I have been asked a few times lately what method can be used for enabling or disabling certain Transition Technology adapters for testing purposes. The three transition technologies used by DirectAccess are called 6to4, Teredo and IP-HTTPS, and sometimes it is helpful to pin your client machine down to a particular one to test something out. Here are some methods you can use to enable or disable these adapters selectively on your client machines:

6to4

If you are working with a single machine where you don’t mind doing some manual commands, there are some simple netsh statements you can make to enable or disable the 6to4 interface:

netsh interface 6to4 set state disabled (disables 6to4)
netsh interface 6to4 set state enabled (enables 6to4)

If you need to accomplish this on a wider scale, you can use a GPO instead:

Computer Configuration > Policies > Administrative Templates > Network > TCPIP Settings > IPv6 Transition Technologies
6to4 State = Enabled or Disabled

Teredo

Once again, there are some easy netsh commands if that is your preference:

netsh interface teredo set state disabled (disables Teredo)
netsh interface teredo set state client (enables Teredo and sets it to the default “Client” status)
netsh interface teredo set state enterpriseclient (enables Teredo and sets it to “EnterpriseClient” status – this is my recommended state for Teredo on all of your DirectAccess client computers, as it allows Teredo to connect in more situations, like a client’s domain network)

Or, you can do it via GPO:

Computer Configuration > Policies > Administrative Templates > Network > TCPIP Settings > IPv6 Transition Technologies
Teredo State = Enabled or Disabled (and you can also choose Client or EnterpriseClient)

IP-HTTPS

This one’s a little trickier. There are no netsh commands to enable or disable IP-HTTPS, unless you wanted to point it at a dummy location but that works against the DirectAccess GPOs. So there are two ways I have done it before:

1. Disable it in Device Manager:
   1. Open Device Manager, click on View and click “Show hidden devices”
   2. Under Network adapters, you will see the “iphttpsinterface”, which you can disable or enable as with any other adapter
2. Disable it in the Registry:
   1. HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState
      To disable the interface, set the value to 3
      To enable the interface, set the value to 0

Jordan Krause
IVO Networks
jordan.krause@ivonetworks.com