Teredo tunneling

Teredo is an IPv6 transition mechanism. This communication protocol for data traffic to the Internet is in accordance with RFC 4380 Teredo: Tunneling IPv6 over UDP through specified Network Address Translations ( NATs). Particular implementations exist as part of the Microsoft Windows ( Teredo ) and for Unix systems ( Miredo ).

The protocol defines a method to access the IPv6 network behind a NAT device. In this case, IPv6 packets are encapsulated with the UDP over IPv4. This is done using so-called Teredo server.


The scarcity of IPv4 addresses has meant that many enterprises and private users access via NAT with multiple devices with the use of only one public IP address on the Internet. The most widely used protocol to tunnel IPv6 directly via IPv4 (protocol 41; see also tunnel broker ), requires that the client has a public IP address ( although this is not absolutely necessary, as good routers also come with Protocol 41 dogs ). Teredo makes it an IPv4 host, who can not use 6to4, possible to use IPv6 on tunnel.


Due to the tunneling of IPv6 is the risk that in particular the security functionalities NAT -based IPv4 routers can be completely undermined. The generated through Teredo IPv4 UDP packets are packets with the labels in this scenario, packet filters are ineffective. It is since 2007 an analysis by Symantec confirming this fact. The security-conscious administrator is recommended to lock to the availability of appropriate firewalls used by the Teredo UDP port 3544 completely.


Teredo is described in RFC 4380 ( Teredo: Tunneling IPv6 over UDP through Network Address Translations ( NATs) ) specified. It is mainly the work of Christian Huitema, a Microsoft employee working on IPv6. In September 2010, the update appeared RFC 5991 ( Teredo Security Updates ) and in January 2011, RFC 6081 ( Teredo Extensions).


Microsoft Windows

  • A Teredo client is Microsoft Windows XP and later included ( first appeared in the Advanced Networking Pack in Service Pack 1) and enabled by default. A cut-off is possible by the command: netsh interface ipv6 set teredo disable. The re-activation is done by: netsh interface ipv6 set teredo default
  • Microsoft offers Microsoft Windows Server 2003 a Teredo server and relay in beta.


  • Miredo is an implementation for Linux and BSD ( under the GNU General Public License )
  • NICI - Teredo consists of a Teredo relay for the Linux kernel and a server for the user space


Other mechanisms that can be IPv6 packets in IPv4 tunnel, include

  • 6to4,
  • ISATAP and
  • Tunnel broker.

A comparison of the tunneling mechanisms can be found at # IPv6 tunneling mechanisms.