Are you aware: - Microsofts justification for Teredo is to support P2P during the transition to IPv6 dominant networks.
- Xbox 360: Console - IPv4 preferred and requires the Microsoft 'custom STUN and security implementation." - Xbox One: Console - IPv6 preferred - Native IPv6+IPSec - Requires unsolicited inbound IPSec and IKEv2 - "Disables firewall capabilities if one exists" - UPNP+... - IPv4 preferred or no IPv6 = [IPv6+IPSec]+Teredo - Teredo is only necessary for Xbox Live party chat and multiplayer - Within the tunnel, it requires unsolicited inbound IPSec and IKEv2 - UDP long port mapping refresh intervals (60 seconds+) to avoid losing connections to xbox peers - Uses UPNP to "Disables firewall capabilities if one exists" - If NAT exists, here is the most successful strategy, left to right: - Open to the Internet > Address Restricted > Port Restricted > Symmetric > UDP Block - Teredo prefers UDP port 3074 vs. UDP port 3544 - XBOX - Windows 10 - Teredo is only necessary for Xbox Live party chat and multiplayer - Most common error: “Teredo is unable to qualify” https://support.xbox.com/en-US/xbox-on-windows/social/troubleshoot-party-chat - If a third party firewall is installed, good chance it is blocking teredo outbound ports or the Windows10 teredo is disabled. Hope this helps... And don't ask about the security --- It's "good enough for home users" :( Joe Klein "inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1) PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8 On Tue, Jan 2, 2018 at 6:19 PM, Mark Andrews <ma...@isc.org> wrote: > Time to buy a Xbox for the NOC so you can trouble shoot. All puns > intended. > > Mark > > > On 3 Jan 2018, at 10:15 am, Justin Wilson <li...@mtin.net> wrote: > > > > These are all Xbox one clients. We don’t hand out IPv6 on this network > yet, so I made sure to disable any sort of IPV6 on the interfaces just to > be sure because I figured Teredo is tied to v6. The only thing we have not > done yet is disable any IPV6 stuff on the customer routers. Everyone has > been getting link local addresses for the longest time. We just disabled > ipv6 totally on the interfaces just to be safe. > > > > > > Justin Wilson > > j...@mtin.net > > > > www.mtin.net > > www.midwest-ix.com > > > >> On Jan 2, 2018, at 6:06 PM, Chris Adams <c...@cmadams.net> wrote: > >> > >> Once upon a time, Mark Andrews <ma...@isc.org> said: > >>> Given that you have IPv6 I would be looking at why the XBOXs are > attempting Teredo at all. I would expect them to use the IPv6 addresses > that you are assigning your customers. > >> > >> The OP didn't say what type of Xbox. IIRC the Xbox 360 does not support > >> IPv6, while the Xbox One does (but neither would explain the Teredo). > >> -- > >> Chris Adams <c...@cmadams.net> > >> > > > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > >