Changes in ae12962: Updated tethering.md

				tethering.md
			
          @@ -4,41 +4,38 @@

           # What?

           Let's say your mobile operator charges extra for, or caps, your wifi-sharing tethering data. That doesn't seem fair, now does it? Doesn't cost them any more just because the data's going to/from a laptop, so why should it cost you?

           Where there is a will, there is a way.

          -

           # How?

           If you can send all your thether data through an app, then it's not tethering data any more, is it?

           No. No it is not.

          -

           # So a VPN, right?

           If you run your own VPN service and you can find a phone VPN app that lets you connect to it from wifi tethered devices, then yeah, do that.

           Otherwise, don't - commercial VPN providers are [sketchy as fuck](https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30).

          -

           # SSH

           As usual, SSH to the rescue.

           You're gonna need a machine you can ssh to from the internet, an android mobile, and a copy of [JuiceSSH](https://juicessh.com/) (other ssh clients may also work, but Juice is excellent).

           Apple mobiles ain't gonna work for this - Apple decided a long time ago that long-running backgrounded network apps aren't allowed. Why? Because battery life, and fuck you, that's why. 

          -

           # Setup

           Nothing in particular on the phone or the SSH host - just set up a SOCKS port-forward in JuiceSSH, point it at your SSH machine and you're laughing. The SOCKS proxy will be listening on whatever port you specify (8080 is traditional), and will be reachable from wifi-tethered devices. The sshd defaults on Fedora, Debian, Ubuntu et al are fine.

           The setup on the laptop's a bit more particular though...

          -

           # Laptop

           To avoid sending any data through the phone that isn't going through the proxy, you'll need to hobble the network a bit. This is on OSX, but similar should work elsewhere too.

          -

           ## Connect

          -Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route.

          +Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route. The network range seems to be completely stable on android, so we can just set a static IP below, and the phone (the router) is always on the .1 address.

           Now disconnect.

           ## Create a new Location

           Create a new Location in System Preferences -> Network -> Location -> Edit Locations

           Switch off DHCP, and set IPv6 to link-local only.

          -Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0 (probably); and most importantly, **leave the default route blank**. Leave DNS blank as well - we don't need it.

          -

          -## Run Firefox

          +Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0; and most importantly, **leave the default route blank**. Leave DNS blank as well - we don't need it.

          +# Browse

           Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go, so the whole thing breaks.

           Firefox will happily use the SOCKS proxy for DNS, so that's what we're going to use.

          -In Preferences -> Network set the SOCKS proxy to the default route IP you got above (which will be the phone's IP - usually 192.168.xxx.1), port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.

          -

          -# Go!

          +In Firefox -> Preferences -> Network set the SOCKS proxy to the default route IP you got above, port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.

          +# SSH

          +You can SSH through your tether proxy with:

          +`ssh -o ProxyCommand='nc -x 192.168.xxx.1:8080 %h %p' ssh.target.host`

          +# Slack

          +Doesn't work. That's a feature.

          +# Relax

           That should be about it. When you want to browse tethered, fire up wifi sharing on the phone, start the port forward on JuiceSSH, and set the Location on the laptop to the one you set up above.

           In OSX, you'll get a '!' warning on the wifi icon, because it'll think your network's broken (which it kind of is with an unset default route), but that's OK.

          \ No newline at end of file

...	...	@@ -4,41 +4,38 @@
4	4	# What?
5	5	Let's say your mobile operator charges extra for, or caps, your wifi-sharing tethering data. That doesn't seem fair, now does it? Doesn't cost them any more just because the data's going to/from a laptop, so why should it cost you?
6	6	Where there is a will, there is a way.
7		-
8	7	# How?
9	8	If you can send all your thether data through an app, then it's not tethering data any more, is it?
10	9	No. No it is not.
11		-
12	10	# So a VPN, right?
13	11	If you run your own VPN service and you can find a phone VPN app that lets you connect to it from wifi tethered devices, then yeah, do that.
14	12	Otherwise, don't - commercial VPN providers are [sketchy as fuck](https://medium.com/@derek./how-is-nordvpn-unblocking-disney-6c51045dbc30).
15		-
16	13	# SSH
17	14	As usual, SSH to the rescue.
18	15	You're gonna need a machine you can ssh to from the internet, an android mobile, and a copy of [JuiceSSH](https://juicessh.com/) (other ssh clients may also work, but Juice is excellent).
19	16	Apple mobiles ain't gonna work for this - Apple decided a long time ago that long-running backgrounded network apps aren't allowed. Why? Because battery life, and fuck you, that's why.
20		-
21	17	# Setup
22	18	Nothing in particular on the phone or the SSH host - just set up a SOCKS port-forward in JuiceSSH, point it at your SSH machine and you're laughing. The SOCKS proxy will be listening on whatever port you specify (8080 is traditional), and will be reachable from wifi-tethered devices. The sshd defaults on Fedora, Debian, Ubuntu et al are fine.
23	19	The setup on the laptop's a bit more particular though...
24		-
25	20	# Laptop
26	21	To avoid sending any data through the phone that isn't going through the proxy, you'll need to hobble the network a bit. This is on OSX, but similar should work elsewhere too.
27		-
28	22	## Connect
29		-Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route.
	23	+Connect to the phone wifi sharing, and run 'ifconfig' and 'netstat -rn' to get your IP and default route. The network range seems to be completely stable on android, so we can just set a static IP below, and the phone (the router) is always on the .1 address.
30	24	Now disconnect.
31	25
32	26	## Create a new Location
33	27	Create a new Location in System Preferences -> Network -> Location -> Edit Locations
34	28	Switch off DHCP, and set IPv6 to link-local only.
35		-Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0 (probably); and most importantly, leave the default route blank. Leave DNS blank as well - we don't need it.
36		-
37		-## Run Firefox
	29	+Set the IP to whatever you got when you connected normally; subnet mask to 255.255.255.0; and most importantly, leave the default route blank. Leave DNS blank as well - we don't need it.
	30	+# Browse
38	31	Chrome, Safari, et al use the system proxies, and that doesn't work - DNS has nowhere to go, so the whole thing breaks.
39	32	Firefox will happily use the SOCKS proxy for DNS, so that's what we're going to use.
40		-In Preferences -> Network set the SOCKS proxy to the default route IP you got above (which will be the phone's IP - usually 192.168.xxx.1), port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.
41		-
42		-# Go!
	33	+In Firefox -> Preferences -> Network set the SOCKS proxy to the default route IP you got above, port 8080, SOCKS v5, and select 'Proxy DNS when using SOCKS v5'.
	34	+# SSH
	35	+You can SSH through your tether proxy with:
	36	+`ssh -o ProxyCommand='nc -x 192.168.xxx.1:8080 %h %p' ssh.target.host`
	37	+# Slack
	38	+Doesn't work. That's a feature.
	39	+# Relax
43	40	That should be about it. When you want to browse tethered, fire up wifi sharing on the phone, start the port forward on JuiceSSH, and set the Location on the laptop to the one you set up above.
44	41	In OSX, you'll get a '!' warning on the wifi icon, because it'll think your network's broken (which it kind of is with an unset default route), but that's OK.
...	...	\ No newline at end of file