Discussion: Yggdrasil

This is an official discussion thread linked from the www.privacytools.io website. This thread can be used for troubleshooting, questions, discussions and if you look for alternatives.

What is Yggdrasil?

1 Like

Yggdrasil is worth mentioning on the linked page, so it cannot have an official thread, but as I wanted one and it’s likely that I will be creating multiple posts in the future about the same topic, so I could as well create a dedicated thread.

Anyway, I wanted to share that Yggdrasil 0.3.6 is released and has also gotten some sort of an API for developers

It’s been nearly five months since we released version 0.3.5 of Yggdrasil. In that time we’ve seen the node count rise to over 400 nodes on the public network at times (over 80% of which are running the latest released version) and we’ve gained valuable insight to the kinds of challenges that our users have. We’ve worked to fix a number of bugs and to improve Yggdrasil.

In terms of lines of code changed, version 0.3.6 is the biggest release of Yggdrasil to date, with several thousands of lines of code affected. It represents a massive refactoring exercise in which we’ve broken up and modularised the code, dividing core Yggdrasil functionality, TUN/TAP, admin socket and multicast features into their own respective Go packages.

1 Like
1 Like

that was what came to mind when I saw this thread…

Correct, a mesh/mix/graynet self-arranging as a tree and that Wikipedia preview picture used to be the #yggdrasil:matrix.org avatar before the logo was made :smiley:

End-to-end encrypted IPv6 networking to connect worlds

well first only read the post here I thought that maybe Ratatoskr would have been a better name. since it is the messenger. But well with that connecting line I feel like they made a good argument.

But I still don’t know what they do, I did not take a lot of time though (just read the landing page…).
Do you have a TLDR maybe?

and what logo… did not find that ether…

I hear it described as IPv6 mesh VPN with routing, but I tend to explain it as a public VPN that anyone can join and where all traffic is end to end encrypted. However there is no access to internet/clearnet through it by default.

I mainly use it for SSH access to my server and devices behind CGN, the server is a VPS with NAT and only 22 ports open, while if I connect through Yggdrasil I don’t have to worry about the port numbers. I do also have Tor hidden service as a backup, but Yggdrasil is faster and supports UDP.

In case of my family (which is behind that CGN), it also automatically connects to local Yggdrasil nodes, so when I am used to accessing e.g. mosh -6 y.rbtpzn.mikaela.info, from my home it goes through the internet to configured peers, but at my family Yggdrasil would have direct link to that machine and internet wasn’t necessary.

I could also just address it by the static IPv6 address within Yggdrasil, but in that case the SSHFP records wouldn’t get verified.

Other of my uses for it include accessing my ZNC, Syncplay and Mumble servers. List of services on my VPS.


thanks, I feel like I understood about half of what you described. But it gave me a much better understanding! now I know what it basically is intended to do, and I know as well, that I probably won’t need it myself.

1 Like

I downloaded the associated software, but I haven’t actually run it yet. Can you only run it via the Linux terminal? I have only limited experience with mesh routing networks - I’ve used cjdns and Freifunk before. Is this similar in any way?

1 Like

I have been using the included systemd unit, but it’s also available for Windows (I tried once, but I don’t just use Windows enough) and macOS (I have it on one macbook I seldom encounter).

issues about useless excerpts

1 Like

Now that I opened this thread, I guess I could say that there was a security update yesterdayish which affects 0.3.6 or 0.3.7. Updating ASAP is recommended.

1 Like

Has PTIO considered hosting its own public peer?

Note: Thanks to @Mikaela for hosting a TOR public peer:


@jonah What does the sysadmin team think of a public Yggdrasil node over I2P?

In other news the Tor peer @jdklfandskjfdknfdsa mentioned is now also available over Yggdrasil and pending eyes (to see that I am not doing anything horribly wrong) and merging to the public peers repo.


My config is at gitea.blesmrt.net/Mikaela/shell-things and I thought it would be a lot more difficult than it was somehow, but the docs were clear while I needed to check DDG for the second link.


WARNING! If anyone is going to copy my config, increase the lengths to 3 for normal level of anonymity, I understand 1 to be equivalent of Tor one hop onion services which I desire for speed (even if i2pd appears to be slower than Tor) and there is no point adding hops as anyone can find the IP address from Tor metrics.

1 Like

How easy is this to setup if you’re a basic linux cli user? I messed around with self-hosted solutions (music, syncthing on a remote server) and while I was able to get the service running, I am not confident enough in my ability to secure remote access. In particular, I simply could not get nginx to work ever after going through multiple forums for help.

I currently SSH (via Putty on Windows) into devices on a local network. I am looking for setting up remote access (with keys + passphrase) without having to deal with nginx and/or SSL.

1 Like

I think it’s quite easy assuming you are using a supported distribution.

You will just follow https://yggdrasil-network.github.io/installation-linux-deb.html and then edit the config file with your favourite text editor, for example sudo nano /etc/yggdrasil.conf, find the peers section, add some there and restart it, e.g.

  Peers: [

I am typing on work try-out practice machine and I am not entirely certain what would the local network say about normal Yggdrasil connections so I am using the public TLS capable public peers in Europe that were released at the time I setup this.

You may also sudo adduser youraccount yggdrasil (sorry, I don’t remember the not-Debian command) and newgrp yggdrasil (or relogin) so you don’t need to use sudo for editing/viewing the yggdrasil.conf file or yggdrasilctl.


Thanks! I use a debian based distro, so this should work.

Question about the Windows side of thing. After installing the yggdrasil VPN service, what do I do with putty? What IP do I tell putty to dial into? And is it possible to only have putty connect to the yggdrasil network? I would prefer all other traffic to go via regular VPN.

1 Like

You can get your IP address with yggdrasilctl getself. The WIndows side is a bit messy and I hope they will start using Chocolatey.


1 Like

Thanks! Will have to try it out.

1 Like