# Yggdrasil Network — Encrypted IPv6 Mesh Overlay Network > An end-to-end encrypted mesh networking protocol that provides every node with a globally routable IPv6 address without central coordination. ## Install Save as a script file and run: # Yggdrasil Network — Encrypted IPv6 Mesh Overlay ## Quick Use ```bash # Install on Debian/Ubuntu sudo apt install yggdrasil # Generate config yggdrasil -genconf | sudo tee /etc/yggdrasil/yggdrasil.conf # Start the service sudo systemctl enable --now yggdrasil # Check your Yggdrasil IPv6 address yggdrasilctl getSelf ``` ## Introduction Yggdrasil is an experimental encrypted mesh networking protocol that assigns every node a cryptographic IPv6 address derived from its public key. Nodes automatically discover peers and route traffic through a spanning tree, requiring no manual routing configuration or central authority. ## What Yggdrasil Does - Assigns each node a stable IPv6 address (200::/7 range) derived from its public key - Encrypts all traffic end-to-end between nodes using Curve25519 key exchange - Builds a self-healing spanning tree topology that adapts as nodes join or leave - Supports peering over TCP, TLS, Unix sockets, and multicast LAN discovery - Works as a TUN adapter providing standard IPv6 connectivity to applications ## Architecture Overview Yggdrasil creates a virtual network interface (TUN) that intercepts IPv6 traffic in the 200::/7 range. Each node generates a Curve25519 keypair; the IPv6 address is a truncated hash of the public key. Nodes peer with each other over existing network links (LAN, internet, VPN tunnels) and collectively build a globally shared spanning tree. Routing decisions are made using distance on the tree plus a DHT for locating destination coordinates, enabling efficient path selection without global routing tables. ## Self-Hosting & Configuration - Available as packages for Debian, Ubuntu, Fedora, macOS, and Windows - Configuration file at /etc/yggdrasil/yggdrasil.conf (HJSON format) - Add public peers by listing their URI in the Peers section - Enable multicast for automatic LAN peer discovery - Runs as a system service with minimal resource usage ## Key Features - Zero-configuration mesh routing with automatic peer discovery - Cryptographic addressing eliminates the need for IP allocation authorities - End-to-end encryption for all traffic with no unencrypted hops - Works alongside existing network infrastructure as an overlay - Supports both public internet peering and private isolated networks ## Comparison with Similar Tools - **Tailscale / Headscale** — centralized coordination server for WireGuard; Yggdrasil is fully decentralized - **ZeroTier** — overlay network with centralized controllers; Yggdrasil needs no controller - **WireGuard** — point-to-point VPN tunnel; Yggdrasil provides mesh routing automatically - **CJDNS** — similar encrypted mesh approach but less actively maintained - **Nebula (Slack)** — certificate-based mesh VPN; requires a lighthouse node for coordination ## FAQ **Q:** Is Yggdrasil production-ready? A: It is considered experimental but stable enough for personal and community use. The protocol may still evolve. **Q:** Can I use it to access the regular internet? A: Not directly. Yggdrasil is an overlay network. You need a gateway node configured for NAT64 or proxying to reach the public internet. **Q:** How do I find public peers? A: The Yggdrasil project maintains a list of public peers. Add their URIs to your configuration to join the global network. **Q:** Does it work behind NAT? A: Yes. Nodes behind NAT can connect to public peers via outbound TCP or TLS connections. ## Sources - https://github.com/yggdrasil-network/yggdrasil-go - https://yggdrasil-network.github.io --- Source: https://tokrepo.com/en/workflows/asset-839c5b3d Author: Script Depot