Teredo clients essentially wrap an IPv6 packet in an IPv4 UDP packet and forward it on to a Teredo server.
- The Teredo server is running a publicly accessible IPv4 address.
- The server forwards the IPv4 encapsulated IPv6 packet to its intended destination.
- The Teredo client uses "keep alive" traffic with the server.
- This maintains the NAT mapping between the client's source port and the public IP address (the "client's" or router's public IP).
- There is a "refresh" interval in which the client verifies that the source port is still valid.
- This interval is randomly varied by the Teredo service.
- Source ports can be prone to change and it is important for the Teredo server to know how to reach back to the client.
- Teredo acts almost like a dynamic port forwarding service that keeps track of both the public IP address and the source port of the client.
- By keep tracking of the source port and the IP this allows the Teredo server to reach directly back to the client, essentially bypassing NAT without any configuration required.
Teredo doesn't seem to play very nicely with symmetric NAT.
- Symmetric NAT randomly changes the "outside" source port per session
- First the IP address is changed from the source's non-routable address to the public IP address.
- Next the source port is randomly changed, with the mapping existing only in the router's memory.
- When the communication is complete the source port is no longer in use
- A new, random source port is chosen for the next session.
Somehow Teredo in Windows Vista and newer overcomes this, but I have not yet found a clear explanation for how.
Please read the IETF RFC on Teredo for further detail.
Note: I realize that this topic is quite old, but it is currently the top hit on SuperUser's internal search for "What is Teredo Tunneling". I wanted to provide a more generic answer since that is what I was seeking when I came here.
as a side note, if you do a ping -4 <ip address> it will ping using IPv4 instead of IPv6. Just thought I should mention that since I see two comments stating people are having issues with this in windows. – Richie086 – 2015-10-27T05:58:51.770
1And what is the advantage of disabling this? You'll need to troubleshoot it later... – Tamara Wijsman – 2011-01-29T00:53:05.950
4Why would I want to disable it? – Svish – 2011-01-31T09:20:01.230
@Svish to troubleshoot a networking issue. this moment i'm having an issue where machine A runs win7. I can't ping machine A from machine B. When I ping machine A from itself I get back an IPv6 address. I don't know why. temporarily disabling IPv6 (if I can) might simplify things a bit to narrow down to the problem. though funnily enough i'm still getting an IPv6 address back when pinging myself - just ::1:: rather than a longer one. – barlop – 2014-05-13T20:21:45.033
I was getting a long ipv6 address when I pinged myself from myself- ping compname. now i'm getting ::1::. I'd like an IPv4 address when pinging. Interestingly I can't ping from another machine. but my point re your answer is this might not totally disable it. I tried unchecking IPv6 in lan propeties too, though didn't see that do anything. your method did a little more though still pinging gives ::1:: on this machine – barlop – 2014-05-13T20:23:00.627
@barlop fwiw the win7 fw was disabling ping by default. that was the issue.. nevertheless stlil worth pointing out i was getting the ipv6 respnose when pinging myself locally despite ipv6 being allegedly disabled. – barlop – 2014-05-13T20:37:46.010