Below is my experience. I hope this can help you.
WiFi LAN
phone<------------------> laptop <-------> Proxy<----->Internet
10.1.1.10 10.1.1.1 NATed
Prerequisite:
1. laptop or pc has wireless adapter that support configured as AP.
2. OS that support NAT (LAN as public network, wifi as private network).
My laptop is Windows XP SP3
3. A DHCP/DNS server. I use DualServer
Steps:
1. Configure wireless adapter as AP mode and give a static IP. (10.1.1.1, netmask is 255.255.255.0
2. Configure DualServer in laptop.
I just modified DualServer.ini with following line based on defalut installation.
[LISTEN-ON]
10.1.1.1 # only listen this interface, not affect office network
[DHCP-RANGE]
DHCP_Range=10.1.1.100-10.1.1.119
DNS_Server=10.1.1.1 # all phone's DNS query request will be forwarded to latptop
Router=10.1.1.1 # all phone's traffic will be routed to laptop
[xx:xx:xx:ea:a5:8d] # phone's wifi interface MAC Address, in order to given fixed IP.
IP_Addr=10.1.1.10
DNS_Server=10.1.1.1
Router=10.1.1.1
3. Configure NAT on XP laptop
In command window:
a). net stop remoteaccess
b). netsh routing ip nat install
c). netsh routing ip nat delete interface "Local Area Connection" full
d). netsh routing ip nat add interface "Wireless Network Connection 5" private
e). netsh routing ip nat add interface Internal private
f). net start remoteaccess
Please replace your interface name on step c) and d).
4. Start wireless AP on laptop. Make sure laptop can access internet.
Open wifi on phone, find laptop's AP and link to. Then phone will be allocated a IP (10.1.1.10).
You can configure some security protocol on phone and laptop.
5. In most case, Your office internet access is via proxy.
You should also install a proxy app called TransProxy in phone.
Then configure your proxy info to TransProxy.
6. Does not work?
Install Android SDK if not. run "abd shell"
ping 10.1.1.1, It should be OK, other You have wireless configuration error.
ping address1 is OK (address1 is IP address of your LAN interface),
Other Your NAT configuration contains error.
Now you can surf internet on phone now.
If your wireless adapter does not support AP mode.
Please refer to another thread, (forum.xda-developers.com/showpost.php?p=8686601&postcount=17)
It still can share laptop's internet.
How does DNS work?
I am trying to use transproxy but I have not idea how the DNS could work. My understanding is all the traffic will go through transproxy. But my phone doesn't know anything about it, right? The iptables redirects the traffic from port 80, 443, etc. to redsocks. If my phone's applications don't know the proxy, how can they use GET http instead of DNS query?
I'm trying to confirm whether or not ICS ignores DHCP obtained DNS settings. Could someone with a Galaxy Nexus and the ability to sniff wireless traffic (or at the router level) check to see if it's making queries to Googles server (8.8.8.8) or the DHCP obtained server?
I'm running a preview build of ICS on my HTC Incredible and it's querying 8.8.8.8 instead of 192.168.1.1. I'm running a dual stack network so if I change from DHCP to static DNS settings, I see strange behaviour. After a short while on static IPv4 settings, only DNS AAAA record lookups are attempted.
Using Gingerbread 2.3.7 (dhcpcd 4.0.15 instead of ICSs 5.2.10) on another Incredible, the proper DNS server is utilized.
Thanks
An easier way to check is to connect with adb and run the following:
Code:
> adb shell
$ getprop | grep dns
Using tcpdump I've confirmed that the Incredible running ICS is not requesting DHCP option 119.
The DHCP ACK packet is missing both option 6 and 15 and therefore the DNS property is showing 8.8.8.8
Terminal emulator anyone?
Code:
$ getprop | grep dns
Nevermind. I found the problem. It was with the preview build on the Incredible.
dhcpcd.conf, interface != eth0
I've tried searching on this issue but didn't manage to find the solution. I'm sorry if someone had already discussed about this, please let me know the thread if it was already discussed.
I setup PPTP VPN on Galaxy Nexus using the native client, and it could connect fine and all Internet traffic from the phone goes via the VPN.
However, when I activate Wifi Hotspot feature, my Wifi-connected clients does not seem to be able to browse Internet via the VPN tunnel that was already created prior to activating the hotspot feature. At the same time, VPN still works when browsing directly on the phone itself.
The issue is similar to as discussed here http://www.featvpn.com/tethering-and-hotspot although I don't use this FeatVPN.
While I'm familiar with setting up routes on cisco and Linux/Windows, but I'm not too sure how to go about doing this to allow my Wifi clients to send data to the VPN via Wifi.
Thanks in advance.
same issue with
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
the developer of that app says it's a bug with ICS and I tried it today with JB and same result
I think it's something we need to bring to Google about
hmm, is it a "feature" ?
anyone aware of a workaround on this? Thanks in advance.
seems like nobody knows?
