• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Teredo

Started by b1izzard, December 16, 2009, 02:25:42 PM

Previous topic - Next topic

b1izzard

I am trying to figure out how to get Teredo to work with Windows XP, and came across the Teredo Wiki arcticle that mentioned the following:

"In Q1 2009, IPv6 backbone Hurricane Electric enabled 14 Teredo relays in an anycast implementation and advertising 2001::/32 globally."

I am running behind a D-Link DIR-615 router at the present, and do have a 2001:0:: address showing in XP.  I have set the tunnel server to point to the MS Teredo server.  At this time, I cannot connect or ping IPv6 websites.

1.  In a nutshell, what is required to setup Teredo correctly to connect to the IPv6 internet or another Teredo client?   

2.  Can I use your servers as a relay?  If so, what is the address?


jimb

#1
Quote from: b1izzard on December 16, 2009, 02:25:42 PM
I am trying to figure out how to get Teredo to work with Windows XP, and came across the Teredo Wiki arcticle that mentioned the following:

"In Q1 2009, IPv6 backbone Hurricane Electric enabled 14 Teredo relays in an anycast implementation and advertising 2001::/32 globally."

I am running behind a D-Link DIR-615 router at the present, and do have a 2001:0:: address showing in XP.  I have set the tunnel server to point to the MS Teredo server.  At this time, I cannot connect or ping IPv6 websites.

1.  In a nutshell, what is required to setup Teredo correctly to connect to the IPv6 internet or another Teredo client?  

2.  Can I use your servers as a relay?  If so, what is the address?


If you already have a "normal" IPv6 global unicast address set up on your windows box, Teredo or 6to4 won't be used by Windows.

Otherwise, with teredo, you should just be able to "turn it on", and it does everything automatically.  IIRC XP requires a few security steps to get it going (should be in the wiki).  A security requirement also appears to be that windows firewall must be turned on.  I know this is an issue for Vista and likely win7.

Once it's on, it should talk to the Teredo servers and establish a Teredo IPv6 address consisting of a combo of the teredo server IPv4, your public IPV4 and some other stuff.  Then you should be able to ping IPv6 sites.  However, it appears that windows is configured to use IPv4 before it uses a Teredo or 6to4 IPv6 address.  At least in my experimentation that seemed to be the case, since I could ping IPv6 addresses on the internet by address, but when I'd try to go to say a web site which had both IPv4 and IPv6 addresses, it'd always use the IPv4 address instead of the IPv6.  I believe this can be behavior can be changed using the "netsh int ipv6 set prefixpolicy" command.

Also, from my experience, Teredo seems to be a bit sketchy.  I noticed that IPv6 connectivity was a bit slow and unreliable.  Sometime I could ping something, other times I couldn't, then it'd come back, etc.  YMMV

To answer #2, Teredo servers and relays are different.  They do different things.  Relays just relay Teredo traffic, servers sort of coordinate things.  The relays are picked automatically, coordinated with the server(s), IIRC.

b1izzard

Which Wiki were you referring to for Windows XP?  I was just talking Wikipedia.  In your opinion, is Teredo a waste of time trying to figure out, or will it ever be useful?

jimb

Quote from: b1izzard on December 16, 2009, 04:08:00 PM
Which Wiki were you referring to for Windows XP?  I was just talking Wikipedia.  In your opinion, is Teredo a waste of time trying to figure out, or will it ever be useful?
I was referring to the one you were refering too, but I figured u were talking about a technet article and just said wiki.  The best source of info for Teredo is probably MS technet.  Just go there and search "teredo XP" and it has a guide to set it up on XP.

Teredo IMHO is useful perhaps to learn about.  But it's a waste of time if you already have a configured IPv6 tunnel such as HE, sixxs, hexago etc etc.

b1izzard

#4
jimb, I found a good article explaining how to get it to work.  

http://yorickdowne.wordpress.com/2008/01/26/ipv6-at-home-part-1-overview-teredo/

I used the 'Vista' section for my Windows 2008 Server, and it worked.  The trick is to follow it closely, as there are definitely a few quirks in getting it running right, but it does work.  

I also was able to connect from my Teredo client to my other Windows 2008 Server that I had previously setup in a HE 6in4 tunnel.  I did find that I was initially unable to ping the 6in4 server from my Teredo client, but after going to the 6in4 server and pinging ipv6.google.com, the request timed out at first.  It eventually started pinging google, and then from the Teredo client I could ping the server and connect to it.  So this leads me to my next question:

Do tunnels go into sleep mode if no traffic goes through them for a while?  Let's say my router is up, but no traffic whatsoever goes through it out to the internet.  Does the tunnel timeout?  Thanks for your help.

kcochran

The tunnel won't time out, as there's no state to it.  However, if you're going through a device which does connection tracking, like NAT gateways, firewalls, etc., then if there's no traffic outbound, the return path in that device's table may time out, effectively blocking externally initiated connections to your side of the tunnel until something internal goes out, recreating the mapping.

jimb

#6
Bliz..remember what I said about pinging to generate keepalives earlier?  That's what I was talking about

As kcochran said in the last post, and I've said in probably about 50 other posts including ones in your other thread ... if you don't have a "port forward" (really an IPv4 protocol forward in this case), aka, a static NAT entry on your NAT device directing IPv4 proto 41 traffic arriving at your public IP to your 6in4 router, the "temporary NAT" (aka connection/nat table entry) will time out if there hasn't been any 6in4 traffic for some time.  When this happens, no traffic initiated from the other end of the tunnel will reach your 6in4 router because your nat/firewall device will drop it.

In situations where it's impossible to set up such a NAT (like most consumer grade routers), what I typically do is set up a cron job that pings the other end of the 6in4 tunnel at regular intervals (say once a minute).  Unless the default timeout on your connection table entries is reaaly short, this will typically keep the tunnel up indefinitely.

cholzhauer

FWIW if you use a Sixxs Dynamic tunnel, they can time out if you set your firewall incorrectly.

b1izzard

Got it.  Thanks for the replies everyone.