USB Reverse Tethering No Root Android & Linux - Automatic Mode

This guide allows you to share the Internet connection of a Linux PC with your smartphone via a common USB cable that is also charging your phone. This is useful if you can not or want to use the WIFI on your smartphone and you do not want to consume traffic from your data plan. A good reason to limit the use of wireless connections on your phone is the electromagnetic pollution hitting your body. But that's another story.
The important thing about this guide (uncommon on the web with Linux machines) is that it is not required that your phone is rooted. Then, I repeat it, all works without Rooting your precious smartphone. Unfortunately, this involves that some apps (but not the most important) require the fictitious use of the data connection at least, because you can not install Xposed modules to workaround the stupid limitations of these apps. But this is the lesser evil.
This guide as it is, it requires at least an Android version 5 smartphone and a Debian based Linux PC with an ARMv7 CPU (e.g. I use Armbian) as the Orange Pi PC (that is a "miniPC" for less than 20 EUR which consumes less than 5 Watts). To run on an ordinary desktop PC or notebook with an x86 64bit CPU and e.g. Ubuntu installed, simply replace in the below commands "adb-arm" with "adb-x86" (or install Android Debug Bridge at least version 1.0.32, check with "sudo apt-get install android-tools-adb && adb version"). Instead, to work with Android versions lower than 5, some workarounds must be introduced by installing an ssh-server on the smartphone (because it is not supported the "reverse" option of "adb") but for the moment I will not treat here. Update: for a tutorial that works on all Android versions see here.

Initial configuration

Firstly enable "USB Debugging Mode" on your smartphone (see here) and install from Google Play Store the app "OpenVPN for Android". Then copy and paste the following in the terminal of your Debian based Linux machine (as Armbian 5.17 on Orange Pi PC in particular, as mentioned above) which it is supposed to be connected to the Internet via the "eth0" interface (check your correct interface via "sudo ifconfig" and then change it below accordingly) and which has no nat rules already configured for ufw:

sudo apt-get update
sudo apt-get install sed ufw openvpn wget
sudo ufw disable

sudo sed -i.bak '/net\/ipv4\/ip_forward=1/s/^#//g' /etc/ufw/sysctl.conf

sudo sed -i.bak 's/DEFAULT_FORWARD_POLICY=\"DROP\"/DEFAULT_FORWARD_POLICY=\"ACCEPT\"/g' /etc/default/ufw

sudo sed -i.bak $'/*filter/i #Added by SalutePc until filter rules\\n#NAT table rules \\n*nat \\n:POSTROUTING ACCEPT \[0:0\] \\n\\n#Forward traffic through eth0 - Change to match you out-interface \\n-A POSTROUTING -s 192.168.7.0\/24 -o eth0 -j MASQUERADE \\n\\n#do not delete the COMMIT line or these nat table rules will not be processed \\nCOMMIT\\n' /etc/ufw/before.rules

sudo ufw allow 22/tcp
sudo ufw enable

sudo openvpn --genkey --secret static.key
sudo cp static.key /etc/openvpn/static.key

cat <<EOT >> android.conf
dev tun
proto tcp-server
port 13444
ifconfig 192.168.7.28 192.168.7.29
resolv-retry infinite
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
secret /etc/openvpn/static.key
comp-lzo
verb 3
EOT

sudo cp android.conf /etc/openvpn/android.conf
wget http://salutepc.altervista.org/alterpages/files/adb-arm
sudo cp adb-arm /root/adb-arm
sudo chmod a+x /root/adb-arm

cat <<EOT >> revtether
#!/bin/bash
su -c "/root/./adb-arm kill-server"
su -c "/root/./adb-arm devices"
su -c "/root/./adb-arm reverse tcp:13444 tcp:13444"
EOT

sudo cp revtether /root/revtether
sudo chmod a+x /root/revtether


cat <<EOT >> smart.conf
# Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
machine-readable-output
verb 4
connect-retry-max 5
connect-retry 5 300
#resolv-retry 60
dev tun
remote 127.0.0.1 13444 tcp-client
comp-lzo
ifconfig 192.168.7.29 255.255.255.255
route 0.0.0.0 0.0.0.0 vpn_gateway
dhcp-option DNS 8.8.4.4
dhcp-option DNS 8.8.4.4
dhcp-option DOMAIN blinkt.de
nobind
persist-tun
#persist-tun also enables pre resolving to avoid DNS resolve problem
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here :)
mute-replay-warnings
resolv-retry infinite
keepalive 10 60
ping-timer-rem
EOT

echo "<secret>" >> smart.conf
sudo cat static.key >> smart.conf
echo "</secret>" >> smart.conf

Copy the file "smart.conf" which is in your Home folder into your smartphone memory. We will need it later. 

Next type on Linux terminal:

sudo lsusb

Connect now your smartphone to your Linux machine via usb cable, and again:

sudo lsusb

You should see a line that is added to the other but that corresponds to your smartphone, similar to this for a Google smartphone:

$ lsusb
...
Bus 002 Device 059: ID 18d1:4e42 Google Inc.

Now take note of the numbers that you see in place of "18d1" and "4e42".
Create the file "/etc/udev/rules.d/51-android.rules":

sudo nano /etc/udev/rules.d/51-android.rules

and copy inside it the following (replacing "18d1" with your matching number):

SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666", GROUP="plugdev"

Then save and exit (Ctrl-0 Ctrl-X). Do the same with

sudo nano /etc/udev/rules.d/53-revandroid.rules

and (replacing both "18d1" and "4e42" with your matching numbers)

ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", ATTR{idProduct}=="4e42" , RUN+="/root/revtether"

Save and exit. Then:

sudo chmod a+r /etc/udev/rules.d/51-android.rules
sudo chmod a+r /etc/udev/rules.d/53-revandroid.rules
sudo service udev restart

Finally open "OpenVPN for Android" and in global "settings" uncheck the option "Reconnect on network change". Then import from the top right icon the file "smart.conf" you had saved earlier. Save the new created profile and later from pencil icon go to "Routing" tab: there select "Use default Routing" in IPv4 menu and exit (on some devices also uncheck "Ignore VPN for local network" if the connection doesn't work at the end). Optionally create an "OpenVPN for Android" widget on your home screen that links to your profile. Reboot your linux machine. Finished.

Running

To connect your smartphone to internet via lan connection of your Orange Pi PC (or of any Linux machine) just connect your smartphone via usb cable to Orange Pi, temporarily enable your phone data connection (2G/3G/4G) and tap on your "OpenVPN for Android" widget (or on the profile name in "OpenVPN for Android" app). If you read "success" somewhere at the top (log screen), you're OK.
You can then disable phone data connection if you use Browsers such as Chrome or many other app such as WhatsApp. 
Anyway some apps (as Gmail, Download etc.) check if a wireless connection (WIFI or 3G) is present at boot otherwise they will not start or work, so they require at least data connection enabled to work. Nevertheless all internet traffic is always routed over the usb connection and therefore your data plan is safe. Furthermore, for the same reason, your body is subjected to a considerably lower electromagnetic pollution. Enjoy!

10/11/2016

- -