Teredo – how to connect to host behind NAT?

Signum asked:

All I want to achieve is to establish connection to my simple server (written in C# using TcpListener class, if it makes any difference), on my computer which is behind NAT. It has some IPv6 address (it’s public IP, starting with 2001:0) on Teredo interface. However, I cannot even ping it from outside my network, for instance I’m trying to ping this address from this website http://mebsd.com/ipv6-ping-and-traceroute, result – 100% packet loss. As I understood from reading about Teredo, there is no need for some port forwarding? So where could be the problem?


OK, now I’m confused. So what are the purposes of NAT Traversal and Teredo interface at all? I thought I can use Teredo, for example to establish Tcp connection between two computers behind NAT, WITHOUT any port forwarding.

Wikipedia says:

“[..]Teredo alleviates this problem by encapsulating IPv6 packets within UDP/IPv4 datagrams, which most NATs can forward properly. Thus, IPv6-aware hosts behind NATs can be used as Teredo tunnel endpoints even when they don’t have a dedicated public IPv4 address. In effect, a host implementing Teredo can gain IPv6 connectivity with no cooperation from the local network environment.”

@Serge from your answer I conclude that this is impossible to do without port forwarding, so how peer-to-peer applications works? For instance BitTorrent clients? That’s good question for me (and not only for me), explanations are needed 😉

P.S. Here is an article I have read about NAT Traversal and Teredo in .NET:
http://blogs.msdn.com/b/ncl/archive/2009/07/27/end-to-end-connectivity-with-nat-traversal-.aspx

My answer:


Your traceroute shows that your traffic was being dropped at Hurricane Electric’s network. Most likely they were operating the Teredo relay that your computer had connected to.

The fact that packets could not pass further suggests a communication breakdown between your PC and the Teredo relay. And the most likely cause of that is that your NAT device dropped its connection state for the Teredo UDP traffic due to an inactivity timeout. In this case the connection would not come back up again until your PC sent some more traffic over the tunnel, causing the NAT device to begin tracking the connection again.

This is one reason Teredo is extremely unreliable in practice despite its theoretical promise to punch through NAT devices. If you need a more reliable tunnel in this scenario, try using SixXS which has their own tunneling protocol that traverses NAT and remains connected (by occasionally sending traffic even when the connection is idle). You can also use a straight up proto-41 tunnel such as the ones from Hurricane Electric, but in this case you have to manually intervene if your IPv4 address changes.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.