Connecting to Yggdrasil

Yggdrasil is an end-to-end encrypted IPv6 network that is open for anyone to connect to. It’s lightweight to install and run, and gives you the ability to build a fully encrypted network across both local links and via the public internet.

This post covers installing Yggdrasil on a Linux server and a Macbook and connecting the two, followed by some options around extending your network.

Linux

On the Linux server we install the software manually since there are no packages for CentOS 8 yet. These steps should work for any systemd Linux server though.

  1. Download the yggrdasil and yggdrasilctl binaries from the builds page and place them in /usr/bin as yggdrasil and yggdrasilctl. Make sure they are executable.
  2. Download the systemd service file and put it into /etc/systemd/service/yggdrasil.service
  3. Run yggdrasil -genconf > /etc/yggdrasil.conf to generate the config file
  4. Edit the peers section of this config file to add some of your nearest peers. Each peer should be on a new line. You can find your nearest peers here.
  5. Run yggdrasil -useconffile /etc/yggdrasil.conf to make sure it starts without errors, and then ctrl-c
  6. systemctl daemon-reload && systemctl start yggdrasil to start it as a daemon
  7. Get your Yggdrasil IP address with yggdrasilctl getSelf

There are some services you can connect to in order to check your connectivity, as well as running yggdrasilctl getPeers

Mac

There is an installer package for Mac which simplifies the process here.

  1. Download and install the latest Mac package from the latest builds (control-rightclick and open if it complains about signing)
  2. Generate the configuration with yggdrasil -genconf | sudo tee /etc/yggdrasil.conf
  3. Edit the peers section of this config file to add some of your nearest peers. Each peer should be on a new line. You can find your nearest peers here.
  4. Start Yggdrasil in the foreground with sudo yggdrasil -useconffile /etc/yggdrasil.conf
  5. You can now connect to services on the Linux server using the ip address from step 7 in the instructions for configuring the Linux server

Peering

If your Mac is on the same network as your Linux server then in theory it should automatically find it to peer with. This means that you can build a series of local networks without any internet connection, but still connect to the Yggdrasil network. Of course one of your nodes will need internet access to connect to the wider Yggdrasil network.

You can also use your Linux server as the peer to the wider Yggdrasil network. This requires setting the Listen section of the Yggdrasil config on the Linux server and then restarting.

Finally, you can route non-Yggdrasil traffic through the Yggdrasil network and back out via a node you have running on the Yggdrasil network.

Combining all of these peering options gives the ability to run really complicated private networks over a combination of local links and over the public internet.