cwinfo/yggdrasil-network.github.io
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-network.github.io.git synced 2024-10-18 05:20:44 +00:00
Code Releases Activity

Slight website refresh

Browse Source
This commit is contained in:
Neil Alexander 2021-06-06 12:14:51 +01:00
parent 37c3f22333
commit 80921fb557
17 changed files with 316 additions and 650 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Gemfile
View File

@ -1,6 +1,9 @@
source 'https://rubygems.org'
gem "jekyll", "~> 3.8"
gem "jekyll-theme-minimal", "~> 0.1.1"
gem "jekyll-theme-minima"
gem "jekyll-feed", "~> 0.11.0"

17
Gemfile.lock
View File

@ -1,4 +1,5 @@
GEM
remote: https://rubygems.org/
specs:
activesupport (4.2.11.1)
i18n (~> 0.7)
@ -163,6 +164,10 @@ GEM
jekyll-theme-midnight (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
jekyll-theme-minima (0.1.1)
jekyll (~> 3.8)
jekyll-mentions
minima
jekyll-theme-minimal (0.1.1)
jekyll (~> 3.5)
jekyll-seo-tag (~> 2.0)
@ -197,20 +202,22 @@ GEM
rb-inotify (~> 0.9, >= 0.9.7)
ruby_dep (~> 1.2)
mercenary (0.3.6)
mini_portile2 (2.4.0)
mini_portile2 (2.5.3)
minima (2.5.0)
jekyll (~> 3.5)
jekyll-feed (~> 0.9)
jekyll-seo-tag (~> 2.1)
minitest (5.11.3)
multipart-post (2.1.1)
nokogiri (1.10.3)
mini_portile2 (~> 2.4.0)
nokogiri (1.11.7)
mini_portile2 (~> 2.5.0)
racc (~> 1.4)
octokit (4.14.0)
sawyer (~> 0.8.0, >= 0.5.3)
pathutil (0.16.2)
forwardable-extended (~> 2.6)
public_suffix (3.1.1)
racc (1.5.2)
rb-fsevent (0.10.3)
rb-inotify (0.10.0)
ffi (~> 1.0)
@ -245,7 +252,9 @@ DEPENDENCIES
jekyll (~> 3.8)
jekyll-feed (~> 0.11.0)
jekyll-sitemap (~> 1.2)
jekyll-theme-minima
jekyll-theme-minimal (~> 0.1.1)
nokogiri (>= 1.10.4)
BUNDLED WITH
1.16.1
1.17.2

7
_config.yml
View File

@ -1,11 +1,8 @@
theme: jekyll-theme-minimal
name: Yggdrasil
title: Yggdrasil
title: Yggdrasil Network
description: >
A proof-of-concept IPv6 meshnet, featuring end-to-end encryption, a unique
spanning tree routing algorithm and aiming to implement novel backpressure
routing metrics. It is lightweight, self-arranging and should scale well
beyond the limits of existing mesh networks.
End-to-end encrypted IPv6 networking to connect worlds
plugins:
- jekyll-feed

7
_layouts/default.html
View File

@ -17,7 +17,7 @@
<body>
<div class="wrapper">
<header>
<a href="/"> <h1>{{ site.title | default: site.github.repository_name }}</h1> </a>
<p><a href="/" id="logo"> <img src="assets/images/logo.svg"></a></p>
<p>End-to-end encrypted IPv6 networking to connect worlds</p>
<p>
@ -33,8 +33,9 @@
<p>
<a href="https://github.com/yggdrasil-network/yggdrasil-go">GitHub</a><br />
<a href="https://circleci.com/gh/yggdrasil-network/yggdrasil-go">CircleCI</a><br />
<a href="/builds.html">Latest Builds</a><br />
</p>
<p>
<a href="https://github.com/yggdrasil-network/public-peers">Public Peers</a><br />
<a href="/services.html">Public Services</a><br />
</p>

