I’ve been accessing my servers over Yggdrasil for the last few years and I never see it mentioned in self hosting communities, so here you go !

Yggdrasil works over IPv6 and brings encryption at the network interface level (similarly to a VPN). The cool thing is that your IP address is derived from your private key, so when you try to connect to a specific IP, your packets are encrypted so that ONLY the destination server can decrypt it (thus preventing MITM attacks). And as everything is encrypted at the NIC level, you can safely use plain text protocols ;)

How cool is that ?

  • citytree@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Does this require a static IP address? Can it be easily used when all nodes are behind a NAT with dynamic IP addresses?

  • BrianTheeBiscuiteer@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Doesn’t seem like a direct replacement. A VPN will anonymize you when connecting via regular protocols. This is kind of its own protocol. If your intended destination doesn’t use Yggdrasil then you can’t talk to them. Do I have that right? Not saying it’s bad, it’s just not equivalent.

    • peregus@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      VPN per sé is a connection between 2 points (Virtual Private Network) so that the remote host can be reachable with a private IP and doesn’t meet this be public;, what you’re talking about is VPN services (ProtonVPN, NordVPN, etc.) that are used to bypass Internet blocks and makes you appear as you are accessing Internet from a different location.

    • z3bra@lemmy.sdf.orgOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      I never used CF tunnels, but from the descriptions I read, it seem to serve a very different purpose. Yggdrasil will just connect your server to an overlay network that’s fully encrypted (but public). If you expose services over Yggdrasil, your server will be directly exposed on the network, you just get full encryption as a bonus. Cloudfare on the other hand will “shift” your server access to their own server, and redirect traffic internally to your server over a secure channel. This means that your server is not publicly accessible.

      • manitcor@lemmy.intai.tech
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Not quite true, I use cloudflared daily, its simply a daemon that connects back to CF. The daemon is configured on the CF side to proxy various local network (class C) URIs. I usually toss the daemon in the private network with the containers. The machines themselves still work fine over normal internet, the daemon does not cut a system off it simply provides proxy forward services.

        This sounds very similar but without the configurability, just whatever I toss on the line I get. Which for the cases im thinking (replacing VPNs as suggested here) it will be great.