Yggdrasil as a VPN alternative
![](https://lemmy.sdf.org/pictrs/image/0f05b2ed-66be-48b0-bd87-34498996cb92.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
yggdrasil-network.github.io
I've been accessing my servers over Yggdrasil for the last few years and I never see it mentioned in self hosting communities, so here you go !
Yggdrasil works over IPv6 and brings encryption at the network interface level (similarly to a VPN). The cool thing is that your IP address is derived from your private key, so when you try to connect to a specific IP, your packets are encrypted so that ONLY the destination server can decrypt it (thus preventing MITM attacks). And as everything is encrypted at the NIC level, you can safely use plain text protocols ;)
How cool is that ?
Wonder how this compares to wireguard. Been thinking about https://github.com/juanfont/headscale
Thanks for sharing. I recall hearing about this before. After reading this thread I've been trying to vend some of my selfhosted apps over yggdrasil. The documentation is difficult to find. A good tutorial would be really useful. Here are my two biggest
stumbling blocksheadaches:0.0.0.0
to::
(from ipv4 to ipv6). Apparently ipv4 still works but now ipv6 also works. This was the biggest blocker for me gaining access to my apps over yggdrasil using ipv6.I also downloaded an yggdrasil vpn app for Android and was able to access both apps with Android after adding a peer connection in the settings. Later, I added my Android public key to the AllowedPublicKeys to lock down my apps to be only accessible to my client.
Thanks @wgs for the tip! 🏆
Does this require a static IP address? Can it be easily used when all nodes are behind a NAT with dynamic IP addresses?
No static IP required ! I use it on my phone over LTE and it works great. Same goes for the NAT, I use it at work to where my laptop sits behind a NAT and I don't have any issue.
From my understanding by reading the website, if non of your devices have a static IPv6 address, you need to add a public node, is that true?