10
Yggdrasil as a VPN alternative (yggdrasil-network.github.io)
submitted 1 year ago* (last edited 1 year ago) by wgs to c/selfhosted@lemmy.world
12 comments fedilink hide all child comments

I've been accessing my servers over Yggdrasil for the last few years and I never see it mentioned in self hosting communities, so here you go !

Yggdrasil works over IPv6 and brings encryption at the network interface level (similarly to a VPN). The cool thing is that your IP address is derived from your private key, so when you try to connect to a specific IP, your packets are encrypted so that ONLY the destination server can decrypt it (thus preventing MITM attacks). And as everything is encrypted at the NIC level, you can safely use plain text protocols ;)

How cool is that ?

you are viewing a single comment's thread
view the rest of the comments
[-] manitcor@lemmy.intai.tech 1 points 1 year ago

this sounds a lot like part of how cloudflares tunnel works. me like!

[-] wgs 1 points 1 year ago

I never used CF tunnels, but from the descriptions I read, it seem to serve a very different purpose. Yggdrasil will just connect your server to an overlay network that's fully encrypted (but public). If you expose services over Yggdrasil, your server will be directly exposed on the network, you just get full encryption as a bonus. Cloudfare on the other hand will "shift" your server access to their own server, and redirect traffic internally to your server over a secure channel. This means that your server is not publicly accessible.

[-] manitcor@lemmy.intai.tech 1 points 1 year ago* (last edited 1 year ago)

Not quite true, I use cloudflared daily, its simply a daemon that connects back to CF. The daemon is configured on the CF side to proxy various local network (class C) URIs. I usually toss the daemon in the private network with the containers. The machines themselves still work fine over normal internet, the daemon does not cut a system off it simply provides proxy forward services.

This sounds very similar but without the configurability, just whatever I toss on the line I get. Which for the cases im thinking (replacing VPNs as suggested here) it will be great.

[-] wgs 1 points 1 year ago

Ok thanks for the clarification (I've never used CF). Yggdrasil doesn't act as a proxy at all though so it's quite different. It simply creates a virtual interface on your host, and whatever comes in or get out of this interface is encrypted by default. Also, this interface can only access and be accessed over the Yggdrasil network.

[-] manitcor@lemmy.intai.tech 1 points 1 year ago

its just attached at a different network layer. this would show up as an adapter on the machine i suspect.

this post was submitted on 28 Jun 2023
10 points (100.0% liked)

Selfhosted

39683 readers
1097 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz