Configuring Teredo In Windows

Configuring Teredo In Windows


This video will look at how to configure Teredo on Windows. If your Windows computer does not have a native IPv6 connection, Teredo can be configured, which will allow Windows to access the IPv6 network using its IPv4 connection.

Download the PDF handout:

Network Setup
00:16 Depending on the environment you are using, the way you configure Teredo may change. This is because Teredo works differently if it is configured on a computer that is in a domain and a computer that is standalone. In this video, a domain computer that is on a home network will be configured. This will demonstrate all the problems that you may encounter configuring Teredo on your network. In this example, the home network will only have IPv4 support and thus a transition protocol will be required in order to access the IPv6 internet.

Demonstration
00:58 Teredo has been available in Windows since Windows XP. The procedure for enabling it or disabling is the same regardless of which version of windows you are using. On the client version of Windows after Windows Vista it is enabled by default. Before Windows Vista, Teredo was disabled and had to be enabled. Currently, in Windows 10 it is enabled by default, however, as the internet becomes more IPv6 ready, in future versions of windows it may be disabled by default. In the case of Windows Server, Teredo is disabled by default.
01:16 To view the current network configuration, right click on the start menu and select the option “Network Connections”.
01:27 To see the network connection of a network adapter, right click the adapter and select Properties. In this example there is only one network adapter which is Network 2.
01:35 Scrolling through the protocol list, “Internet Protocol Version 6 (TCP/IPv6)” is ticked. In order for Teredo to work, IPv6 needs to be ticked and thus enabled. Also “Internet Protocol Version 4 (TCP/IPV4)” needs to be ticked. Other protocols like ISATAP do not require the IPv6 protocol, however as we will see later in the video, Teredo requires the IPv6 protocol in order to operate.
01:51 To see the properties of IPv6, make sure the “Internet Protocol Version 6 (TCP/IPv6)” is ticked and press the Properties button.
01:55 By default, IPv6 will be configured to “Obtain an IPv6 address automatically” and “Obtain DNS server address automatically”. If IPv6 becomes available, the administrator may decide to configure a static IPv6 address. If this is to occur, Teredo will automatically be disabled. The same will occur if the computer obtains an IPv6 address via DHCP or through Stateless Auto Configuration. Essentially Teredo is designed to be used when no IPv6 network is available, thus if the device is configured with a valid IPv6 address then Teredo is disabled as it is no longer required.
02:27 To configure Teredo, right click the start menu and select “Command Prompt”. If there are any open windows from the previous step, close these windows before opening the command prompt.
02:45 In the output of IPConfig, most likely at the bottom, is a section called “Tunnel adapter Teredo Tunneling Pseudo-Interface”. This section contains the configuration for Teredo. This will show the current IP Address being used by Teredo, Link-local address and gateway. If Teredo has not been configured “Media State” will be shown as “Media Disconnected”. If the computer is configured with an IPv6 address, Teredo will automatically be disabled and thus may not appear.
03:08 In Windows 10, Teredo is enabled by default and an IPv6 address will be shown. This IPv6 address contains the Teredo server IPv4 address, Teredo Client IPv4 address and other Teredo configuration options. Later in the video the Teredo address will be looked at in more detail.
03:25 To test the Teredo connection, run the command “Ping -6 google.com” or another address of your choosing. In this case, Teredo is enabled, however, the command returns “Destination host unreachable”. Teredo is configured by default, however, the default configuration points to a Microsoft Teredo server that is no longer in use.
03:45 To configure a new Teredo server or change to another Teredo configuration, run the command “NetSH”. NetSH or Network Shell is a command line utility that allows configuration of local or remote Windows computers Once NetSH is running, the command line will change to “netsh”.
04:00 From the netsh prompt, run the command “Interface Teredo”. Once the command has run, the command prompt will change to “netsh Interface Teredo>”. Future commands run under this prompt will affect the Teredo interface only.
04:14 To show the current configuration of Teredo, run the command “Show State”.
04:19 In the state output for the Teredo client is a parameter called Type. If Teredo is enabled this will be shown as “client”. If Teredo is disabled it will be shown as “disabled”.
04:25 To disable Teredo, run the command “Set State Disabled”. Once this command is run, if “Show State” is run again the type will have changed to “disabled”.
04:46 By default, Windows may be configured to use the server “win10.ipv6.microsoft.com”. This server has been shut down by Microsoft and must be changed to a working server before Teredo will work. To check which server Teredo is currently configured to be used, run the command “Show State”. Microsoft shut down the Teredo server as they originally deployed it to prompt the use of the IPv6 protocol. With estimates as high as 20% usage of the IPv6 protocol, this have been achieved.
05:32 To enable Teredo, run the command “Set State Client”. On some versions of Windows, Teredo will be disabled by default and this command will need to be run.
05:35 To enable Teredo and configure a server, run the command “Set State Client” followed by a Teredo server. In this example the command run was “Set State Client teredo.trex.fi”. In order to find a working Teredo server, you may need to perform a Google search. Your ISP may also have a Teredo server running that you can use. This command can also be used to configure ports and other flags that Teredo will use.
05:50 To exit out of NetSH, run the command “Quit”.
05:56 To test Teredo, run the command “Ping -6 Google.com”. If Teredo does not work, try disabling and enabling the network adapter or restarting the computer.
06:18 To disable and enable the network card, right click on the start menu and select the option “Network Connections”. Once network connections is open, right click on the network connection and select the option “Disable”. This will disable the network connection. Once disabled, right click on the network adapter again and select the option “Enable”. This will enable the network connection and force Teredo to restart.
06:38 To test Teredo, run “Ping -6 google.com” from the command prompt. A response from Google should be received. If not, restart the computer and try again.
06:50 To have a look at the Teredo configuration, run the command IPConfig.

