Furthermore, Yggdrasil is free, relatively easy to set up and is also available on a wide range of platforms. This makes Yggdrasil a powerful alternative for people who are interested in a secure, private relationship with other people.
What are Mesh Networking and Yggdrasil?
Yggdrasil achieves network networking, presenting the network as a tree of interconnected nodes. In doing so, these nodes can act as relays to other nodes. This makes Yggdrasil a real mesh network. Furthermore, the network structure allows Yggdrasil to easily find the machine or website you want to visit. In turn, this allows you to interact with other users without the need for a central traffic routing server for you.
What are the advantages of the Yggdrasil network?
Yggdrasil’s main selling point is to change the way data is routed over the internet. This is achieved by assuming a few things about the default state of the specified network:
- All nodes are connected to at least one other node.
- Each node can transparently transfer data to another node.
- Each node can emit nodes connected to it.
These assumptions create a structure that is both rigid and predictable, but also very flexible. For example, you can make your machine publicly available by connecting to only one public node. This public node is, therefore, connected to other nodes. From there, other users can interact with that node, to connect with you. And not only that, Yggdrasil also allows you to create a sub-network of local computers. As such, this is very useful if you want to create a VPN.
How can you install Yggdrasil?
As mentioned above, Yggdrasil is available on many platforms and operating systems. This includes most Linux distributions. However, Yggdrasil is not always in default repositories. As such, some distributions require you to include sources before installing them.
Install Yggdrasil in Debian and Ubuntu
For example, if you want to install Yggdrasil in Debian and Ubuntu, you must first add their official GPG key in apt. To do this, run the following commands:
gpg –fetch-keys https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt
gpg –export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | sudo apt-key add –
From there, you need to add the repository to the list of sources that apt searches for in its packages:
echo ‘deb http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/ debian yggdrasil’ | sudo tee /etc/apt/sources.list.d/yggdrasil.list
When finished, update apt and install the program. Do this by running this one line of code:
sudo apt update && sudo apt install yggdrasil
Installation of Yggdrasil in Fedora
Unlike Debian and Ubuntu, the process of installing Yggdrasil in Fedora is simple, as it is already part of Fedora’s “Community Packages”.
Therefore, installing the program is as simple as running the commands:
sudo dnf copr enable rany/yggdrasil
sudo dnf install yggdrasil
Installing Yggdrasil in Arch Linux
Finally, installing Yggdrasil in Arch Linux is also extremely simple. Like Fedora, it is already included in Arch’s community resource repository.
As such, you can install the program via pacman:
sudo pacman -Syu yanggdrasil
Configuring the installation
When you’re done, setting up Yggdrasil to connect to the node is very simple, as you only need to edit “/etc/yggdrasil.conf” to configure the program’s behavior. To access it, use nano:
sudo nano -w /etc/yggdrasil.conf
Yggdrasil will create this file after installation. However, if this does not happen, you can run this command to create a new configuration file:
su –command=”yggdrasil -genconf > /etc/yggdrasil.conf”
Connecting to a public node
As already mentioned, there are two ways to use the program:
- Connect to a public node to make your computer visible.
- Connecting multiple computers together into a virtual private network.
For the first, add the public node address to your “/etc/yggdrasil.conf” file by editing the Peers: block in that configuration file.
This is the part of the configuration that determines which nodes you want to connect to. As such, all computers listed here should be publicly available and connected to the Internet.
The “Peers” block is a basic list of all nodes you want to connect to. It can establish an encrypted connection using TLS and SOCKS or unencrypted using TCP. The latter is useful for connecting small, embedded devices that do not support TLS, but have a basic network connection.
In addition, you can connect to the public Yggdrasil network by copying several node connections provided by its community.
When finished, you can enable the program by running the following commands:
sudo systemctl enable yggdrasil
sudo systemctl start yggdrasil
If you go to this website: https://yggdrasil-network.github.io/services.html, you can check that you have connected to the network correctly.
Creating your own private network
Creating your own private network can be a little complicated, but it’s still relatively simple. To create a private Yggdrasil network, you will need a few things:
- A computer that can be publicly detected. This can be either a local computer that is not blocked by CG-NAT or a cheap virtual private server.
- A large number of computers located in different networks, which can not communicate directly with each other.
Configuring a private node
To create a private Yggdrasil network, you must first allow your public computer to connect to other nodes. To do this, modify the Listen: public machine block “/etc/yggdrasil.conf.” We set up a node to take over all incoming connections in port 12345 and IPv4 and IPv6. Furthermore, the IPv4 connection is wrapped in TLS, while IPv6 is in non-encrypted TCP. From here, enable and run the Yggdrasil service to apply your settings. After that, connecting to this node would be similar to connecting to a public node.
Address detection and access restriction
By default, your newly created Yggdrasil node accepts all incoming connections, provided they use the correct port. To create a truly private VPN for your computers, you must add them to the list of allowed public keys.
The Yggdrasil node works by emitting a unique public key that Yggdrasil generated when you first installed it. This key is used to secure your network and create your address.
You can check your Yggdrasil address by running this command:
sudo yggdrasilctl getself
This will display an IPv6 address starting with “20x:…” Can be used to connect directly to this machine via Yggdrasil.
Furthermore, the getself command will also display the machine’s public key. This is what you need to create a permitted list of computers in your public node.
Configure your personal node to restrict access
To restrict access to your Yggdrasil node, you must edit the AllowedPublicKeys: block in “/etc/yggdrasil.conf” of your public node. Just add all the public keys you want this node to accept.
When you’re done, you can apply your settings by restarting Yggdrasil:
sudo systemctl restart yggdrasil
Writes: Ivan Hečimović
You must log in to post a comment.