Windows 7 / Networking

Blocking Teredo

Teredo is intended to be a consumer technology and has generally not been recommended for enterprises because Teredo requires the edge device to allow all outbound UDP traffic. For example, because of security reasons, many enterprise administrators do not want client computers on the corporate network to be directly accessible from the Internet, and in that case turning off Teredo is a good idea. If administrators want to disable Teredo on their client computers or simply prevent it from working, they can do so in one of three ways:

  • Block all outbound UDP traffic by default. (This is the only reliable "external" method.)
  • Block name resolution of the Teredo DNS host name, which by default on computers running Windows 7 is teredo.ipv6.microsoft.com. (This method, however, leaves an easy workaround, because the user can hard-code IP addresses.)
  • Use Group Policy or a script to create the following DWORD registry value, which turns off Teredo on targeted computers running Windows 7. (This registry setting is not exposed by default in Group Policy but can be pushed down using a custom ADMX file.)
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
    You can specify the following settings for this value:
    • 0x10 Setting this value will disable Teredo only on the computer.
    • 0x01 Setting this value will disable all tunnel interfaces on the computer.

If administrators want to support only native IPv6 in their networks or if they don't want to support any IPv6 traffic until they deploy native IPv6, they can choose to turn off all tunneling technologies using the second choice in the preceding list.

[Previous] [Contents] [Next]

In this tutorial:

  1. Deploying IPv6
  2. Understanding IPv6
  3. Understanding IPv6 Terminology
  4. Understanding IPv6 Addressing
  5. Understanding IPv6 Prefixes
  6. Understanding IPv6 Address Types
  7. Understanding Unicast Addresses
  8. Identifying IPv6 Address Types
  9. Understanding Interface Identifiers
  10. Comparing IPv6 with IPv4
  11. Understanding IPv6 Routing
  12. How IPv6 Routing Works
  13. IPv6 Route Determination Process
  14. IPv6 Routing Table Structure
  15. Understanding ICMPv6 Messages
  16. Understanding Neighbor Discovery
  17. Understanding Address Autoconfiguration
  18. Understanding Name Resolution
  19. Understanding Name Queries
  20. Understanding Name Registration
  21. PTR Records and IPv6
  22. IPv6 Enhancements in Windows 7
  23. Summary of IPv6 Enhancements in Windows 7
  24. Configuring and Troubleshooting IPv6 in Windows 7
  25. Configuring IPv6 in Windows 7 Using the User Interface
  26. Configuring IPv6 in Windows 7 Using Netsh
  27. Other IPv6 Configuration Tasks
  28. Enabling or Disabling IPv6
  29. Disabling Random Interface IDs
  30. Resetting IPv6 Configuration
  31. Displaying Teredo Client Status
  32. Troubleshooting IPv6 Connectivity
  33. Planning for IPv6 Migration
  34. Blocking Teredo
  35. Understanding ISATAP
  36. Migrating an Intranet to IPv6
  37. Step 1: Upgrading Your Applications and Services
  38. Step 2: Preparing Your DNS Infrastructure
  39. Step 3: Upgrading Your Hosts
  40. Step 4: Migrating from IPv4-only to ISATAP
  41. Step 5: Upgrading Your Routing Infrastructure
  42. Step 6: Upgrading Your DHCP Infrastructure
  43. Step 7: Migrating from ISATAP to Native IPv6
  44. The Advantages of IPv6
  45. Address Resolution in IPv6