Comment by 👻 ps
Re: "What is the purpose of Yggdrasil?"
P.S. A simple example: why does an answer require a question?
i2pd implementation provides an option to connect its network with Yggdrasil. It would be secure if the goal is to hide I2P usage from ISPs or penetrate the global firewall, but from another point of view, anyone able to generate a large number of 0200::/7 addresses could launch a Sybil attack and deanonymize some user IDs at a given time.
Therefore, Yggdrasil‑only mode in I2P context is useful for hacking the provider limitations, while a direct I2P connection is preferred when you trust the provider (VPN, etc.) but want to enhance routing hardness, since Internet IPs are limited and more contested.
Solutions for different goals can never be universal, simply by logic. It's like car configuration: something is good for dirt, while something else is good for asphalt.
— And finally, just a funny fact.
2025-11-27 · 5 months ago
27 Later Comments ↓
🐙 norayr [mod] · Nov 28 at 02:45:
@stack for now will just say that it makes us free from limitations of hierarchdcal internet by providing the mesh and own static ip and huge subnet.
some of my friends have no real ips so they selfhost on yggdrasil. yes only members of yggdrasil network can see their websites or capsules, they are fine with that.
next, people use things like team viewer or rustdesk or other clouds to access a computer at home from other place.
instead they can use vnc over ygg.
my other friends created an isolated yggdrasil network. they did not connect to any of the global nodes and they host diaspora to socialize.
and i wrote a 275 lines pascal program that allows to chat by using bonjour protocol over yggdrasil.
🐙 norayr [mod] · Nov 28 at 02:49:
to me that is very necessary.
if electricity at my home goes off i loose connections with my xmpp contacts - because without electricity i have no server.
if i use bonjour over yggdrasil - it will route me in some way. p2p and with e2e encryption. so i do chat with bonjour over yggdrasil with some folks now.
🚀 stack [OP] · Nov 28 at 03:50:
That sounds really interesting. I still don't understand how you can have no real IP and self-host on yggdrasil. I was assuming it runs over IP, so you have to be on the Internet? Or what, packet radio network of some sort?
@stack, Ygg tunnel functions like a regular SSH tunnel or VPN (to out peer)
— Доступ до робочого комп'ютера за NAT по ssh
Some people run and share outproxies, allowing users from Yggdrasil to access the internet and use public resources such as websites, cryptocurrency, IRC, etc. The principle relies on those who have (and provide) public IPs.
P.S. UDP hole punching works the same way, allowing packets to traverse intermediate pools by requesting temporary ports. Lot of solutions, Yggdrasil gives only automatic, decentralized router implementation.
Or what, packet radio network of some sort?
For example, I'm connecting virtual machines via VSOCK without using a network interface at all:
— Ізоляція Linux від прямих Інтернет з'єднань на базі QEMU / Virtual Machine Manager з VSOCK
Also, I'm connecting Reticulum peers over Yggdrasil:
— Reticulum / MeshChat з підключенням через Yggdrasil
So I can build any kind of network configuration, depending on my needs. Yggdrasil is just one transport layer among many in the overlay chain.
The IPv6 in Yggdrasil is just an external abstraction for apps compatibility; It's simply an internal private key hash converted to standard 0200::/7 presentation, that gives your system one more virtual network adapter. It doesn’t matter how you connect to the Yggdrasil network; as described above, you can do it with IPv4 or without an IP at all, for example, via radio or with DIY optical solutions with own driver implementation.
🐙 norayr [mod] · Nov 28 at 09:04:
@stack, underneath it is wireguard.
imagine wireguard, it generates a keypair and then its public ip becomes an ipv6 address.
now you can be alone without network with your ipv6.
but you need to add sowe peers.
so i installed yggdrasil also on my server. then added my server to wy laptop's yggdrasil as a peer. now wireguard tunnel eshablished between my server and me. we can ping each other via our wireguard (yggdrasil) ipv6.
then i find a yggdrasil app on fdroid and install it on my wife's phone. did not add any peers. just it listens by default for everyone, i think. and my laptop's ygg listens for everyone (you can only allow listening from certain ips).
🐙 norayr [mod] · Nov 28 at 09:10:
i can now ping via operating system tcp/ip stack the phone from my laptop. but wait, my laptop is connected to my server. the phone isn't. it only sees the laptop. what if i ping the phone from the server? oh it worked! now the phone is accessible via my laptop.
at this point my small yggdrasil network is isolated. what i did then?
asked all friends who has servers to install yggdrasil on them. added those all as peers on wy server and on my laptop. they did the same.
now we have created an isolated ygg network. we can always ping laptops of each other.
🐙 norayr [mod] · Nov 28 at 09:15:
and the route will go every time via one of those servers. lets say i want to access my mother's computer.
she doesn't see well and sometimes asks me to come and fix accidentally removed panel in mate desktop or something. she can't run anything without that panel.
so now that laptop also has ygg and i added there servers of my friends as peers. and i can connect to it always and from everywhere.
i carry my ipv6 with me and it has itn ipv6.
the route will be found via one of the peers. if i have no electricity at home and my server is down then my laptop will conwect to my mother's laptop via one of my friends' ygg nodes. i ssh to it, enable vnc, fix the panel and disconnect.
