Teredo

[ha14]

Hi

Teredo provides IPv6 access in environments otherwise limited to IPv4 and NAT. It enables application developers to deal with NAT traversal by simply using IPv6, instead of relying on a variety of proxying and tunneling techniques.

Teredo tunneled packets are sent as IPv4 UDP messages. Teredo allows nodes located behind an IPv4 NAT to obtain IPv6 unicast connectivity by tunnelling packets over UDP/IPv4. This service has 3 entities: the "Teredo Server", the "Teredo Relay" and the "Teredo client". A Teredo Server is stateless whereas the Teredo Relay keeps a state of each peer. We support the following IETF draft "draft-huitema-v6ops-teredo-00.txt".

Teredo is designed as a last resort transition technology for IPv6 connectivity. If native IPv6, 6to4, or Intrasite Automatic Tunnel Addressing Protocol (ISATAP) connectivity is present, the host does not act as a Teredo client. As more IPv4 edge devices are upgraded to support 6to4 and IPv6 connectivity becomes ubiquitous, Teredo will be used less and less until finally it is not used at all.

Teredo solves the issues of the lack of 6to4 functionality in modern-day Internet edge devices and multi-layered NAT configurations by tunneling IPv6 packets between the hosts within the sites. In contrast, 6to4 tunnels IPv6 packets between the edge devices. Tunneling from the hosts presents another issue for NATs: IPv6 packets that are encapsulated with IPv4 have the Protocol field in the IPv4 header set to 41. Most NATs only translate TCP or UDP traffic and must either be manually configured to translate other protocols or have NAT editors installed that handle the translation. Because Protocol 41 translation is not a common feature of NATs, IPv4-encapsulated IPv6 traffic will not flow through typical NATs. Therefore, to allow IPv6 traffic to flow through one or multiple NATs, Teredo encapsulates the IPv6 packet as an IPv4 UDP message, containing both an IPv4 and UDP header. UDP messages can be translated universally by NATs and can traverse multiple layers of NATs.



In Windows Vista, they implemented Teredo responsibly, using the principle of “least exposure”. In Windows Vista, the user is safe by default because Teredo is subject to special rules in the Windows Firewall. An application will need special permission to use Teredo, different from just “listening on the local network” or even “listening on the regular Internet connections”. By default, no application is authorized, and Teredo does not start. Teredo will only start when the users “opt in” and decide to authorize specific applications. For example, users may authorize applications like Windows Live Messenger if they want to enable direct video conferences between homes. Further, on Windows Vista, enabling Teredo does not expose all applications to the Internet. For example, the file and print sharing services are not authorized to use Teredo – they are meant to be used in the home network, not over the Internet. If no authorized application is currently active, the Teredo service will be placed in a “dormant” state, and the computer will not be visible from the IPv6 Internet.

For application developers, Teredo provides a very simple solution to the NAT traversal problem, using IPv6. For users, Teredo allows deployment of these applications in a controlled manner. Teredo provides IPv6 connectivity without requiring changes to the home routers, home networks, or ISP services. The IPv6 connectivity is properly managed by the Windows Firewall, allowing users and IT managers to control the tradeoff between connectivity and security. This will enable IPv6 applications to be reliably deployed. These IPv6 applications, in turn, will motivate ISPs to offer native IPv6 service, moving to the next phase of the transition to IPv6. Over time, as IPv6 connectivity becomes widely available, Teredo will become unnecessary and might be turned off. But for now, it is a valuable tool for IPv6 transition and provides a lot of value for the home user.


------Windows XP
WARNING: Whatever you do, make sure you have all the latest security patches for remote exploits and your Windows firewall is up, if you use 3rd party, ensure it supports IPv6. Enabling IPv6 will put you on the net, losing any protection you may have had behind your router's NAT. At the moment there are not many attacks over ipv6, but this may change any time.

1)Install
Open the Terminal with Start -> Run -> cmd


netsh interface ipv6 install
netsh interface ipv6 set teredo client
Wait for few moments.



2)Uninstall
netsh interface ipv6 uninstall

or
netsh interface teredo set state disabled

------Windows Vista
1)Install
IPV6 and Teredo is enabled per default. You can get into the settings by going into the preferences for an network interface. "Obtain an IPv6 address automatically" should do the trick. However, Teredo will disable itself if you have "edge traversal" or outgoing udp packets blocked in your firewall or if your router is a symmetric-nat router (e.g. Speedtouch 780). In that case you have to use a tunnel broker, see comments below.
If you can go to http://www.ipv6.sixxs.net/, everything works well, if not... well, good luck. I never really got Teredo to work on Vista Business reliably, sometimes it works, most of the time it does not.


2)Uninstall
Add this registry value ("DWORD") set to 0xFF (long line, double-click, and copy):


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

Or save the two lines in a .reg file and double-click it:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:000000ff

You can also go to the interface properties of an network interface and deselect the IPv6 protocol for that interface. To enable IPv6 again, replace dword:000000ff above with dword:00000000.


Or try this:
1)Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
2)Right-click “Parameters”, select “New” in the contextual menu, then select “DWORD Value”, and then type the following name for the new value (type the name exactly as shown, including capitalization):
DisabledComponents
3)ouble-click “DisabledComponents”, select Hexadecimal, and then in Value data, type: 8
4)Click OK.
5)Restart the computer.




XXXXXXXTurn Off Teredo by Using Graphical User InterfaceXXXXXXXXX:

1.Click Start, then Control Panel
2.Click on “System and Maintenance” link.
3.Click on “Device Manager”.

Click Continue on UAC prompt.

4.In device manager, click the “View” menu and select (tick) “Show hidden devices”.
5.Expand the “Network Adapters” tree.
6.Right click on “Teredo Tunneling Pseudo-Interface” and select “Disable”.
7.Right click on “6to4 Adapter” and select “Disable”.




http://ipv6gate.sixxs.net/
IPv6Gate Normal/IPv4 Name
http://www.cnn.com.sixxs.org http://www.cnn.com CNN
http://www.debian.org.sixxs.org http://www.debian.org Debian
http://www.dilbert.com.sixxs.org http://www.dilbert.com Dilbert
http://www.flickr.com.sixxs.org http://www.flickr.com Flickr
http://www.google.com.sixxs.org http://www.google.com Google
http://www.ibm.com.sixxs.org http://www.ibm.com IBM

[hellnoire]

I must be slow... what's this for? This made zero sense to me.

My eyes glazed over after seeing "Teredo provides IPv6 access in environments otherwise limited to IPv4 and NAT"

[ha14]

Yap you need always a bridge to cross over a river. Otherwise a Kayak will be good.

Teredo raises some security concerns. Primary concerns include bypassing security controls, reducing defense in depth, and allowing unsolicited traffic. Additional security concerns associated with the use of Teredo include the capability of remote nodes to open the NAT for themselves, benefits to worms, ways to deny Teredo service, and the difficulty in finding all Teredo traffic to inspect.

How to enable/disable Teredo can be useful suppose to those who have a laptopa and they travel fromm room to office to taxi to hotel and they want a video conference, Teredo can be of help.

Since Teredo also works from China, you can use it together with the *.sixxs.org proxy to read any of your favourite, blocked sites.