Are you aware:
- Microsofts justification for Teredo is to support P2P during the
transition to IPv6 dominant networks.
- Xbox 360: Console
- IPv4 preferred and requires the Microsoft 'custom STUN and security
implementation."
- Xbox One: Console
- IPv6 preferred - Native IPv6+IPSec
- Requires unsolicited inbound IPSec and IKEv2
- "Disables firewall capabilities if one exists" - UPNP+...
- IPv4 preferred or no IPv6 = [IPv6+IPSec]+Teredo
- Teredo is only necessary for Xbox Live party chat and multiplayer
- Within the tunnel, it requires unsolicited inbound IPSec and IKEv2
- UDP long port mapping refresh intervals (60 seconds+) to avoid
losing connections to xbox peers
- Uses UPNP to "Disables firewall capabilities if one exists"
- If NAT exists, here is the most successful strategy, left to right:
- Open to the Internet > Address Restricted > Port Restricted >
Symmetric > UDP Block
- Teredo prefers UDP port 3074 vs. UDP port 3544
- XBOX - Windows 10
- Teredo is only necessary for Xbox Live party chat and multiplayer
- Most common error: â??Teredo is unable to qualifyâ??
https://support.xbox.com/en-US/xbox-on-windows/social/troubleshoot-party-chat
- If a third party firewall is installed, good chance it is blocking
teredo outbound ports or the Windows10 teredo is disabled.
Hope this helps... And don't ask about the security --- It's "good enough
for home users" :(
Joe Klein
"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8
On Tue, Jan 2, 2018 at 6:19 PM, Mark Andrews <marka at isc.org> wrote:
> Time to buy a Xbox for the NOC so you can trouble shoot. All puns
> intended.
>
> Mark
>
> > On 3 Jan 2018, at 10:15 am, Justin Wilson <lists at mtin.net> wrote:
> >
> > These are all Xbox one clients. We donâ??t hand out IPv6 on this network
> yet, so I made sure to disable any sort of IPV6 on the interfaces just to
> be sure because I figured Teredo is tied to v6. The only thing we have not
> done yet is disable any IPV6 stuff on the customer routers. Everyone has
> been getting link local addresses for the longest time. We just disabled
> ipv6 totally on the interfaces just to be safe.
> >
> >
> > Justin Wilson
> > j2sw at mtin.net
> >
> > www.mtin.net
> > www.midwest-ix.com
> >
> >> On Jan 2, 2018, at 6:06 PM, Chris Adams <cma at cmadams.net> wrote:
> >>
> >> Once upon a time, Mark Andrews <marka at isc.org> said:
> >>> Given that you have IPv6 I would be looking at why the XBOXs are
> attempting Teredo at all. I would expect them to use the IPv6 addresses
> that you are assigning your customers.
> >>
> >> The OP didn't say what type of Xbox. IIRC the Xbox 360 does not support
> >> IPv6, while the Xbox One does (but neither would explain the Teredo).
> >> --
> >> Chris Adams <cma at cmadams.net>
> >>
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>