05 Initial FEAT VPN Setup

05 Initial FEAT VPN Setup

The following screen shot shows the main screen of FEAT VPN on Android phones.

The main screen on Android tablets looks slightly different, as can be seen in the following screen shot. It has an additional button.

To start the configuration process, push the Setup button. The button works slightly differently on Android phones and Android tablets. On Android tablets, this button takes you to the setup screen, which is described in the next section, L2TP Configuration. On Android phones, the button skips the setup screen and takes you directly to the test screen, which is described further down in the section Self Test. So, if you have an Android phone, then please skip the next section and skip forward to the section Self Test instead.

L2TP Configuration (Android Tablets Only)

This section only applies to Android tablets. If you use FEAT VPN on an Android phone, then please skip this section and move on to the section Self Test.

As outlined in the section Underlying Technology, FEAT VPN acts as a VPN protocol translator between L2TP and the OpenVPN protocol. The idea is that the built-in L2TP client establishes an L2TP connection to FEAT VPN - and now we tell it, how to accomplish that. To the built-in L2TP client, FEAT VPN looks like an L2TP server that runs locally on the device. In other words, FEAT VPN looks like an L2TP server with an IP address of 127.0.0.1 or a DNS name of localhost, respectively. The initial setup of FEAT VPN thus requires us to configure an L2TP connecting in the built-in L2TP client accordingly.

Pushing the Setup button takes you from the main screen to the setup screen, which is shown in the following screen shot.

The setup screen describes in detail what needs to be done. It breaks the process down into ten simple steps and each step is illustrated by a screen shot. Scroll horizontally and, if needed, vertically to review the given ten steps. In a nutshell, here is what the ten steps accomplish:

  • Create a new L2TP connection with the built-in L2TP client
  • Set the name of the L2TP connection to Feat and the L2TP server to localhost
  • Save the new L2TP connection
  • Return to FEAT VPN by pushing the back button of your device

You could open the built-in L2TP client via Settings > Wireless & networks > VPN settings, but the Start button on the setup screen provides a shortcut. Push it to bring up the built-in L2TP client. Then configure the L2TP connection as described.

After you configured the L2TP connection and pushed the back button to return to FEAT VPN, push the Test button on the setup screen, which takes you to the test screen.

Self Test

The following screen shot shows the test screen.

The test screen essentially provides an extended version of the checks described under Device Problems in the section Startup. A total of 20 tests is run, including tests that establish a test VPN tunnel to our test VPN server. Please make sure that your device is connected to the Internet before running the tests.

Manual Test Connection (Android Tablets Only)

This section only applies to Android tablets. If you use FEAT VPN on an Android phone, then please skip this section and move on to the section Test Description.

The first four tests run automatically, but then your assistance is required and FEAT VPN automatically switches from the test screen to the test connection screen, which is shown in the following screen shot.

It looks a bit like the setup screen in that it outlines a few steps that need to be taken in the built-in L2TP client. This time there are four steps and, again, they are illustrated by four screen shots. Again, scroll horizontally and, if required, vertically to review the four steps. In a nutshell, here is what needs to be done:

  • Establish the previously configured L2TP connection
  • Use test as the user name and x as the password.

Again, the Start button is a shortcut and pushing it brings up the built-in L2TP client. Push it and establish the L2TP connection as described. Once the built-in L2TP client starts connecting to the L2TP server provided by FEAT VPN, the test screen becomes active again and the remaining tests are run.

Test Description

While the tests are running, push the Stop button at any time to abort. Here is what the individual tests do:

L2TP Protocol. Tests the implementation of L2TP on your device. Test failure means the same as Code M01 under Device Problems in the section Startup. See there for more information. In a nutshell, if this test fails, then your built-in L2TP client claims to support L2TP, but does not. As L2TP support is essential for FEAT VPN to work, this unfortunately means that you are not able to run FEAT VPN on your device.

IPv6 Addressing. Tests, whether your device is IPv6-ready. Test failure means the same as Code M02 under Device Problems in the section Startup. See there for more information. In a nutshell, you may run into DNS resolution problems under very specific and rare circumstances.

Reverse Path Filter. Tests, whether a feature of the Linux kernel is enabled that breaks any VPN app on your device. We have never seen this test fail. Please let us know in our support forum, if this test fails for you.

System Property Table. Tests, whether the system property table has space left for the built-in L2TP client to store its settings. Test failure means the same as Code M04 under Device Problems in the section Startup. See there for more information. In a nutshell, you probably are unable to connect the built-in L2TP client to FEAT VPN unless you are able to free up space in the system property table of your device.

L2TP Connection 1 of 2. This test waits for the built-in L2TP client to connect to FEAT VPN. It succeeds as soon as it receives the first L2TP packet from the built-in L2TP client. So, it tests, whether the built-in L2TP client is able to initiate an L2TP connection with FEAT VPN. So far, we have seen this test fail only if the previous test, System Property Table, also fails. So, the recommended fix for that test applies. If it fails on your device and the previous test does not fail, then let us know in our support forum, you are on to something.