1
admin.md
View File

@ -1,4 +1,5 @@
---
tags: dontlink
sitemap: true
---

8
assets/css/style.scss
View File

@ -6,6 +6,11 @@ tags: dontlink
body {
color: #333333;
font: 14px/1.5 -apple-system, "Noto Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
}
img#logo {
width: 80%;
}
div.wrapper {
@ -44,7 +49,8 @@ section {
header {
flex: initial;
position: relative;
margin-right: 1em;
margin-right: 4em;
max-width: 200px;
@media screen and (max-width: 768px) {
> p {
padding-right: 20%;

157
assets/images/logo.svg Normal file
View File

@ -0,0 +1,157 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
sodipodi:docname="drawing.svg"
inkscape:version="0.91 r13725"
version="1.1"
id="svg4240"
viewBox="0 0 981.96461 321.60015"
height="90.762711mm"
width="277.13223mm">
<defs
id="defs4242" />
<sodipodi:namedview
fit-margin-bottom="0"
fit-margin-right="0"
fit-margin-left="0"
fit-margin-top="0"
inkscape:window-maximized="1"
inkscape:window-y="1"
inkscape:window-x="0"
inkscape:window-height="1021"
inkscape:window-width="2048"
showgrid="false"
inkscape:current-layer="layer2"
inkscape:document-units="px"
inkscape:cy="13.914395"
inkscape:cx="751.6295"
inkscape:zoom="0.66468037"
inkscape:pageshadow="2"
inkscape:pageopacity="0.0"
borderopacity="1.0"
bordercolor="#666666"
pagecolor="#ffffff"
id="base" />
<metadata
id="metadata4245">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(383.92494,-160.49328)" />
<g
inkscape:groupmode="layer"
id="layer2"
inkscape:label="Layer 2"
transform="translate(383.92494,-160.49328)">
<path
style="fill:#000000"
d="m 352.74397,478.24119 c 0.92103,-3.76903 11.87131,-30.48993 21.5083,-52.48465 9.86344,-22.51152 9.67726,-21.6278 6.92943,-32.89221 -3.42997,-14.06075 -3.22164,-36.95243 0.44688,-49.10642 13.24423,-43.87864 47.63362,-73.61698 122.30718,-105.76556 24.32504,-10.47245 37.67777,-17.18807 47.80968,-24.04538 17.86083,-12.08828 36.4402,-33.06424 42.38057,-47.84736 1.25285,-3.11781 2.66096,-5.64051 3.12912,-5.60598 1.46014,0.10767 0.73701,44.30167 -0.9768,59.69719 -10.61597,95.36545 -42.95689,157.39345 -96.20598,184.51751 -30.73114,15.65385 -79.17559,21.45357 -101.74118,12.18037 -3.19081,-1.31125 -6.5492,-2.38408 -7.46311,-2.38408 -3.43636,0 -15.75824,32.89925 -19.29523,51.51802 -1.09802,5.78003 -2.76237,13.70787 -3.00898,14.91667 -5.50064,-0.0422 -0.35371,-0.0119 -8.18026,-0.0119 l -8.29605,0 z"
id="path4918"
inkscape:connector-curvature="0"
sodipodi:nodetypes="ssssssscssssscscs" />
<g
style="font-style:normal;font-weight:normal;font-size:150px;line-height:86.00000143%;font-family:sans-serif;letter-spacing:0px;word-spacing:0px;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
id="text4920"
transform="translate(-2,0)">
