💾 Archived View for tilde.club › ~verdantmoss › yggdrasil.gmi captured on 2023-01-29 at 03:53:47. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Yggdrasil[1] is an overlay mesh network that is fully end-to-end encrypted. What this actually means is that any computer running the Yggdrasil client can be assigned an IPv6 address that identifies them on the network, and other network members can communicate with them at that address. There is a large public network[2], although it is possible to host smaller networks if you so wish (and have a server that is accessible normally).
I think Yggdrasil is really quite nice. It means that all my devices can get an IPv6 address that is accessible from anywhere, without any fuss. Because the IPv6 address a device is assigned is derived from it's public key, it is trivial to persist (or frequently change) address, and the built-in end-to-end encryption works without any need for TOFU or certificates. All IPv6 addresses used by Yggdrasil are in the 0200:/7 range, which was deprecated by the IETF after an RFC that used it stalled and never went anywhere, meaning that Yggdrasil addresses don't overlap with IPv6 addresses used elsewhere. This means that the Yggdrasil client can transparently route addresses in that range to the Yggdrasil network without interfering with normal routing.
I'm aware that if I want to access my devices without bothering with NATs and the like, there are offerings like Tailscale[3] or ZeroTier[4]. These fit my use case for Yggdrasil just fine, but I have no interest in being forced to sign up via Google/Microsoft[5] or use non-free software[6] to connect my own devices together, not to mention that relying on entities with corporate interests is something that I prefer to avoid.
I'm very pleased with how flexible and straightforward Yggdrasil is - compared to the headache of managing DNS, Let's Encrypt certificates, NATs and dynamic IP assignment, Yggdrasil just works. I cannot recommend it enough if you need to access stuff that's stuck behind NATs or just want to host a few services for yourself without dealing with all the DNS/NAT/etc stuff.
last updated: 2022-12-18