I have a home setup with private services and Wireguard to phone in from outside, and would sometimes like to be able to access some of these services from devices that don’t have their own Wireguard client like an eBook reader.
Ideally, I would have Wireguard on my Android phone, create a WiFi hotspot and allow other devices to use that Wireguard connection. Out of the box this doesn’t work. Does anybody know how to achieve it?
You must log in or register to comment.
You can (basically) only do this with a rooted phone. There are some permissions issues that prevent the hotspot network adapter from being shared over the VPN client otherwise. This article from Proton is just an ELI5 splainer, you can go deeper with some searches.
If you have root and/or a custom ROM already (which usually assumes root) it’s not that complicated.
Couldn’t you just use termux or similar to run a tunnel using SSH to the interface?
Or simply set up a socks listener and forward that IP:port to the IP of the WG interface?
Thanks for the link. I am on Graphene, and if a fellow poster in here is correct that doesn’t help. Bummer.
Yeah sorry I don’t have experience with Graphene but a quick search seems to say root is very difficult with it. Maybe look into flashing a different custom ROM if you really need this.
One thing I’ve done quite a bit is use my travel router (I have a GL-Inet Slate but there are lots of options) to repeat my hotspot, then connect all my devices via the router. And set the VPN up on the router. This way everything going out over the hotspot is encrypted anyhow.
For my needs, I can power the Slate by plugging it into my laptop or even my phone via usb-c. It’s very portable and versatile. Ymmv.
Thanks for the ideas. I’ll consider it, although my use case doesn’t really warrant carrying a router around.
Granted, you’re using a home setup. But you could still consider setting up the VPN on a central AP and repeating your hotspot through it to make everything going in and out of your network encrypted and more secure. None of your actual traffic (besides what your phone is emitting) will be in the clear, which is better than nothing.
Almost any router with VPN and repeater options will accomplish this if you don’t wanna root your phone. I’ve flashed OpenWRT on the equivalent of router potatoes over the years. It’s pretty straightforward.
I agree, it’s a good solution. Just not worth the downsides for my situation currently.
lineageOS, and CalyxOS both let you share vpn over hotspot connections.
TIL GrapheneOS does not have that option.
Dang, also on Graphene…
here’s a thread with official Graphene voices saying it won’t happen (and why)
Yeah, to me it’s a absolute killer feature for a travel phone. The GOS discussion around it boils down to violating the android profile security model.
E.x., im using a hotel wifi that only allows one device, or I have a esim for one phone only that doesn’t allow “tethering”.
Fair enough on the security model, but at least give me the option… Maybe with a always on notification warning. Being paternalistic about how you think the phone will be used and in which context is overstepping for infrastructure
I travel with a backup phone, and because of this I have calyxos on the backup and not gos.
Having strong opinions is what Graphene does. 😅
And they do seem to be an authority on all things security, so most of the time I like that about them.
Check out the “VPN hotspot” app from the play store. You’ll need root, unfortunately.
Thanks, but not an option.
This can be achieved with tailscale using subnet routing. your local devices (ebook readers) can access your private servers if they are on a device thats on your tailnet (your phone).
Really? How does that work? Maybe it’s time to look into Tailscale after all…
@tofubl tailscale is a mesh network that connects your clients together. and those clients would run a tailscale client on them. There is an additional option of sharing the local network that your device is on with your main tailscale network, thus connecting all your home devices to your private self hosted server network.
This page has more details along with a video that goes in detail: #[1](https://tailscale.com/kb/1019/subnets)
Much obliged.
I have also wondered if this is possible. I’m not sure if it is. Here’s a reddit thread where someone struggled with this using an iPhone.