<path
d="m -345.34994,319.70594 -36.575,-55.6875 21.725,0 23.925,38.775 24.2,-38.775 20.625,0 -36.575,55.6875 0,41.6625 -17.325,0 0,-41.6625 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5638"
inkscape:connector-curvature="0" />
<path
d="m -202.55678,354.21844 q -18.0125,9.625 -40.2875,9.625 -11.275,0 -20.7625,-3.575 -9.35,-3.7125 -16.225,-10.3125 -6.7375,-6.7375 -10.5875,-16.0875 -3.85,-9.35 -3.85,-20.7625 0,-11.6875 3.85,-21.175 3.85,-9.625 10.5875,-16.3625 6.875,-6.7375 16.225,-10.3125 9.4875,-3.7125 20.7625,-3.7125 11.1375,0 20.9,2.75 9.7625,2.6125 17.4625,9.4875 l -12.7875,12.925 q -4.675,-4.5375 -11.4125,-7.0125 -6.6,-2.475 -14.025,-2.475 -7.5625,0 -13.75,2.75 -6.05,2.6125 -10.45,7.425 -4.4,4.675 -6.875,11 -2.3375,6.325 -2.3375,13.6125 0,7.8375 2.3375,14.4375 2.475,6.6 6.875,11.4125 4.4,4.8125 10.45,7.5625 6.1875,2.75 13.75,2.75 6.6,0 12.375,-1.2375 5.9125,-1.2375 10.45,-3.85 l 0,-22.9625 -19.9375,0 0,-15.675 37.2625,0 0,49.775 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5640"
inkscape:connector-curvature="0" />
<path
d="m -102.05346,354.21844 q -18.0125,9.625 -40.2875,9.625 -11.275,0 -20.7625,-3.575 -9.35,-3.7125 -16.225,-10.3125 -6.7375,-6.7375 -10.5875,-16.0875 -3.85,-9.35 -3.85,-20.7625 0,-11.6875 3.85,-21.175 3.85,-9.625 10.5875,-16.3625 6.875,-6.7375 16.225,-10.3125 9.4875,-3.7125 20.7625,-3.7125 11.1375,0 20.9,2.75 9.7625,2.6125 17.4625,9.4875 l -12.7875,12.925 q -4.675,-4.5375 -11.4125,-7.0125 -6.6,-2.475 -14.025,-2.475 -7.5625,0 -13.75,2.75 -6.05,2.6125 -10.45,7.425 -4.4,4.675 -6.875,11 -2.3375,6.325 -2.3375,13.6125 0,7.8375 2.3375,14.4375 2.475,6.6 6.875,11.4125 4.4,4.8125 10.45,7.5625 6.1875,2.75 13.75,2.75 6.6,0 12.375,-1.2375 5.9125,-1.2375 10.45,-3.85 l 0,-22.9625 -19.9375,0 0,-15.675 37.2625,0 0,49.775 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5642"
inkscape:connector-curvature="0" />
<path
d="m -90.037646,264.01844 38.3625,0 q 9.625,0 18.5625,3.025 8.9375,2.8875 15.8125,8.9375 6.875,6.05 11,15.2625 4.125,9.075 4.125,21.45 0,12.5125 -4.8125,21.725 -4.675,9.075 -12.2375,15.125 -7.425,5.9125 -16.6375,8.9375 -9.075,2.8875 -17.875,2.8875 l -36.3,0 0,-97.35 z m 30.25,81.675 q 8.1125,0 15.2625,-1.7875 7.2875,-1.925 12.65,-5.775 5.3625,-3.9875 8.3875,-10.175 3.1625,-6.325 3.1625,-15.2625 0,-8.8 -2.75,-15.125 -2.75,-6.325 -7.7,-10.175 -4.8125,-3.9875 -11.55,-5.775 -6.6,-1.925 -14.575,-1.925 l -15.8125,0 0,66 12.925,0 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5644"
inkscape:connector-curvature="0" />
<path