🐙 norayr [mod] · Nov 28 at 09:21:
and our yggdrasil isolated network would be immediatery exposed to global nodes if only one of us added some peer from the global ygg net(we listen for all connections). at some point one of our friends added global ygg peer on his phone. since that we were connected to global via his phone.
any connection to someervice on global ygg would go via his phone!
then we decided to connect to global ourselves, chose peers.
before ygg i used to mount my server's directory via nfs via wireguard. nfs only can allow access by ip so it is only safe in closed networks.
but since only i could get that ip by connectdng to my servers' wireguard it was safe for nfs to allow mounting from that ip.
🐙 norayr [mod] · Nov 28 at 09:26:
well, there is kerberos but it was complicated and i gave up configuring it.
so now i don't need my vpn even, i mount via ygg. and since i don't need files to be on server with public ip i moved them to home nas in local network. it has ygg ip and i access it when necessary.
of course now all my computers that have ygg are exposed just like my server. so server with real ip is available on the internet for lots of bots to scan its ports or brute force ssh.
that's why i have no ssh by passwords, only via keys. same with ygg, bufore my laptop only had private ip from this or that wifi. now it is exposed via ygg to all ygg hosts. so it has only key authentication.
🐙 norayr [mod] · Nov 28 at 09:31:
and overall one must be careful now.
though my the way you don't even need ssh anymore in theory. since ygg takes care of encryption, you can use telnet. (:
back to my mother's computer.
before i was also able to connect before i knew about ygg. and during covid lockdown i was able to fix my fathers' computer's debian remotely, but i had to use tor.
with tor hidden service on ssh port you are now exposed to all tor nodes. and again need to be careful.
but firstly, ygg is better than tor before one can create an isolated ygg network.
so my parents' computers should not be on global ygg for me to connect to them. we with friends can have our local ygg.
🐙 norayr [mod] · Nov 28 at 09:36:
which is isolated from the global one.
secondly imagine the elderly woman again accidentally damaged the only internet cable that comes to armenia, when working in her backyard, as she did once in 2013.
our ygg network still works. i still can connect to my parents' house via tcp/ip.
then imagine there are often electricity outages.
it is only necessary to have one peer (i have 5 friends with ygg servers) so it is likely that at least one of my friends' servers will be accessible and it will route me.
via tor it won't work if armenia is disconnected from internet and i want to connect to my parents house. tor needs its global root servers to operate. also tor in slow since it is designed
🐙 norayr [mod] · Nov 28 at 09:39:
it is designed for anonymity, not for speed.
and it will want to route my packets via 6 nodes within tor network, in different places in the world to connect to other tor node.
so i was doing the same with tor before, but it was extremely slow.
and again it won't even work wten your country is disconnected because it requires to bootstrap from the root nodes.
🐙 norayr [mod] · Nov 28 at 09:40:
so you can treat ygg not as part of global network but as your own community vpn with dynamic routing.
🐙 norayr [mod] · Nov 28 at 09:48:
then some of my friends who have no real ips at home started selfhosting on yggdrasil.
they were mostly satisfied that we can access their servers because well, social interaction is usually between folks who know each other. and they were not bothered by not being accessible via all of internet. but only via all of yggdrasil.
then i found a small hack, a pascal program with 275 lines that makes bonjour to work via yggdrasil, not only in local networks. there's the thread about it here, but no replies currentry.
now i have serverless chat with pidgin or gajim or any other bonjour client but not on local network but over yggdrasil.
🐙 norayr [mod] · Nov 28 at 09:49:
before if there is no electricity at our house and my xmpp server is down i would loose connection with my family and friends.
now we have serverless chat, it will be routed somehow, yggdrasil will take care of that.
How does it manage routing in the instance of a power outage? I'm very interested in ygg but don't have a firm grasp on the technology. Posts ITT have been enlightening. Hopefully I can find some more content to further break it down to my level.
🐙 norayr [mod] · Nov 30 at 00:43:
imagine you have a laptop L0 at home and you have a laptop L1 with yourself, you came to a cafeteria and connected to wifi.
your friend has a home server in the same town as you live.
let's call it S0.
your other friend has a server in the cloud: S1.
and other friend has a server at home but in other town: S2.
all 3 servers have yggdrasil installed. they are not connected to global ygg network, i. e. neither of those added a yggdrasil host from global network as a peer.
they just added each other as peers.
you have configured both of your laptops, added all 3 servers as peers on each of you laptops.
🐙 norayr [mod] · Nov 30 at 00:45:
S0 is connected to S1, S2 (added S1, S2 as peers)
S1 is connnected to S0, S2
S2 is connected to S0, S1.
L0 is connected to S0, S1, S2
L1 is connected to S0, S1, S2
now you want to connect from your cafeteria to laptop at home via ssh.
since S0 is in your town, so when you connect from L1 -> L2, connection actually goes via S0.
you don't notice it, it is transparent for you.
also you don't know the route yggdrasil will choose, but it will choose the "best" route (what is best is a bit complicated: graph theory, spanning tree, dht), but it should be fastest and go via less nodes as a result.