I'd imagine that if the VPN app itself could take over some of the hotspot functions, it could define traffic coming from those devices as what you call "interesting traffic", therefore pushing it through the tunnel.
Given that this is what we had to do prior to google including hotspot functionality anyways, I don't see why it couldn't be done.
seems like i'm still unable to find out how to enable Wifi clients to connect to the VPN network that is connected to the Android.
On another note, I performed similar test on an iPad with wifi Hotspot. After the iPad got connected to VPN, I enabled Wireless Hotspot on the iPad... wifi clients connected to the iPad.. again, could only access the 3G internet on the iPad, but not the VPN network that is on the iPad... and like the Android case, the iPad could access the VPN no issues at the same time that the wifi clients are connected, but couldnt...
really wished there was an easy way to change the routing.. seems like clients coming in via the Wifi interface are routed to 3G but not the VPN...
I'm beginning to think Google has done this on purpose...
my Nexus 7 can't connect to VPN via my Galaxy Nexus ( WiFi hot-spot ) or my Nexus S ( WiFi hot-spot )
and if I connect to the VPN on the WiFi hot-spots and connect my Nexus 7 and/or Galaxy Tab 10.1 to the WiFi hot-spots... neither can connect to the internet... it just eventually times out
yet all my other hotspot devices ( non android ) work fine
Nexus 7 - Jelly Bean 4.1.1 JRO03D - not rooted, locked
Galaxy Nexus Jelly Bean 4.1.1 JRO03D - not rooted, unlocked
Nexus S - 4.0.4 Ice Cream Sandwich IMM76D - not rooted, unlocked
Galaxy Tab 10.1 - 3.2 Honeycomb HTJ85B.XXKL2 P7510XXKL2 - not rooted, locked
all using stock
hotspot VPN issue.
Long story short: Figured out the hard way that I can't use my remote broadcast gear without a static IP. With that said, I'm trying to find a workaround where I can have it connect to my galaxy S3's hotspot and use a VPN to trick the remote broadcast gear to think it's on the same network as my remote broadcast reciever (comrex access) so I can just use a 192.xxx IP address on the remote unit (Comrex Access Port.) to connect to my studio while on location.
If anyone knows how to do this stuff, you guys do. Thank you in advance for any tips!
yeah...i have same problem....looking for solution...
Solved need root
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
zullinux said:
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
Click to expand...
Click to collapse
Thanks a lot for your tutorial
Can you please explain the last point in detail?
How do i know the number of my tethering table? And is the private address same as the client address in the openvpn server configuration file?
zullinux said:
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
Click to expand...
Click to collapse
Think this is slightly overcomplicated. Here is a more simple method that should work for everyone:
Download a terminal client, e.g. ConnectBot and connect to your local shell.
Enter `su` to become root. (Double check with whoami afterwards).
Enable wifi tethering and ensure your data connection is working (connect to VPN)
Run `netcfg` and note your interface names (typically tun0 and wlan0 (ignore m.wlan0 or similar, only take the one with a real mac address), as is on my SGSII)
Double check the subnet for your wlan0 device and enter the following commands:
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
(setup a postrouting entry for the tethered devices subnet, implementing NAT)
iptables -A FORWARD -j ACCEPT -i wlan0 -o tun0
forward packets from tethered devices across the tunnel
iptables -A FORWARD -j ACCEPT -i tun0 -o wlan0
forward packets from the tunnel to the tethered devices
Note, because you are using NAT, you will need to configure port forwards on your Android device to be able to run servers etc on tethered devices. Unlikely you'll need to worry about that though. Feedback if it worked or not. Posting this now from my home IP thanks to OpenVPN for Android and these iptable rules!
zullinux said:
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
Click to expand...
Click to collapse
I get hung up on the last step.
When I type, 'ip rule show,' I get:
0: from all lookup local
32765: from 192.168.43.0/24 lookup 60
32766: from all lookup main
32767: from all lookup default
'ip route add 192.168.43.0/24 dev tun0 table 60' gives me:
Cannot find device "tun0"
I am using the native VPN, and I was connected. I also had the hotspots active.
Thanks for any help!
---------- Post added at 10:54 PM ---------- Previous post was at 10:23 PM ----------
Sorry, I did not see the post above mine. Ppp0 seems to be what it was called. I did the above with wlan0 and ppp0 as root (su). Still no joy though on gs3 w/cm10.
trying to use this with stock pptp vpn
Guys I have tried to follow both of these with no success can you help
Hi Guys
I have managed to successfully root my UK Vodafone 2.3.3 Desire Z and get the new Andromadus Jelly Belly build installed no problem.
