https://github.com/Mygod/VPNHotspot/compare/v2.19.1...v2.19.2/

Connecting things to your VPN made simple. Share your VPN connection over hotspot or repeater (root required). This app is useful for: - Connecting devices that don't support VPNs (e.g., Chromecasts) behind corporate firewalls. - Setting up GApps behind corporate firewalls. - Connecting to your mobile hotspot without the hassle of setting up a VPN on your device. - Identifying, monitoring, and blocking (unwanted) clients. - Bypassing tethering limits by: - (Recommended) Using this app with a real VPN/socksifier. - Using this app with ad-blocking or DNS apps that use the system VPN service APIs (i.e., fake VPNs). See troubleshooting or a list of compatible apps. - Trying your luck and simply using this app. P.S. The same can be done on Windows, Mac, and iOS. Windows 10 may not work with hosted network now that Mobile hotspot has been introduced. Features That Require System App Installation The following features require the app to be installed under /system/priv-app due to restricted permissions. One way to do this is to use App Systemizer for Magisk. - (Android 8–10, since app v2.4.0) android.permission.OVERRIDE_WIFI_CONFIG: Read/write system Wi-Fi hotspot configuration. Installing as a system app also has the side benefit of launching the root daemon less frequently, thanks to the privileged permissions listed below: android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS android.permission.LOCAL_MAC_ADDRESS android.permission.MANAGE_USB android.permission.OVERRIDE_WIFI_CONFIG android.permission.READ_WIFI_CREDENTIAL android.permission.TETHER_PRIVILEGED android.permission.WRITE_SECURE_SETTINGS Whenever you install an app update that adds a new protected permission (last updated in v2.17.1), you should also update the version installed in /system so that the system grants the privileged permission. Settings and How to Use Them Default settings are chosen to suit general use cases and maximize compatibility, but they may not be optimal for battery life. Upstream - Upstream network interface: Main upstream regex used to reroute traffic. Leave blank for auto-detection of the system VPN (allow this app to use the VPN, or bypass it for certain traffic). Enter none (or a^ or another invalid entry) to suppress tethering VPN. - Fallback upstream: Used when a VPN leaves certain routes to fall back to the default network interface. Leave blank for auto-detection. Enter none (or a^ or another invalid entry) to forbid fallback. Enter another interface name if desired. - (Android 12+) Platform-managed IPsec tunnel VPNs (e.g., Pixel VPN, some VpnManager/IKEv2 profiles) may need a compatibility workaround. VPN Hotspot updates the live IPv4 tunnel forwarding policy while sharing and relies on Android to recreate the stock policy when the tunnel is rebuilt. Downstream - IPv4 Masquerade Mode: - None: No address/port remapping from downstream. This sometimes works better for dummy VPNs (e.g., ad-blockers, socksifiers like Shadowsocks) than Simple mode. Do not use this for real VPNs like OpenVPN. - Simple: Source address/port from downstream packets are remapped. - Android Netd Service: Let the system handle masquerade. Android will do extra work to support FTP and tethering traffic counters. Avoid this if trying to hide tethering activity from your carrier. - IPv6 mode: - System: Leave IPv6 handling to the platform/system routing setup. - Block: Prevent IPv6 leaks on downstream interfaces. - NAT: Assigns a deterministic app-owned ULA /64 to the downstream and proxies IPv6 TCP/UDP plus best-effort ICMPv6 through a shared root daemon. This is not full packet NAT and does not forward arbitrary IPv6 next-header protocols. This mode operates in userspace, so performance may be degraded. - Tethering hardware acceleration: Shortcut to the same setting in system Developer options. Turning this off is likely necessary for VPN tethering over system tethering to work, but may decrease battery life while tethering is active. Misc - Keep Wi-Fi alive: Acquires Wi-Fi locks when repeater, temporary hotspot, or system VPN hotspot is activated. - System default (default): Saves battery life. - Disable power save: Reduces packet latency. Example: keeping a voice connection active when the screen is off. May improve call quality. Requires hardware support. Deprecated in Android 14 (auto-replaced with "Low latency mode") due to power dissipation impact. - Low latency mode: Optimizes for reduced latency, but may result in: 1. Reduced battery life. 2. Reduced throughput. 3. Less frequent Wi-Fi scanning (may affect roaming, signal-based AP switching, and location accuracy). Example use cases: real-time gaming or VR. Requires hardware support. Note: Requires the app to be in the foreground with the screen on. - Start repeater on boot: Self-explanatory. - Repeater safe mode: (Android 10, March 2020 security patch or newer) You may need to disable this to use a short SSID (at most 8 bytes). Unsafe mode may not work on your device and carries a small risk of a soft brick (recoverable). - Use system configuration for temporary hotspot: (Android 11+) Attempts to start a temporary hotspot using the system Wi-Fi hotspot configuration. Likely functional only on Android 12+. Enabling this also prevents other apps from using the local-only hotspot functionality. License Apache 2.0