🐙 norayr [mod] · Nov 30 at 00:46:
so it is
L1 -> S0 -> L0
oh but your friends server is not accessible, he has power outage. then connection will be
L1 -> S2 -> L0
or maybe
L1 -> S1 -> S2 -> L0
or maybe
L1 -> S2 -> S1 -> L0
or maybe L1 -> S1 -> L0
we don't know.
but we know that if there's a way to route, yggdrasil will route and will choose the best way possible, whatever that means.
🕷 baran [mod] · Nov 30 at 04:08:
"local network" overlay over internet. without anonimity, because it is for stability and speed. for anonimity you need add firewall and other...
🐙 norayr [mod] · Nov 30 at 11:15:
i think well, depends on how to define anonymity, if it means an first sight it is not obvious who you are irl, then yes, you are represented by your ip. and then it is knn amout you as much as you want to share.
however usually we define anonymity as can our ip and isp and endpoint be traced? yes, it can. so if you publish on your yggdrasil node web server information that someone powerful, government or oligarch, doesn't want to be published, then you can be traced and found.
for that i2p or tor should be used. and i2p can be used over yggdrasil.
you said local, it can be local and isolated but there's a global network as well. or there can be several big ones in theory.
I'm very late to this thread, but I wanted to share some of my thoughts, particularly on what one can do with Yggdrasil.
While the core of Yggdrasil is its routing system--indeed, testing large-scale distributed routing schemes is the entire point of the project--the fact that it's implemented as an IPv6 overlay network gives it enormous power. Every device on the public Yggdrasil network acts as a direct peer, like how people used to use the mainline Internet before NAT and LANs became the norm. This already enables people to host any service they might host over the regular Internet, but using a decentralized routing system that's resilient against censorship.
However, what I love about Yggdrasil is that it can create private distributed networks completely separate from the public one. That's actually my primary use case for it.
I run two Yggdrasil nodes on the same server as my Gemini capsule. One is a public node that connects to other public peers and that anyone can use to join the main Yggdrasil network (found at tcp://jsreed5.org:18000). The other is a private node that only accepts connections from devices that I control, and it doesn't peer with any public nodes. I whitelist my devices by adding their public encryption keys to the the node's config file, then I add the private node (which is reachable by a public Internet address) as a peer to my devices.
This enables all of my devices to connect to each other as if they were on the same physical LAN or WiFi network, even if they aren't. I have a home servers and a NAS, and I run several local services on my computers over HTTP, SSH, RDP, FTP, and other protocols. Yggdrasil allows me to use them no matter where I am. I host a Minecraft server locally, and a friend of mine plays on it from his apartment across town using Yggdrasil. When the family stays in a hotel, we can connect to our home media server and watch our own movies. I even transfer data back and forth with NNCP over Yggdrasil, which is sometimes necessary if my signal is spotty.
Essentially, a private Yggdrasil network has similar functionality to a private VPN. In fact, the official Yggdrasil app on Android uses a VPN connection to open the required network interface. On Windows and Linux, though (and I assume on Mac), it uses its own network interface and can be used in conjunction with a VPN for extra security.
The only downside to a private Yggdrasil network is that, like a private VPN, the primary node must be located at an endpoint that is reachable over the public Internet. I could have used my home servers for that if I had a static IP address, but sadly, I don't. However, I do have a publicly-reachable Gemini capsule, so I use that instead. One could probably use DDNS to self-host a private node, but I've never tried it, so I can't say how well it works.
To be clear, I can do all these things over the public Yggdrasil network too, which would eliminate the need for a private primary peer. However, if I did that, I'd need to be much more stringent about security. On the public network, if I can reach a server at port 22, so can everyone else. I'd need to implement an extra layer of protection such as a DMZ server.
🐙 norayr [mod] · Dec 07 at 23:59:
However, what I love about Yggdrasil is that it can create private distributed networks completely separate from the public one. That's actually my primary use case for it.
yes, it does not require bootstrap nodes, unlike tor, or ipfs, or tox.
🐙 norayr [mod] · Dec 08 at 00:00:
and initially me and my friends were using it as private network, we did not have connection to a main yggdrasil.
🐙 norayr [mod] · Dec 08 at 00:04:
so another use case.
i described here that i created that bonjour yggdrasil bridge. but it has some limitations, so i had to fork pidgin's bonjour plugin and create barev plugin.
it now supports flie transfers, status changes, of course chats, all over yggdrasil.
i'll write in details later.
we are testing it, and it works well.
next we'll write a mobile app and linux program and we came up with the solution on how to treat several devices with different ipv6 addresses as devices of the same person and send messages to all of them.
Original Post
What is the purpose of Yggdrasil? — Could someone explain the purpose of this network? There is surprisingly little out there -- nothing on wikipedia, and the github site is strangely obtuse. Is this just a networking protocol? encrypted transport? What am I supposed to do with it and why would I?