The results of your test and your Wireshark captures are to be expected.
The short answer is, from the terminal of the phone enter the following…
sudo iptables-legacy -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
The above command should resolve your issues as it will rewrite the MSS value on all SYN packets being forwarded through the phone based on the MTU of the phone’s interface.
Should you wish/need to remove the rule it’s almost identical except change -A to -D …
sudo iptables-legacy -D FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
The phone and the laptop are not issuing exactly the same request, it’s clear in the Wireshark captures. Specifically look at the MSS value.
Your laptop is declaring MSS to be 1460 while the phone is declaring MSS to be 1424. Your laptop is determining it’s MSS value based on the MTU of it’s interface which is 1500, it knows nothing of the MTU of any interfaces further along the pipe. The phone is declaring it’s MSS value to be 1424 based on the MTU of it’s interface which is 1464.
pinging from your laptop without the -M do (the “Don’t Fragment” bit) ping is just handling the fragmented packets as needed so is to be expected that ping will work. I would have also expected ping from the phone without -M do to fail, maybe it has different defaults and DF bit is set by default.