Here's what I've got going on.....

I'm USB tethering a phone directly to my Linux Mint machine.  Works fine.

I can enable WIFI hotspot through my machine's wireless adapter and broadcast through the house.  Works fine.

I go to terminal and connect to my VPN service.   Works fine on the machine, but any devices connected through the hotspot loose connectivity.

I'd like to provide blanket VPN coverage for all devices on the network.  What am I doing wrong?


Extra Credit Question:  How do I change the TTL value permanently so that the the Linux box is equal to my phone?

Looks like you already realized the issue is probably the TTL on the packets. It's odd that it's happening with the VPN, as the host machine should be doing the VPN and the clients tunneling through that. If they don't, then they'll have a different TTL and of course get detected and dropped by the carrier.

iptables will do what you want:

iptables -t mangle -A POSTROUTING -j TTL --ttl-set 65


You can of course change the 65 to whatever your TTL target is.

I can see the network from the other machines.  They can connect, but with no internet.  Shortly after they get booted.  Your right, it sounds like TTL.

If I leave VPN off of the host machine and connect to a VPN through a laptop on the hotspot, it works fine on the laptop.   The bottleneck seems to be the host machine with the VPN on.

So do I need to change the TTL values for every machine or just the host?  I want the host to be 65 so that the cell tower thinks it's my phone and won't throttle my hotspot speed.

You want the host to route the packets for all the other machines, and change the TTL on just the host for all routed packets.

Ideally you'd have the host handle the VPN routing as well in which case you don't have to touch any clients.

There's tutorials on configuring for routing via tether, probably best to follow those than put it together yourself piecemeal here.