Teredo and the PNRP Global Cloud

  • Article

Most applications that use the Windows Peer-to-Peer applications require use the global cloud for most scenarios.  However I have found that occasionally the global cloud is not present on some machines.  Here is some troubleshooting tips you can perform to get the global cloud up and running.

First of all, a brief review on what the global cloud is.  It is nothing more than access to public IPv6 addresses.  In theory if your windows machine has a Global IPv6 address your p2p applications can communicate with any other windows machine with Global IPv6 connective.  Chances are you do not yet have Native IPv6 connectivity and so you are using a transition technology like Teredo.  Teredo is available on both Vista and XP. 

It tries to send IPv4 UDP packets to a teredo server (by default Teredo.ipv6.microsoft.com).  The server in turn will send back a teredo address for the client to use.  The address it sends back is a Global IPv6 address with a prefix of 2001:0::/32.  When the application sends a packet from the teredo address to another IPv6 address it will be sent to the destination or to a Teredo relay service to route to the correct address.

How do you check to see if you have access to the global cloud?  The simplest way is to run “NETSH P2P PNRP CL SH ST *”.    This will enumerate what clouds are available.  You will probably see a link local cloud that looks something like this: “LinkLocal_2001:4898:28:3::/64”  That cloud will let you communicate with those on your same subnet.  The global cloud is named “Global_”.  If it is not there then we need to find out why.

Take a look at your teredo state.  On vista the command is “Netsh int teredo sh st”  On XP it is “Netsh interface ipv6 show teredo”.  The state value will tell us if it is working or not.  The Error value will tell us why it is not working.  If the state is probe that means it is still trying to communicate with the teredo server.  You need to give it another minute.  If it says dormant or qualified that means it is working.  If it says offline then we need to examine the error state.

Sometimes it is clear what the error is.  If it says the teredo server is unreachable over UDP then you need to check if it is blocked by a firewall.  If you are using the windows firewall the port should have been opened for you.  Check any 3rd party firewalls or your edge firewalls to make sure the traffic is not being blocked.  By default Teredo uses a random port.  You can set which port you want it to use with the “netsh int ter set state clientport=port” command.  You may try to do a regular ping to the teredo server.  However the error may not be as clear.  If it says “Client is in a managed Network” it means teredo has detected that you are in a corperate environment.  If that is the case you need to set the Teredo type to Enterprise client “Netsh int ter set state enterpriseclient”.

Another thing to note is on Vista a IPv6 firewall is required for Teredo to operate.   If windows detects there is no IPv6 firewall, teredo will not function.  If you use the windows firewall, turn it on.  If you use a 3rd party firewall check with the manufacturer to make sure it reports to windows if it is on or not, and that it covers IPv6.

For more information about Teredo, read the overview at https://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx.

-Travis