miredo - Teredo IPv6 tunneling for Unix
] [-u user
] [ -t
is a daemon program providing a Teredo tunnel service compatible
with the "Teredo: Tunneling IPv6 over UDP through NATs" Internet
proposed standard (RFC 4380). It can provide either Teredo client or Teredo
This is mostly useful to provide IPv6 connectivity to users behind NAT, most of
which do not support IPv6 at all. Many NATs do not even support
forwarding, so it is not possible to set up a 6to4
tunnel through them.
A Teredo relay is an IPv6 router which forwards IPv6 packets between the IPv6
Internet and Teredo clients by encapsulating these IPv6 packets over UDP/IPv4.
A Teredo client is an IPv6-enabled host which is located behind an IPv4-only
Network Address Translator (a.k.a. NAT), and encapsulates its IPv6 traffic
inside UDP over IPv4 packets.
A Teredo server is a special Teredo relay which is required for Teredo clients
to setup their IPv6 connectivity through Teredo. A Teredo server must have to
global static subsequent IPv4 addresses. It receives packets from Teredo
clients and Teredo relays on UDP port 3544.
- -c config_file or --config config_file
- Specify an alternate configuration file for Miredo instead of the default,
- -f or --foreground
- Do not detach from the console. Run the program in the foreground.
- -h or --help
- Display some help and exit.
- -t or --chrootdir
- Specify a directory to use as a root after initialization is completed.
When used as a Teredo client, the hostname resolver library files must be
present in the chroot. The directory can safely be left empty for a Teredo
- -u username or --user username
- Override the user that the program will run as. By default, it runs as
- -V or --version
- Display program version and license and exit.
- This optional command argument specifies a Teredo server to use. It will
override any ServerAddress directive found in the configuration file. It
is ignored if RelayType is not set to "client" (see
privileges to create its IPv6 tunneling
network interface, and to set it up properly. Once its initialization is
complete, it will setgid
into an empty directory and
(see option -u
), so as to decrease the
system's exposure to potential security issues. However, if Miredo runs as a
Teredo client, it needs root privileges when running, in order to change the
tunneling network interface settings automatically. To prevent possible root
compromise, Miredo implements priveleges separation
. The process
that handles data from the network is not privileged.
While that is not specific to nor dependant on Miredo, it should be noted that
Teredo connectivity allows anyone behind a NAT to obtain global public IPv6
connectivity. It might break some corporate policy. If that is an issue,
outgoing UDP packets with destination port 3544 should be blocked at the
Force a reload of the daemon.
Shutdown the daemon.
Do nothing, might be used in future versions.
- The default configuration file.
- The process-id file.
miredo.conf(5), miredo-server(8), ipv6(7), route(8), ip(8)
Rmi Denis-Courmont <remi at remlab dot net>