none
How to force Teredo over IPHTTPS RRS feed

Answers

  • Teredo is always prioritized, but just as you said, if there is a situation where Teredo and IP-HTTPS come online at the same time, the traffic actually flows over IP-HTTPS and there isn't anything you can do. You could disable or delete the IP-HTTPS adapter, but you don't want to do that.

    Setting Teredo to "Enterprise Client" is definitely recommended, I use it as a best practice. Just as you said, it enables Teredo to connect in more situations, when sitting inside a domain network for example. You can easily set Teredo to Enterprise Client status for all of your DirectAccess computers by using a GPO.

    • Marked as answer by Tullkas Thursday, May 30, 2013 8:39 AM
    Friday, May 24, 2013 7:55 PM

All replies

  • Teredo is always prioritized, but just as you said, if there is a situation where Teredo and IP-HTTPS come online at the same time, the traffic actually flows over IP-HTTPS and there isn't anything you can do. You could disable or delete the IP-HTTPS adapter, but you don't want to do that.

    Setting Teredo to "Enterprise Client" is definitely recommended, I use it as a best practice. Just as you said, it enables Teredo to connect in more situations, when sitting inside a domain network for example. You can easily set Teredo to Enterprise Client status for all of your DirectAccess computers by using a GPO.

    • Marked as answer by Tullkas Thursday, May 30, 2013 8:39 AM
    Friday, May 24, 2013 7:55 PM
  • Thanks Jordan for your reply. Thats shame there is nothing to do about the Issue no.2. I will implement the the "Enterprise Client" change to our GPO - again shame that its something you need to everytime you re-deploy GPOs from UAG as this is not a part of UAG DA setup.

    If you got some experience in Teredo/IPHTTPS performance tuning please have a look on my other thread.

    http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/e68e3b89-48c7-4495-84c8-2ab2fb9f6909

    Thanks.

    Thursday, May 30, 2013 8:39 AM
  • You don't have to make the Enterprise Client change after every re-deploy from UAG. You shouldn't be modifying the GPOs that UAG creates at all, you should create a new GPO for the Teredo setting (you can also disable 6to4 in this same GPO as that is another best practice that I typically follow). If you have that setting configured by its own GPO that you created, then you'll never have to modify or re-visit it again.
    Thursday, May 30, 2013 12:19 PM
  • Good point, thanks. Why would be disabling 6to4 by default best practice? I see few clients a day connecting via 6to4.

    Thursday, May 30, 2013 12:34 PM
  • 6to4 is rarely used, mostly by users that have cell phone cards in their laptops. And on some cell carriers (I have seen it enough times to simply disable 6to4 by default now), they will allow the initial handshake of Protocol 41 that is used by 6to4, so the client thinks its connected, but then block the actual Protocol 41 traffic, therefore breaking DirectAccess on that client.

    Any client that is connected with 6to4 can just as easily connect with Teredo instead, and the protocols are almost exactly the same as far as efficiency goes, so I just let them use Teredo. Teredo does connect successfully on these troublesome cell carriers where 6to4 does not.

    Thursday, May 30, 2013 12:59 PM