Monday 16 June 2014

DirectAccess: Enabling the Teredo Interface

If you have deployed DirectAccess via the Getting Started Wizard you will probably find Teredo is disabled from the beginning. For Teredo to work (or even enable), the external interface on the DirectAccess server must have two consecutive public IP's.
Although DirectAccess is configured correctly, there is no Teredo interface.

If you open an Administrative PowerShell and use the command Get-DAServer you will notice under the TeredoState setting it states Teredo is Disabled. 

Like the other connection protocols when DirectAccess is installed an adapter is installed in Device Manager (you must Show Hidden Devices). You will notice an adapter for IP-HTTPS, ISATAP and 6to4, but no adapter for Teredo.

In order for Teredo to enable correctly, the external interface of the DirectAccess server must have two consecutive public IP addresses you add the second IP using the Advanced TCP/IP Settings from the external adapters properties.
When both the external IP's are successfully configure you can use the PowerShell command Set-DAServer -TeredoState Enabled to force Teredo to be installed. The command outputs a warning in regards to internal resources and ICMP, this is because Teredo uses ICMPv6 to determine what kind of NAT an incoming client is connecting over.
Once the command has successfully completed, you will now notice the Teredo Tunneling Pseudo-Interface now appears in Device Manager.

If you now return to the Operations Status you will see Teredo listed under Services.