Welcome to Yggdrasil forum! It is maintained and administrated by Revertron, you can ask me questions in Telegram, Matrix and Fediverse.
This forum is created to provide a platform where your questions and their answers will not get lost like in all messengers, but to be available for all users for years.

Main Menu

Recent posts

Server software in Yggdrasil / Re: What would in-network emai...
Last post by sdgathman - September 06, 2023, 05:16:09 PM
See for examples with linphone and opensmtpd.  It uses Cjdns - but yggdrasil works the same.
Yggdrasil Discussion / Re: What is your practical use...
Last post by sdgathman - September 06, 2023, 05:12:15 PM
Besides authorized services, Cjdns and yggdrasil allow common applications to be fully decentralized. 

DNS is federated, but was centralized via ICANN (who can spoof/cancel domains at will).  Not everyone is up to running their own nameserver and making DNS federated again.  (However, see for an alternate centralized root zone.)

TLS depends on a shadowy cabal that determines what CAs are trusted.  All mainstream browsers either trust a CA fully, or not at all.  (Need browser extensions to "veto" CAs using information in the cert.  E.g. trust this CA only for .GEEK tld.)  This allows the cabal to man in the middle TLS connections. 

By using raw Yggdrasil/Cjdns ips, you get the equivalent of TLS connections without the risk of getting fooled by ICANN or TLS cabal.  Opensmtpd works well for fully decentralized email in this manner.  SIP phones like Linphone can call a raw ip6 - and these work just as well as phone numbers in the address book.

XMPP and Matrix want a domain - so you can either go with federated DNS and TLS, or just add the hostnames to /etc/hosts with ygg/cjd IP.
Yggdrasil Discussion / Re: What is your practical use...
Last post by sdgathman - September 06, 2023, 04:49:48 PM
Yggdrasil does relay when you have 2 or more peers (otherwise there is no point). 

My practical use is an an alternative to Cjdns that uses TCP instead of UDP (which evades different kinds of attempts to block vpns).

What did I use Cjdns for?  The e2e encryption and IP authentication provide a simplified alternative to private certificate authority schemes with signed certs used by large corporations.  For any service, I just list all the Cjdns/ygg ips authorized to use it.  (E.g. using ipset.)  An example would be nameservers.  Recursive nameservers are hard to make public without getting DoSed. 

Obviously, this doesn't scale - those lists of IPs become like /etc/hosts.  This is why Big Corps use a private CA.  The central authority also obviates the need for lists of ips on each service - the signed certs list what services they are authorized to access.

A key principle to take away is the distinction between authentication (not an imposter) and authorization (are you authorized to use this service).

You could scale the lists of IPs by providing a well known service that returns whether an IP is authorized for a service (or just return a list of authorized services which can be cached).

As for VPN use, yggdrasil fools firewalls that try to block vpns (by blocking UDP traffic), but allow websites (with possible blacklist).  On the other hand, Cjdns connects from behind firewalls that block web traffic, but allow UDP sessions on random ports.
Yggdrasil Discussion / Accessing Yggdrasil in a web b...
Last post by wdc - August 04, 2023, 11:56:37 AM
Web browseer 1 is not using any proxy set inside it (is using system main networking, which is Wireguard VPN) -> it can display Yggdrasil site like http://[21a:34aa:c782:3ad2:1bf8:73f8:141:66e8]/

Web browser 2 is using SOCKS5 proxy which is shadowsocks (protocol) running thanks to V2Ray app/service. and on this browser, i can not display Yggdrasil site.

Question is what to do so it loads in Web browser 2 (Firefox-ESR) while keeping its proxy set like it is? links to remote server of mine with old CentOS + iptables.
Yggdrasil Discussion / What is your practical use of ...
Last post by wdc - August 04, 2023, 11:26:40 AM
Hi, I have setup a Yggdrasil on my server and home computer. Now i would like to be more useful part of this network.

I am not willing to host any yggdrasil site because i do not believe in single point of failure hosting (for that reason i am rather using decentralized Zeronet - ).

Yggdrasil does not either seem to automatically serve as a relay unlike I2P router.
Есть, в блоге разработчиков, на английском.
Будет конфликт.
Можно ли запустить на одном компьютере несколько экземпляров yggdrasil? Скажем, чтобы было два интерфейса — один был для подключения к публичным узлам, второй — только для связи между своими устройствами? Или будет конфликт из-за того, что используется один и тот же диапазон IPv6?
Quote from: Revertron on October 03, 2022, 08:11:24 PMВсе узлы в сети равноправны. И если у каких-то узлов есть два и более соединения, то этот узел может передавать данные между другими узлами.
Ты подключаешься к любому крайнему пиру, и получаешь доступ ко всей сети.
А где-нибудь есть подробное описание того, как устроен алгоритм поиска нужного узла? То есть как один узел находит путь до другого, если прямой связи между ними нет?