:experimental: :imagesdir: Pictures/ ifdef::env-github[] :icons: :tip-caption: :bulb: :note-caption: :information_source: :important-caption: :heavy_exclamation_mark: :caution-caption: :fire: :warning-caption: :warning: endif::[]
== About [.lead] This guide compared to others -> PDANet, FoxFi, NetShare, EasyTether, Wi-Fi Tether Router, TetherMe, iTether, MyWi, iPhoneModem:
. Supports hotspots from Android phones & tablets, iOS, iPadOS, and Quectel modems. . Methods used are all high performance and reliability, unlike SSH tunneling. . Fully open-source and free of charge.
== 1. Preparation / Hosting an unlimited hotspot
CAUTION: Never spoof to an IMEI of a device you do not own, it's illegal in the United States, and you will block the device of whoever uses it -- but only if it's on the same telecom.
.Spoof the Quectel modem's IMEI to a phone or tablet you own that has mobile data capability:
AT+EGMR=1,7,"The IMEI here"====
. https://pairvpn.com/install[Install PairVPN] from the App Store on the iOS or iPadOS device, and on the clients (such as a Windows laptop).
. Connect the client to your iOS/iPadOS device via its "Mobile Hotspot" or through USB tethering.
. Run PairVPN as a server on the iOS/iPadOS device, then use the PairVPN client on devices that connect to that server.
====
. https://github.com/pyamsoft/tetherfi#tetherfi[Install TetherFi] on the Android device.
. Open the TetherFi app.
. Configure the following in the "Hotspot" tab:
. Open the "How To" tab and follow its instructions.
====
. https://topjohnwu.github.io/Magisk/[Install Magisk].
brew install android-platform-tools.image-cheetah-ap3a.241105.007.zip, then extract bootloader-cheetah-cloudripper-15.0-11969070.img. Now there is an init_boot.img extracted which can be transferred over to the Pixel phone so you can use Magisk to patch it. Continue to follow the official instructions.. Download the https://github.com/felikcat/unlimited-hotspot/releases/download/v7/unlimited-hotspot-v7.zip[Unlimited Hotspot] Magisk module. . Open Magisk -> Modules -> Install from storage -> Select the "unlimited-hotspot-v7.zip" that was downloaded. . Reboot.
====
== 2. Moving past throttling
WARNING: If using the PairVPN method, VPNs cannot be used, only anti-DPI applications. The TetherFi method still allows for VPNs, but requires a VPN that can run off a proxy such as AirVPN.
NOTE: https://airvpn.org/[AirVPN] is useful if you require torrenting as it has comprehensive port forwarding support. + https://mullvad.net[Mullvad] generally has the fastest speeds. + https://www.mysteriumvpn.com/[Mysterium] or https://resivpn.com/[ResiVPN] is useful if you require residental IPs, or use streaming services that block VPNs. +
TIP: For every macOS or other OS device you use, you'd have to install PowerTunnel (or other anti-DPI application) on each; they do not have to be the same anti-DPI application.
.Install anti-DPI applications, specific to each OS:
FreeBSD, OpenBSD: https://github.com/bol-van/zapret/blob/master/docs/bsd.eng.md[zapret].
macOS and Linux: https://github.com/krlvm/PowerTunnel#configuring[PowerTunnel], or https://github.com/bol-van/zapret/blob/master/docs/readme.eng.md[zapret] (for macOS, use zapret's https://github.com/bol-van/zapret/blob/master/docs/bsd.eng.md[BSD instructions]).
Windows: https://github.com/macronut/ghostcp[GhosTCP].
Android: https://github.com/krlvm/PowerTunnel-Android#configuring[PowerTunnel for Android]; run it in VPN mode.
iOS/iPadOS: https://apps.apple.com/in/app/1-1-1-1-faster-internet/id1423538627[Cloudflare's 1.1.1.1 app]; any other VPNs utilizing WireGuard or OpenVPN work too.
. Make sure the https://github.com/krlvm/PowerTunnel/releases[latest PowerTunnel.jar] is downloaded.
. Download the https://adoptium.net/download/[Adoptium installer] and open it.
. After you got done installing Adoptium "Temurin", in Finder, kbd:[Left Option] + kbd:[Right Click] PowerTunnel.jar then click "Open". + image:kbmagic.jpeg[]
. image:settings_powertunnel.png[]
====
=== Additional required steps
. image:PowerTunnel1.png[480,360] . Use a low chunk size, such as "1": + image:PowerTunnel2.png[480,360]
====
. Go to PowerTunnel, then click on "Options". . Configure the upstream proxy server to match what TetherFi says to use. For my case, it was 192.168.49.1 with port 8228 for the HTTP/HTTPS protocol.
====
. https://github.com/felikcat/unlimited-hotspot/archive/refs/heads/main.zip[Download Unlimited Hotspot], then open unlimited-hotspot-main.zip in Finder to extract it.
. After extracted, open the "unlimited-hotspot-main" folder, then open its "macOS" folder.
. Open Terminal.
. Type sudo -i, enter your login password, then press kbd:[Enter].
. Type cp then drag the set-ios-tcp-stack.sh file in, press kbd:[Space], type in /var/root and press kbd:[Enter].
. Type cp then drag the felikcat.set.ios.tcpstack.plist file in, press kbd:[Space], type in /Library/LaunchDaemons and then press kbd:[Enter].
. chmod +x /var/root/set-ios-tcp-stack.sh
. launchctl load -w /Library/LaunchDaemons/felikcat.set.ios.tcpstack.plist
.Now we need to add three Packet Filter rules and enable PF.