I am really impressed with the build btw.... It is very stable and very fast
Here is my problem
I have setup an inbound connection on a Windows 7 host for PPTP VPN so that all of my mobile internet traffic is transparent and routes through my personal Fiber connection. The connection itself works great and I can connect my handset via its mobile data connection no problem to the VPN and all traffic from the handset goes through the VPN. However, if I enable WIFI Tethering the handset is still ok however, any devices connecting to the hotspot can connect ok but can't go anywhere. I did notice yesterday that it does seem to resolve internet DNS queries and a tethered device can ping the VPN assign DHCP address of the connected hotspot handset but no other IPs on that subnet
I have tried the following supplimenting tun0 with ppp0 as per the attached screen shot and I tried to attempt doing it the second way too however, when I do an ip rule show I don't get a specific table setting for tethering so that was a no go.
Here are the instructions that I followed from - http://forum.xda-developers.com/show...1766020&page=2
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
Think this is slightly overcomplicated. Here is a more simple method that should work for everyone:
Download a terminal client, e.g. ConnectBot and connect to your local shell.
Enter `su` to become root. (Double check with whoami afterwards).
Enable wifi tethering and ensure your data connection is working (connect to VPN)
Run `netcfg` and note your interface names (typically tun0 and wlan0 (ignore m.wlan0 or similar, only take the one with a real mac address), as is on my SGSII)
Double check the subnet for your wlan0 device and enter the following commands:
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
(setup a postrouting entry for the tethered devices subnet, implementing NAT)
iptables -A FORWARD -j ACCEPT -i wlan0 -o tun0
forward packets from tethered devices across the tunnel
iptables -A FORWARD -j ACCEPT -i tun0 -o wlan0
forward packets from the tunnel to the tethered devices
and here is my netcfg and 'ip rule show'
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Any help would be really appreciated guys.
zullinux said:
Solved, need root
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
Click to expand...
Click to collapse
I have the following config:
OpenVPN server
10.8.0.1
OpenVPN client android phone:
tun0 10.8.0.6
Turned on wireless tethering and now i also have:
wlan0 192.168.43.1"interface on android phone
Client PC(linux ) - through tethering
192.168.43.164
I can ping 10.8.0.6 from linux and I can ping both 192.168.43.164 and 10.8.0.1 from android.
Made the following config on android:
iptables -t nat -A POSTROUTING -j ACCEPT
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
iptables -A FORWARD -j ACCEPT -i wlan0 -o tun0
iptables -A FORWARD -j ACCEPT -i tun0 -o wlan0
There is only one small problem: I can't access the internet from Client PC(linux)
traceroute gives no output
Can anyone help? thanks!
So did anyone ever have any solid luck on this? I did not following this guide, i still get limited connections,I have recently started using a VPN and have run into this issue, if i activate tethering with the VPN connected I get a "limited" connection on any device trying to connect to my android and cant surf.
I just switched from witopia to privateinternetacess and here's the thing, i did not have this issue with witopia, i could tether just fine with my VPN ( all of their protocols) active and everything worked as it should connected devices showed ip's from the VPN as they should and browsed just fine.
Could this issue be something related to the VPN servers/providers themselves? I requested help from the helpdesk for Privateinternetaccess and they told me they couldn't help saying they weren't "licensed" to, whatever that means.
fern420 said:
So did anyone ever have any solid luck on this? I did not following this guide, i still get limited connections,I have recently started using a VPN and have run into this issue, if i activate tethering with the VPN connected I get a "limited" connection on any device trying to connect to my android and cant surf.
I just switched from witopia to privateinternetacess and here's the thing, i did not have this issue with witopia, i could tether just fine with my VPN ( all of their protocols) active and everything worked as it should connected devices showed ip's from the VPN as they should and browsed just fine.
Could this issue be something related to the VPN servers/providers themselves? I requested help from the helpdesk for Privateinternetaccess and they told me they couldn't help saying they weren't "licensed" to, whatever that means.
Click to expand...
Click to collapse
Hi fern,
Kindly check this thread:
http://forum.xda-developers.com/showthread.php?p=35921217
I am using Note 2 and HMA vpn.
By using the built-in hotspot function, all my connectes devices cannot connect to the internet when VPN is active.
I have to disconnect my VPN so that my connected devices can access the internet.
With the above thread and solution, I don't have to disconnect my VPN anymore and all my connected devices can access the internet.
Please try and post feedback.
Regards,
Morisa
Sent from my GT-N7100
mmorisa said:
Hi fern,
Kindly check this thread:
http://forum.xda-developers.com/showthread.php?p=35921217
I am using Note 2 and HMA vpn.
By using the built-in hotspot function, all my connectes devices cannot connect to the internet when VPN is active.
I have to disconnect my VPN so that my connected devices can access the internet.
With the above thread and solution, I don't have to disconnect my VPN anymore and all my connected devices can access the internet.
Please try and post feedback.
Regards,
Morisa
Sent from my GT-N7100
Click to expand...