d="m 7.511578,264.01844 33.825,0 q 7.0125,0 13.475,1.375 6.6,1.2375 11.687502,4.4 5.0875,3.1625 8.1125,8.525 3.025,5.3625 3.025,13.6125 0,10.5875 -5.9125,17.7375 -5.775002,7.15 -16.637502,8.6625 l 25.850002,43.0375 -20.900002,0 -22.55,-41.25 -12.65,0 0,41.25 -17.325,0 0,-97.35 z m 30.8,41.25 q 3.7125,0 7.425,-0.275 3.7125,-0.4125 6.7375,-1.65 3.1625,-1.375 5.0875,-3.9875 1.925,-2.75 1.925,-7.5625 0,-4.2625 -1.7875,-6.875 -1.7875,-2.6125 -4.675,-3.85 -2.8875,-1.375 -6.4625,-1.7875 -3.4375,-0.4125 -6.7375,-0.4125 l -14.9875,0 0,26.4 13.475,0 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5646"
inkscape:connector-curvature="0" />
<path
d="m 126.82369,264.01844 14.9875,0 41.9375,97.35 -19.8,0 -9.075,-22.275 -42.2125,0 -8.8,22.275 -19.3875,0 42.35,-97.35 z m 22,60.225 -14.9875,-39.6 -15.2625,39.6 30.25,0 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5648"
inkscape:connector-curvature="0" />
<path
d="m 239.7639,284.91844 q -2.75,-3.9875 -7.425,-5.775 -4.5375,-1.925 -9.625,-1.925 -3.025,0 -5.9125,0.6875 -2.75,0.6875 -5.0875,2.2 -2.2,1.5125 -3.575,3.9875 -1.375,2.3375 -1.375,5.6375 0,4.95 3.4375,7.5625 3.4375,2.6125 8.525,4.5375 5.0875,1.925 11.1375,3.7125 6.05,1.7875 11.1375,4.95 5.0875,3.1625 8.525,8.3875 3.4375,5.225 3.4375,13.8875 0,7.8375 -2.8875,13.75 -2.8875,5.775 -7.8375,9.625 -4.8125,3.85 -11.275,5.775 -6.4625,1.925 -13.6125,1.925 -9.075,0 -17.4625,-3.025 -8.3875,-3.025 -14.4375,-10.175 l 13.0625,-12.65 q 3.1625,4.8125 8.25,7.5625 5.225,2.6125 11,2.6125 3.025,0 6.05,-0.825 3.025,-0.825 5.5,-2.475 2.475,-1.65 3.9875,-4.125 1.5125,-2.6125 1.5125,-5.9125 0,-5.3625 -3.4375,-8.25 -3.4375,-2.8875 -8.525,-4.8125 -5.0875,-2.0625 -11.1375,-3.85 -6.05,-1.7875 -11.1375,-4.8125 -5.0875,-3.1625 -8.525,-8.25 -3.4375,-5.225 -3.4375,-13.8875 0,-7.5625 3.025,-13.0625 3.1625,-5.5 8.1125,-9.075 5.0875,-3.7125 11.55,-5.5 6.4625,-1.7875 13.2,-1.7875 7.7,0 14.85,2.3375 7.2875,2.3375 13.0625,7.7 l -12.65,13.3375 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5650"
inkscape:connector-curvature="0" />
<path
d="m 264.21257,264.01844 17.325,0 0,97.35 -17.325,0 0,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5652"
inkscape:connector-curvature="0" />
<path
d="m 296.37837,264.01844 17.325,0 0,81.675 41.3875,0 0,15.675 -58.7125,0 0,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5654"
inkscape:connector-curvature="0" />
<path
d="m -369.13744,382.26844 22.9625,0 47.1625,72.325 0.275,0 0,-72.325 17.325,0 0,97.35 -22,0 -48.125,-74.6625 -0.275,0 0,74.6625 -17.325,0 0,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5656"
inkscape:connector-curvature="0" />
<path
d="m -270.48568,382.26844 64.4875,0 0,15.675 -47.1625,0 0,23.925 44.6875,0 0,15.675 -44.6875,0 0,26.4 49.6375,0 0,15.675 -66.9625,0 0,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5658"
inkscape:connector-curvature="0" />
