How to force an IP-HTTPS connection on a DirectAccess client…

In certain scenarios, like testing, you might want to force a DirectAccess client to use IP-HTTPS. This posting explains how.

Pop quiz hotshot, you’ve got a DirectAccess client on a NAT’ed home network and you want to force it to use IP-HTTPS. What do you do? What do you do?

Err… Well hack the registry and enable Force Tunneling. Granted this should work, but what if I told you there was a better way. Instead, you could use a quick and easy solution that didn’t carry the implications of forcing all your network traffic through a DirectAccess connection. Yup, I’m not selling snake oil. Instead, you should try using netsh to disable Teredo. For example, if you execute the following command:

netsh interface teredo set state disable

You will in fact disable Teredo. Provided that your IP-HTTPS solution is working, the DirectAccess client will then switch over to IP-HTTPS. You can verify this using the following command:

netsh interface httpstunnel show interfaces

Provided that everything is working, you should see something like the following:

Role                       : client
URL                        :
Last Error Code            : 0x0
Interface Status           : IPHTTPS interface active

Now, to re-enable Teredo you would use the following command:

netsh interface teredo set state default

Once executed, your Teredo interface will again be active and things will be as they were before.

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)