this post was submitted on 06 Oct 2024
32 points (97.1% liked)

Selfhosted

40677 readers
166 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I have a home setup with private services and Wireguard to phone in from outside, and would sometimes like to be able to access some of these services from devices that don't have their own Wireguard client like an eBook reader.

Ideally, I would have Wireguard on my Android phone, create a WiFi hotspot and allow other devices to use that Wireguard connection. Out of the box this doesn't work. Does anybody know how to achieve it?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 2 months ago (2 children)

You can (basically) only do this with a rooted phone. There are some permissions issues that prevent the hotspot network adapter from being shared over the VPN client otherwise. This article from Proton is just an ELI5 splainer, you can go deeper with some searches.

If you have root and/or a custom ROM already (which usually assumes root) it's not that complicated.

[–] [email protected] 1 points 2 months ago

Couldn't you just use termux or similar to run a tunnel using SSH to the interface?

Or simply set up a socks listener and forward that IP:port to the IP of the WG interface?

[–] [email protected] 4 points 2 months ago (1 children)

Thanks for the link. I am on Graphene, and if a fellow poster in here is correct that doesn't help. Bummer.

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago) (1 children)

Yeah sorry I don't have experience with Graphene but a quick search seems to say root is very difficult with it. Maybe look into flashing a different custom ROM if you really need this.

One thing I've done quite a bit is use my travel router (I have a GL-Inet Slate but there are lots of options) to repeat my hotspot, then connect all my devices via the router. And set the VPN up on the router. This way everything going out over the hotspot is encrypted anyhow.

For my needs, I can power the Slate by plugging it into my laptop or even my phone via usb-c. It's very portable and versatile. Ymmv.

[–] [email protected] 3 points 2 months ago (1 children)

Thanks for the ideas. I'll consider it, although my use case doesn't really warrant carrying a router around.

[–] [email protected] 1 points 2 months ago (1 children)

Granted, you're using a home setup. But you could still consider setting up the VPN on a central AP and repeating your hotspot through it to make everything going in and out of your network encrypted and more secure. None of your actual traffic (besides what your phone is emitting) will be in the clear, which is better than nothing.

Almost any router with VPN and repeater options will accomplish this if you don't wanna root your phone. I've flashed OpenWRT on the equivalent of router potatoes over the years. It's pretty straightforward.

[–] [email protected] 1 points 2 months ago

I agree, it's a good solution. Just not worth the downsides for my situation currently.