<path
d="m -165.14057,397.94344 -29.8375,0 0,-15.675 77,0 0,15.675 -29.8375,0 0,81.675 -17.325,0 0,-81.675 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5660"
inkscape:connector-curvature="0" />
<path
d="m -111.36694,382.26844 18.974997,0 18.2875,70.125 0.275,0 21.8625,-70.125 17.05,0 21.45,70.125 0.275,0 19.1125,-70.125 17.6,0 -28.3250004,97.35 -16.4999996,0 -22.55,-74.1125 -0.275,0 -22.55,74.1125 -15.95,0 -28.737497,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5662"
inkscape:connector-curvature="0" />
<path
d="m 24.435016,431.35594 q 0,-11.6875 3.85,-21.175 3.85,-9.625 10.5875,-16.3625 6.875,-6.7375 16.225,-10.3125 9.4875,-3.7125 20.7625,-3.7125 11.412504,-0.1375 20.900004,3.4375 9.4875,3.4375 16.3625,10.175 6.875,6.7375 10.725,16.225 3.85,9.4875 3.85,21.175 0,11.4125 -3.85,20.7625 -3.85,9.35 -10.725,16.0875 -6.875,6.7375 -16.3625,10.5875 -9.4875,3.7125 -20.900004,3.85 -11.275,0 -20.7625,-3.575 -9.35,-3.7125 -16.225,-10.3125 -6.7375,-6.7375 -10.5875,-16.0875 -3.85,-9.35 -3.85,-20.7625 z m 18.15,-1.1 q 0,7.8375 2.3375,14.4375 2.475,6.6 6.875,11.4125 4.4,4.8125 10.45,7.5625 6.1875,2.75 13.75,2.75 7.5625,0 13.750004,-2.75 6.1875,-2.75 10.5875,-7.5625 4.4,-4.8125 6.7375,-11.4125 2.475,-6.6 2.475,-14.4375 0,-7.2875 -2.475,-13.6125 -2.3375,-6.325 -6.7375,-11 -4.4,-4.8125 -10.5875,-7.425 -6.187504,-2.75 -13.750004,-2.75 -7.5625,0 -13.75,2.75 -6.05,2.6125 -10.45,7.425 -4.4,4.675 -6.875,11 -2.3375,6.325 -2.3375,13.6125 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5664"
inkscape:connector-curvature="0" />
<path
d="m 137.68287,382.26844 33.825,0 q 7.0125,0 13.475,1.375 6.6,1.2375 11.6875,4.4 5.0875,3.1625 8.1125,8.525 3.025,5.3625 3.025,13.6125 0,10.5875 -5.9125,17.7375 -5.775,7.15 -16.6375,8.6625 l 25.85,43.0375 -20.9,0 -22.55,-41.25 -12.65,0 0,41.25 -17.325,0 0,-97.35 z m 30.8,41.25 q 3.7125,0 7.425,-0.275 3.7125,-0.4125 6.7375,-1.65 3.1625,-1.375 5.0875,-3.9875 1.925,-2.75 1.925,-7.5625 0,-4.2625 -1.7875,-6.875 -1.7875,-2.6125 -4.675,-3.85 -2.8875,-1.375 -6.4625,-1.7875 -3.4375,-0.4125 -6.7375,-0.4125 l -14.9875,0 0,26.4 13.475,0 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5666"
inkscape:connector-curvature="0" />
<path
d="m 221.50746,382.26844 17.325,0 0,41.25 0.825,0 40.2875,-41.25 23.375,0 -45.5125,44.9625 48.5375,52.3875 -24.3375,0 -42.2125,-47.85 -0.9625,0 0,47.85 -17.325,0 0,-97.35 z"
style="font-style:normal;font-variant:normal;font-weight:900;font-stretch:normal;font-size:137.5px;line-height:86.00000143%;font-family:Avenir;-inkscape-font-specification:'Avenir Heavy';letter-spacing:1.35000002px"
id="path5668"
inkscape:connector-curvature="0" />
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