. nano /etc/pf.conf
. Add the following three lines before nat-anchor: +
image:pf_rules.png[]
. pfctl -f /etc/pf.conf then pfctl -e
=== Routers For Quectel modems, or if the hotspot device is plugged into a router, then these steps are required:
. Advanced Settings - WAN -> disable Extend the TTL value and Spoof LAN TTL value.
. Advanced Settings - Administration
Enable JFFS custom scripts and configs -> "Yes"Enable SSH -> "LAN only"
. Replace the LAN IP and login name if needed: $ ssh 192.168.50.1 -l asus# nano /jffs/scripts/wan-eventSay() { printf '%s%s' "$$" "$@" | logger -st "($(basename "$0"))" } WAN_IF=$1 WAN_STATE=$2
SERVICE_SCRIPT_NAME="wan${WAN_IF}-${WAN_STATE}" SERVICE_SCRIPT_LOG="/tmp/WAN${WAN_IF}_state"
if [ -f "/jffs/scripts/${SERVICE_SCRIPT_NAME}" ]; then Say " Script executing.. for wan-event: $SERVICE_SCRIPT_NAME" echo "$SERVICE_SCRIPT_NAME" >"$SERVICE_SCRIPT_LOG" sh /jffs/scripts/"${SERVICE_SCRIPT_NAME}" "$@" else Say " Script not defined for wan-event: $SERVICE_SCRIPT_NAME" fi
# nano /jffs/scripts/wan0-connected
[source, shell]sleep 5s; modprobe xt_HL; wait
iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
Now, set permissions correctly to avoid this error: custom_script: Found wan-event, but script is not set executable! +
# chmod a+rx /jffs/scripts/* +
# reboot
====
Copy the following TTL settings: + image:firefox_wsJ71hUwXh.png[] + image:firefox_lnpySSfHOt.png[]
====
Network -> Firewall -> Custom Rules
[source, shell]iptables -t mangle -D PREROUTING -i usb+ -j TTL --ttl-inc 2 iptables -t mangle -D POSTROUTING -o usb+ -j TTL --ttl-inc 2 ip6tables -t mangle -D PREROUTING ! -p icmpv6 -i usb+ -j HL --hl-inc 2 ip6tables -t mangle -D POSTROUTING ! -p icmpv6 -o usb+ -j HL --hl-inc 2
====
== 3. Using dnscrypt2 to get past webpage blocks
TIP: Unnecessary if using a VPN.
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation[Installation instructions for other OSes], such as Windows, Linux, etc.
. Go to https://ipleak.net/[AirVPN's IP Leak] to see your current DNS servers. Save a screenshot of this page.
. https://brew.sh/[Install Homebrew] if you haven't already.
. brew install dnscrypt-proxy
. Be sure to read the information Brew gives you after it's done installing dnscrypt-proxy.
. Open Settings, go to Network, then click on the Network interface you are currently using; for me, that is "USB 10/100/1G/2.5G LAN".
. Click "Details..." +
image:settings_dnscrypt.png[]
. Go to DNS, press the Plus (+) button under "DNS Servers", then type in 127.0.0.1 +
image:settings_dnscrypt_2.png[]
. Go back to https://ipleak.net/[AirVPN's IP Leak] to see if the changes to your DNS servers is successful; compare it to your prior screenshot.
====
== 4. Confirm the hotspot is un-throttled
== 5. Improving internet speeds
.Android only -> Enable Data Saver:
.Android & iOS/iPadOS & Quectel -> Disable roaming:
.Android & iOS/iPadOS & Quectel -> Switch cell tower providers specifically for problematic areas
.Rooted Android & Quectel -> Using specific 4G, LTE, 5G NA, or 5G SA bands:
. Install https://apkpure.com/network-signal-guru/com.qtrun.QuickTest[Network Signal Guru] then use it to set the allowed LTE bands to only the "LTE 4x4 Bands" listed on https://cacombos.com/device/G025E[cacombos.com] for your device. This could stabilize your speeds, and can potentially increase speeds.
. If the ads bother you, enable Systemless Hosts in Magisk's settings, then install https://github.com/AdAway/AdAway/releases[AdAway] and use its Root method; do not use its VPN method.
.Android only -> Disable "hotspot hardware acceleration" in the Settings app:
== Appendices
. https://archive.org/download/p173_20220313/p173.pdf . https://archive.org/download/technology-showcase-policy-control-for-connected-and-tethered-devices/technology-showcase-policy-control-for-connected-and-tethered-devices.pdf . https://archive.org/download/geneva_ccs19/geneva_ccs19.pdf . https://incolumitas.com/2021/03/13/tcp-ip-fingerprinting-for-vpn-and-proxy-detection/ . https://github.com/NikolaiT/zardaxt . https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/ . Showed that moving past the hotspot clasification on non-jailbroken iOS and iPadOS devcies is possible, via ad-hoc Wi-Fi on the client, and a proxy server on the iOS/iPadOS device: https://blog.cyrusroshan.com/post/phone-data-hotspot
[.lead] Third-party scripts
. /jffs/scripts/wan-event used for Asuswrt-Merlin is a refined version of https://www.snbforums.com/threads/wan-start-script-also-run-on-wan-stop.61295/#post-542636[this script].
====
You've reached the end of this guide. Star it if you liked it.
'''
=== Donations Tip the apps or programs you rely on, such as TetherFi for non-rooted Android devices; some like PowerTunnel don't seem to take donations.