Xbox Live and Teredo

• Previous message (by thread): Xbox Live and Teredo
• Next message (by thread): Xbox Live and Teredo
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you aware:

- Microsofts justification for Teredo is to support P2P during the
transition to IPv6 dominant networks.

- Xbox 360: Console
  - IPv4 preferred and requires the Microsoft 'custom STUN and security
implementation."

- Xbox One: Console
  - IPv6 preferred - Native IPv6+IPSec
     - Requires unsolicited inbound IPSec and IKEv2
     - "Disables firewall capabilities if one exists" - UPNP+...

- IPv4 preferred or no IPv6 = [IPv6+IPSec]+Teredo
     - Teredo is only necessary for Xbox Live party chat and multiplayer

      - Within the tunnel, it requires unsolicited inbound IPSec and IKEv2
     - UDP long port mapping refresh intervals (60 seconds+) to avoid
losing connections to xbox peers
     - Uses UPNP to "Disables firewall capabilities if one exists"
     - If NAT exists, here is the most successful strategy, left to right:
       -  Open to the Internet > Address Restricted > Port Restricted >
Symmetric > UDP Block
    - Teredo prefers UDP port 3074 vs. UDP port 3544

- XBOX - Windows 10
   - Teredo is only necessary for Xbox Live party chat and multiplayer
   - Most common error: “Teredo is unable to qualify”

https://support.xbox.com/en-US/xbox-on-windows/social/troubleshoot-party-chat
  - If a third party firewall is installed, good chance it is blocking
teredo outbound ports or the Windows10 teredo is disabled.

Hope this helps... And don't ask about the security --- It's "good enough
for home users" :(




Joe Klein

"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
PGP Fingerprint: 295E 2691 F377 C87D 2841 00C1 4174 FEDF 8ECF 0CC8

On Tue, Jan 2, 2018 at 6:19 PM, Mark Andrews <marka at isc.org> wrote:

> Time to buy a Xbox for the NOC so you can trouble shoot.  All puns
> intended.
>
> Mark
>
> > On 3 Jan 2018, at 10:15 am, Justin Wilson <lists at mtin.net> wrote:
> >
> > These are all Xbox one clients.  We don’t hand out IPv6 on this network
> yet, so I made sure to disable any sort of IPV6 on the interfaces just to
> be sure because I figured Teredo is tied to v6.  The only thing we have not
> done yet is disable any IPV6 stuff on the customer routers.  Everyone has
> been getting link local addresses for the longest time.   We just disabled
> ipv6 totally on the interfaces just to be safe.
> >
> >
> > Justin Wilson
> > j2sw at mtin.net
> >
> > www.mtin.net
> > www.midwest-ix.com
> >
> >> On Jan 2, 2018, at 6:06 PM, Chris Adams <cma at cmadams.net> wrote:
> >>
> >> Once upon a time, Mark Andrews <marka at isc.org> said:
> >>> Given that you have IPv6 I would be looking at why the XBOXs are
> attempting Teredo at all.  I would expect them to use the IPv6 addresses
> that you are assigning your customers.
> >>
> >> The OP didn't say what type of Xbox.  IIRC the Xbox 360 does not support
> >> IPv6, while the Xbox One does (but neither would explain the Teredo).
> >> --
> >> Chris Adams <cma at cmadams.net>
> >>
> >
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka at isc.org
>
>

• Previous message (by thread): Xbox Live and Teredo
• Next message (by thread): Xbox Live and Teredo
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]