Ordered from best to worst:
. https://cloudflarewarp.com/[Cloudflare WARP] (never torrent on this). +
You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP+ for free], in which the "Railway App" method is recommended.
You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP+ for free].
. https://cryptostorm.is/cryptofree[Cryptofree]
** Using their free WireGuard server is recommended.
@ -216,10 +187,10 @@ You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP
.Open-source VPN protocol comparison; what is suitable for your situation.
[%collapsible]
====
* *WireGuard*, the fastest on reliable internet; easily blockable by DPI firewalls.
* *IKEv2/IPSec*, sometimes faster than WireGuard on unreliable internet. Depending on the VPN provider, IKEv2 can either be resistant to DPI firewalls (hide.me's implementation), or not at all.
* *SoftEther*, bypasses most DPI firewalls with good speeds in general, but is more complicated to set up for non-Windows OSes.
* *OpenVPN3*, resistant to DPI firewalls if tls-crypt is used alongside port 443; China, Iran, and Egypt require OpenVPN over SSL which further reduce speeds. This protocol isn't efficient and has bufferbloat issues.
* *WireGuard*: fastest on reliable internet; easily blockable by DPI firewalls.
* *IKEv2/IPSec*: sometimes faster than WireGuard on unreliable internet. Depending on the VPN provider, IKEv2 can either be resistant to DPI firewalls (hide.me's implementation), or not at all.
* *SoftEther*: bypasses most DPI firewalls with good speeds in general, but is more complicated to set up for non-Windows OSes.
* *OpenVPN3*: resistant to DPI firewalls if tls-crypt is used alongside port 443; China, Iran, and Egypt require OpenVPN over SSL which further reduce speeds. This protocol isn't efficient and has latency issues.
====
@ -228,7 +199,7 @@ You can get the https://github.com/TheCaduceus/WARP-UNLIMITED-ADVANCED[paid WARP
[%collapsible]
====
NOTE: TorGuard is the recommendation if streaming (Netflix, Hulu, Amazon Prime, etc) is necessary. Otherwise, try TorGuard -> hide.me -> Mullvad.
NOTE: TorGuard is the recommendation if streaming (Netflix, Hulu, Amazon Prime, etc.) is necessary. Otherwise, try TorGuard -> hide.me -> Mullvad.
. Network locking in their VPN software is reliable; very important to stay under the telecom's radar regarding "OS fingerprinting".
@ -270,13 +241,13 @@ This means higher ping/latency for some ISPs/telecoms; low latency is important
. https://web.archive.org/web/20220929090559/https://thatoneprivacysite.xyz/choosing-the-best-vpn-for-you/[An archive of "That One Privacy Site"], dated 19th December 2019. +
Use it as a second opinion on what justifies a good paid VPN provider.
TIP: Many VPN review websites and videos are dishonest, as Kape Technologies owns many popular VPN review websites to unfairly promote their products as the "best". +
TIP: Kape Technologies owns many popular VPN review websites to unfairly promote their products as the "best": +
. Random XDA forums posts and threads to accumulate personal experiences with hotspot/tethering bypass attempts.
[.lead]
Third-party scripts
. `/jffs/scripts/wan-event` used for Asuswrt-Merlin is a refined version of https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636[this script].
====
*You've reached the end of this guide.* Star it if you liked it.