Click to collapse
Thank you very much!... after some fiddling, it just worked, and now I can stream pandora from my MAC, thank you!
CekMTL said:
Thank you very much!... after some fiddling, it just worked, and now I can stream pandora from my MAC, thank you!
Click to expand...
Click to collapse
Good.... Good... Good... :thumbup:
Sent from my GT-N7100
Gna try this solution now....but
zullinux said:
Solved, need root
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
That's ALL! Hope it works for you too
Click to expand...
Click to collapse
How do I get my private address???????????
God why am I such a noob...
I've been 'googling'...
No specific command or way to know my private address
Hi Guys
I have managed to successfully root my UK Vodafone 2.3.3 Desire Z and get the new Andromadus Jelly Belly build installed no problem.
I am really impressed with the build btw.... It is very stable and very fast
Here is my problem
I have setup an inbound connection on a Windows 7 host for PPTP VPN so that all of my mobile internet traffic is transparent and routes through my personal Fiber connection. The connection itself works great and I can connect my handset via its mobile data connection no problem to the VPN and all traffic from the handset goes through the VPN. However, if I enable WIFI Tethering the handset is still ok however, any devices connecting to the hotspot can connect ok but can't go anywhere. I did notice yesterday that it does seem to resolve internet DNS queries and a tethered device can ping the VPN assign DHCP address of the connected hotspot handset but no other IPs on that subnet
I have tried the following supplimenting tun0 with ppp0 as per the attached screen shot and I tried to attempt doing it the second way too however, when I do an ip rule show I don't get a specific table setting for tethering so that was a no go.
Here are the instructions that I followed from - http://forum.xda-developers.com/showthread.php?t=1766020&page=2
My setup:
- Samsung Galaxy Note Ics 4.0.4
- Openvpn for Android ( does not need root, might work with other vpn)
- Active data connection
- wifi tethering (should work also with usb)
Prerequisites:
- a root-ed phone
- a terminal
You need to issue 3 commands:
0) launch terminal and become root
yourprompt> su
yourprompt#
1) allow FORWARDING of vpn data (this will allow ALL forwarding)
yourprompt# iptables -A FORWARD -j ACCEPT
2) change NAT to MASQUERADE from ALL interfaces
yourprompt# iptables -t nat -A POSTROUTING -j ACCEPT
3) route traffic in specific tethering routing table
3a) see table for tethering (in my setup is table '60')
yourprompt# ip rule show
3b) add your private address (myne is 172.16.0.0/16) to the tethering table
yourprompt# ip route add 172.16.0.0/16 dev tun0 table 60
Think this is slightly overcomplicated. Here is a more simple method that should work for everyone:
Download a terminal client, e.g. ConnectBot and connect to your local shell.
Enter `su` to become root. (Double check with whoami afterwards).
Enable wifi tethering and ensure your data connection is working (connect to VPN)
Run `netcfg` and note your interface names (typically tun0 and wlan0 (ignore m.wlan0 or similar, only take the one with a real mac address), as is on my SGSII)
Double check the subnet for your wlan0 device and enter the following commands:
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
(setup a postrouting entry for the tethered devices subnet, implementing NAT)
iptables -A FORWARD -j ACCEPT -i wlan0 -o tun0
forward packets from tethered devices across the tunnel
iptables -A FORWARD -j ACCEPT -i tun0 -o wlan0
forward packets from the tunnel to the tethered devices
and here is my netcfg and 'ip rule show'
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Any help would be really appreciated guys.
I could not get this to work on my phone either. Rooted Samsung Captivate with Slim Beans 3.1.
I found the issue was that the IPTABLES on my phone are too complicated for this to work. By using the -A flag, the rules are only appended to the end of the FORWARD table, which means the packets were being discarded due to another rule before they could get to these new rules. Instead, I used the -I to place the rules as 1 and 2 in the IPTABLE. It then worked like a charm. I took these 3 lines and put them in an init.d script so that they are added at startup.
Code:
#!/system/bin/sh
iptables -A POSTROUTING -s 192.168.43.0/24 -j MASQUERADE -t nat
# (setup a postrouting entry for the tethered devices subnet, implementing NAT)
iptables -I FORWARD 1 -j ACCEPT -i wlan0 -o tun0
# forward packets from tethered devices across the tunnel
iptables -I FORWARD 2 -j ACCEPT -i tun0 -o wlan0
# forward packets from the tunnel to the tethered devices
I'm sure there is some downside to having done it this way. If someone wants to help me do it better, I'm all ears. Also, if anyone wants me to spell this out in more detail, just ask and I'll edit the post
I tried doing this the other day surprisingly I personally just gave up and logged into the VPN on the laptop instead of the phone and it worked fine. Quite interesting it's the iptables ruleset which causes the issue, I just figured it was something to do with how the hotspot acts.