Teredo Address
07:05 A Teredo address contains a lot of information. This information is used to assist routing the Teredo traffic. In this case the Teredo address will be divided into five parts as follows:
Prefix: The first 32 bits of Teredo addresses always start with 2001:0000. When traveling over an IPv6 network, this allows IPv6 to determine that it is a Teredo address.
Teredo IPv4 server: The second part of the Teredo address is the IPv4 Teredo server that is being used. This is 32bits long which is the same length as an IPv4 address. The address is obfuscated which in this case means 1 bits are changed to 0 bits and 0 bits are changed to 1 bits. This makes it hard for humans to read the 32bits, however, computers do not have any problems. The Teredo server that was set earlier using NetSH is the address that will be seen here. In this example, c38c:c38C when the bits are inverted gives 3c73:3c73. Each pair of hexadecimal values is converted into decimal. So 3c becomes 60. 73 becomes 115. In this case the address repeats itself so the next 3c becomes 60 and the last 73 becomes 115 giving an IP Address 60.155.60.115.
Flags: These are flags used by Teredo. For example, one of the flags is if NAT is being used or not. The administrator generally does not need to worry about these options as the operating system will configure them.
UDP Port: The UDP port is the external port used by the NAT device to access the internet. By having the port inside the address, this is what allows the traffic to be delivered back to the original device. A NAT device allows multiple devices to share the same IP Address. By knowing the port that was used, this allows Teredo to be used by many devices behind NAT. This is what makes Teredo different from other IPv6 transition technologies. In this case, the UDP port is 24b8. The port is obfuscated and needs to be inverted giving the hexadecimal value DB47. If the value is changed to decimal this would be 56,135. Thus the UDP port is 56,135.
Client Public IPv4: This is the IPv4 address used to access the internet. If a NAT device is being used, the IPv4 address will be the public IPv4 address of the NAT device. In this example, the address is 276f:134d. The address needs to be inverted which gives d890:ecb2. Converting each part to decimals gives the following: D8 = 216, 90 = 144, ec = 236 and b2 = 178. This results in an IP Address of 216.144.236.178.

Demonstration Group Policy
08:30 To modify local Group Policy, you need to run GPEdit.msc. This can be run from the command prompt or from the start menu.
08:38 Once Group Policy editor has opened, expand down to “Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies”.
08:52 There are five Group Policy settings that can be configured. These are as follows:
Set Teredo Client Port: By default, Teredo will choose a random port. The administrator is able to configure only one port. If this option is used and the port is already in use by another device, Teredo will fail to initialize.
Set Teredo Default Qualified: By default, the Teredo client will enter a dormant state when not in use. This Group Policy setting allows this to be changed so that the Teredo client is always active and ready to go.
Set Teredo Refresh Rate: This configures how often an IPv6 solicitation message is sent from the Teredo client to the Teredo server. By default, this will be every 30 seconds.
Set Teredo Server Name: This is the Teredo server that will be used.
Set Teredo State: The Teredo State once enabled can be configured to four different options. 1) “Default State” will configure Teredo State to the default for Windows. For example, for Windows 10 and Vista it will be enabled but for Windows XP it will be disabled. 2) “Disabled State” will disable Teredo so it cannot be used. 3) “Client” will enable Teredo, however, if the computer is in a domain and a domain controller is contactable, the Teredo client will not work. 4) “Enterprise Client”. If this option is selected, if the computer is in a domain and a domain controller is contactable, Teredo will still be used.

References
“Teredo Components” https://msdn.microsoft.com/en-us/library/windows/desktop/bb968770(v=vs.85).aspx

Credits
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Companion Document: Phillip Guld https://philguld.com
Video Production: Kevin Luttman http://www.KevinLuttman.com
Quality Assurance: Brett Batson http://www.pbb-proofreading.uk