3

All documentation (including microsoft's) about Teredo mentions the existance of Teredo Servers and Teredo Relays (and host-specific relays). Microsoft itself even runs public Teredo Servers (but no relays).

But when I try to configure Teredo in Windows 7 Ultimate (or Enterprise), I can only enter one servername/IP adress in netsh, wich seems to be used as the teredo server and relay.

I would like to run my own relay, but use another public server. Is this possible?

The reason for this question is I'd like to use DirectAccess, but you need 2 consecutive IPv4 addresses, which i don't have, and cannot get on my network. According to the DirectAccess documentation, the 2 IP addresses are only used to run the Teredo Server. I hope to circomvent this by using microsoft's own public teredo server, but my own teredo relay.

Thanks in advance!

RedFury
  • 31
  • 1
  • 3
  • Use an IPv6 tunnel broker like Hurricane Electric? – Steve-o Aug 12 '12 at 19:28
  • Nope won't work. I already have IPv6 Internet access through 6rd. For direct-access you need IPv6 IPsec tunnels that can also traverse the IPv4 internet when you're on the road, Thats why it works with 6to4, Teredo or IPHTTPS – RedFury Aug 13 '12 at 11:51
  • Sorry to bounce you again, but this belongs on SuperUser, as this is a home OS and a home network. – mfinni Aug 13 '12 at 12:01
  • 1
    DirectAccess isn't a consumer technique. I'm merely explaining where the need somes from, but it's a fact that a lot of companies would be very inteested if there's a way to run DA without 2 IPs. – RedFury Aug 13 '12 at 12:05
  • A "lot of companies" can get 2 consecutive IPs. Regardless, the question of whether or not this belongs on this site is explicitly covered in the FAQ. – mfinni Aug 13 '12 at 16:22
  • Alright, should I move it to SuperUser then? – RedFury Aug 13 '12 at 19:50
  • @mfinni Windows 7 Ultimate, Enterprise and Professional are not marketed for home use – Hubert Kario Sep 10 '12 at 23:46

1 Answers1

1

You are right. A lot of companies doesn't have a a public DMZ so they cannot have two public IPs in the server witouht NAT.

Without this Teredo doesnt work.

In Windows Server 2008 for enable Direct Access from the GUI you have to enable Teredo, so if you don't have this requierement it won't work. You have two alternatives:

  1. Configure Direct Acess using the command prompt. You can enable the IPv6 transitions technoliges (6to4 and IPHTTPS) using netsh. You also have to configure the clients and IPSec.
  2. In Windows Server 2012 you can configure Direct Access without Teredo, only with IPHTTPS, so you dont need public IPs anymore.
Ricardo Polo Jaramillo
  • 2,039
  • 1
  • 18
  • 35
  • Yes I am aware of that. It's also possible to configure all 3 (6to4, Teredo and IPHTTPS) by GroupPolicy. The reason I'm hammering on Teredo is that with 6to4 both endpoints need to have a public IPv4 address. Your server probably has, but your DA clients probably don't. It's more likely your Da clients reside behind a NAT router, and that breaks 6to4, leaving only IPHTTPS as an option. And it not a great option because IPHTTPS is a last-resort technique famous for it bad performance: http://technet.microsoft.com/en-us/library/ee844161%28v=ws.10%29.aspx – RedFury Aug 13 '12 at 19:53
  • Why you want a teredo relay? If you cant have Teredo public server in your network because you dont have two IPs you can configure your clients to use teredo.ipv6.microsoft.com. – Ricardo Polo Jaramillo Aug 13 '12 at 20:52
  • The Teredo Server is used (afaik) to determine the NAT type you're behind. The Teredo Relay is used as an endpoint to terminate your ipv6-in-ipv4 tunnel. Because DA makes use of IPv6, that doesn't mean these IPv6 addresses are globally routable (so they can be private). In fact, DA doesn't even work when you've got pure IPv6 connectivity and no IPv4 connectivity: http://blogs.technet.com/b/tomshinder/archive/2011/03/23/uag-directaccess-and-the-ipv6-internet.aspx This means we _have_ to host our own Teredo Relay. But the 2 IPv4 address requirement is only for the Teredo Server. – RedFury Aug 14 '12 at 20:24