L2TP Connection 2 of 2. This test succeeds as soon as the L2TP connection with the built-in L2TP client is fully established. So, it tests the handshake between the built-in L2TP client and the on-device L2TP server of FEAT VPN. If this test fails, then either the built-in L2TP client or FEAT VPN sends an unexpected L2TP packet during the handshake on your device. Please let us know in our support forum. This should be easy to fix.

Intercepted UDP Ping / Download / Upload. These three tests determine whether UDP packets can be sent through the established L2TP connection. Ping sends a single UDP packet in both directions through the L2TP connection. Download sends multiple UDP packets through the L2TP connection from FEAT VPN to the built-in client. Upload sends multiple UDP packets through the L2TP connection in the opposite direction. On some Android 2.1 devices the Upload test fails because of a memory (accounting) leak in the L2TP implementation in the Linux kernel. If you are planning to use an application via the VPN that sends a lot of UDP packets through the L2TP connection, then this application may not work on your device. If you run into problems with UDP-based applications, then please let us know in our support forum.

Note that the leak also affects ICMP-based applications. So, if you ping a remote IP address through the VPN tunnel and get error messages after a few successful pings, then this may very well be a manifestation of this problem.

Bypass UDP Ping / Download / Upload. These three tests are similar to the previous three tests. However, they do not send UDP packets through the L2TP connection, but around the L2TP connection. If Upload failed in the previous three tests, then it should also fail here. If Download or Upload fail for these tests only, then don't worry. These two tests are proactive sanity checks and the functionality tested by these two tests is not currently used by FEAT VPN.

Bypass TCP Ping / Download / Upload. These three tests are like the previous three tests, just for TCP instead of UDP. They send TCP data via a TCP connection through the L2TP connection instead of UDP packets. Again, do not worry about failure of Download or Upload here.

Bypass DNS Lookup. This test is similar to the Bypass UDP Ping test. It is a real world version of this test. It performs a DNS lookup around the L2TP connection. If this test fails, please make sure that your device is connected to the Internet. This is the first test that assumes that you are connected. If the Internet connection works and the test still fails, then let us know in our support forum.

Bypass HTTP Request. This is a real world version of the Bypass TCP Upload and Download tests. It performs an HTTP request around the L2TP connection. If this test fails, please make sure that your device is connected to the Internet. If you are connected and this test still fails for you, let us know in our support forum.

VPN Tunnel. So far the tests only concerned the L2TP connection between the built-in L2TP client and FEAT VPN. The L2TP connection is the most complex part of FEAT VPN - and this is why there are that many tests for it. In contrast, this test is concerned about OpenVPN tunnels. It starts OpenVPN and tries to establish an OpenVPN tunnel to our test OpenVPN server. If it fails, it means that the OpenVPN tunnel could not be established. Please make sure that your device is connected to the Internet. If it is and this test still fails for you, then please try again a few minutes later, our test OpenVPN server may be temporarily unavailable. If the test keeps failing, then please let us know in our support forum.

VPN DNS Lookup. The complement to Bypass DNS Lookup. The DNS lookup is not routed around any VPN tunnel, but through the L2TP and OpenVPN tunnels, through the NAT on our test OpenVPN server, to a DNS server. This is the first end-to-end test in the test suite. If it fails for you, then please try again a few minutes later, our test
OpenVPN server may be temporarily unavailable. If the problem persists, please let us know in our support forum.

VPN HTTP Request. The complement to Bypass HTTP Request. Similar to the previous test, the HTTP request is not sent around any VPN tunnel, but end-to-end through the L2TP and OpenVPN tunnels to the IP address of the remote tunnel endpoint on our test OpenVPN server. If this test fails for you, then please try again a few minutes later to rule out a temporary problem with our test OpenVPN server. If the problem persists, please let us know in our support forum.

If one or more of the tests fail, FEAT VPN asks you to send us the FEAT VPN log. Please do so. It contains valuable information about the problem, which helps us to investigate it. Please also consider sending us the FEAT VPN log, if all tests pass. In this case, the log tells us that all tests passed on the Android device of your specific
make and model with your specific Android version. We regularly test FEAT VPN on more than 25 representative devices across multiple vendors and Android versions, but otherwise very similar devices can exhibit subtle differences. Having your log, even if all tests passed, allows us to obtain a more detailed picture of the robustness of FEAT VPN across all Android devices. This can then inspire future improvements to FEAT VPN.

Once the tests are finished, the Run button restarts the tests. The Send button opens your email client so that you can easily send us the FEAT VPN log from your device via email. The FEAT VPN log is a simple text file compressed with gzip that is transmitted as an email attachment. Open it and take a look, if you are interested.

Finally, push the Exit button to return to the main screen. You have successfully set up FEAT VPN.