is a network that uses addresses derived from public keys, is end-to-end encrypted, automatically discovers peers on a LAN, can be used privately as a VPN or globally. A very cool piece of work towards . I write about it at

2/ One other cool thing: All you need to talk to a peer on is a switch. You can take 5 laptops, plug them into your switch, and boom - they talk to each other securely. No need for DHCP, for radvd, statically setting IPs, or whatever. Same could be done with wifi - just set out an access point, doesn't even need to be plugged into anything, and they can talk.

And if just one of those devices has outside access - all are instantly a part of the global net.

3/ Heck, you don't even need an access point. I forgot to mention you could just set your wifi to ad-hoc mode! Yggdrasil is a perfect solution for some of the annoyances there.


I read it, it's very interesting

I tried yggrdasil myself and I ended up wondering: ok nice but what is this thing for ?

Your article clarifies that

Kudos 👍

@AbbieNormal Thanks! Glad to help. I'm really excited about technologies like this.


I've heard mumblings about Yggdrasil recently but other than in ancient myths (one norse based, one linux based), I didn't know what it was. Now I actually know that it is something I want to look into! Thanks!

@jgoerzen very cool. Thanks. Will probably try.

Big question: interoperability with current Internet? If if put a website up on Yggdrasil can I point random people not running Yggdrasil themselves at it?


@eludom AFAIK there is no gateway from clearnet into Yggdrasil. However, appears as just another interface on the box - tun0 by default. A public webserver that listens on port 80 would be instantly accessible both places. There is something of a convention of prepending "y." before a domain name for an Yggdrasil in-net version.

In the other direction, at least one person operates a public proxy from Yggdrasil out. And of course, the entire thing can run atop current Internet.

@jgoerzen So it's an isolated overlay. Fine for Geeks and privacy nerds who want a place to play, but not going mainstream (maybe a Good Thing) any time soon.

@eludom Not necessarily wrong.. .But, the only way progress is going to happen is if the geeks adopt it first. Whatever your opinion on Blockchain, I heard the exact same things at the beginning and now it's pretty big. I'm using it, not necessarily for privacy reasons, but for utilitarian and decentralization reasons. The more people jump aboard these ships, the more we can start to re-democratize the Internet.

@jgoerzen I ran cjdns on several of my machines, and a cjdns service on a VPS to provide an "infrastructure" node, for this very reason for a number of years.
I have since abandoned that for practical reasons (I was not keeping up with the network news, and it was changing rather fast at the time), but in general I am in support of this kind of effort.

It's hard to trust a service like this on an important machine, though.

@elb Totally got it, and am with you on that. I modified the systemd service file so it runs as a non-root user and have it heavily firewalled.

Incidentally, tinc has some similarities but is specifically targeting only private installations (no global network there). Yggdrasil can be used as a private VPN also but obviously it's targeting bigger things.

@jgoerzen how many users it has today? I' m looking for alternatives to i2p... perhaps, how the dns works there?

@loweel There are over 3000 nodes in the network map for the mainnet (the largest global network). I think that makes it the most successful overlay network to date (barring application-level ones like Tor). However, it is hard to extrapolate users, because each node could have an entire /64 behind it, and others could have active networks that aren't linked to the main global one.

@loweel For , there are sort of four experiments right now: 1) Using traditional clearnet DNS (outside ), 2) running regular port 53 DNS inside ygg, 3) Alfis , and 4) Meshname . My observation is that people are mostly using URLs with IPs for now. That doesn't really solve the human-readable issue, but when IPs are linked to keys rather than anything else, they can be moved by just moving keys.

Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).