341
configuration.md
View File

@ -4,348 +4,58 @@ sitemap: true
# Configuration
Yggdrasil can be run with a dynamically generated configuration, using sane-ish default settings, with `yggdrasil --autoconf`. In this mode, Yggdrasil will automatically attempt to peer with other nodes on the same subnet, but it also generates a random set of keys each time it is started, and therefore a random IP address.
Yggdrasil can run in one of two modes: with a configuration file, or in autoconfigure mode.
In most cases, a static configuration simplifies most setups - it allows you to maintain the same IP address, configure static peers and various other options that will persist across restarts.
A static configuration file simplifies most setups as it allows you to keep the same keypair (and therefore IP address), maintain a list of peers and so on. For most users this will be the recommended configuration. Most Yggdrasil distribution packages will generate a configuration file automatically.
However, autoconfigure mode allows you to quickly start Yggdrasil using sane-ish default settings, with `yggdrasil --autoconf`. In this mode, Yggdrasil will automatically attempt to peer with other nodes on the same subnet, but it also generates a random set of keys each time it is started, and therefore a random IP address.
Yggdrasil supports configuration in either HJSON or JSON format. HJSON is the default preferred format, as it has comments, although JSON support is available due to ease of manipulation.
## Generating Configuration
## Generating a new config file
If you installed Yggdrasil through one of the platform packages (i.e. macOS, Debian, RPM) then a default configuration file may already exist in `/etc/yggdrasil.conf`.
Otherwise, you can generate a configuration file in the following ways:
- **Generate HJSON**: `yggdrasil -genconf > /etc/yggdrasil.conf`
- **Generate JSON**: `yggdrasil -genconf -json > /etc/yggdrasil.conf`
| **Generate HJSON**: | `yggdrasil -genconf > /etc/yggdrasil.conf` |
| **Generate JSON**: | `yggdrasil -genconf -json > /etc/yggdrasil.conf` |
## Using Configuration
## Using a config file
Yggdrasil can accept a configuration file either through `stdin` or by being given a path on the filesystem to a configuration file:
- **Using stdin**: `yggdrasil -useconf < /etc/yggdrasil.conf`
- **Using file:** `yggdrasil -useconffile /etc/yggdrasil.conf`
| **Using stdin**: | `yggdrasil -useconf < /etc/yggdrasil.conf` |
| **Using file:** | `yggdrasil -useconffile /etc/yggdrasil.conf` |
## Normalising Configuration
## Normalising a config file
If you want to see the original format of the configuration file, or convert between HJSON and JSON formats, you can use the `-normaliseconf` option, e.g.
- **Convert from HJSON to JSON**: `yggdrasil -normaliseconf -useconffile /etc/yggdrasil.conf -json`
- **Convert from JSON to HJSON**: `yggdrasil -normaliseconf -useconffile /etc/yggdrasil.conf`
| **Convert from HJSON to JSON**: | `yggdrasil -normaliseconf -useconffile /etc/yggdrasil.conf -json` |
| **Convert from JSON to HJSON**: | `yggdrasil -normaliseconf -useconffile /etc/yggdrasil.conf` |
Normalising the configuration also adds any missing configuration items with their default values. This can be useful when upgrading to a newer version of Yggdrasil that adds new configuration options. Many of our distribution packages normalise the configuration automatically during upgrade.
## Configuration Layout
A new configuration file has the following format. Please note that some of the default values will vary from platform to platform.
```
{
# List of connection strings for outbound peer connections in URI format,
# e.g. tcp://a.b.c.d:e or socks://a.b.c.d:e/f.g.h.i:j. These connections
# will obey the operating system routing table, therefore you should
# use this section when you may connect via different interfaces.
Peers: [
tcp://a.b.c.d:xxxxx
socks://e.f.g.h:xxxxx/a.b.c.d:xxxxx
tls://a.b.c.d:xxxxx
]
# List of connection strings for outbound peer connections in URI format,
# arranged by source interface, e.g. { "eth0": [ tcp://a.b.c.d:e ] }.
# Note that SOCKS peerings will NOT be affected by this option and should
# go in the "Peers" section instead.
InterfacePeers: {
"eth0": [
tcp://a.b.c.d:xxxxx
tls://a.b.c.d:xxxxx
]
}
# Listen addresses for incoming connections. You will need to add
# listeners in order to accept incoming peerings from non-local nodes.
# Multicast peer discovery will work regardless of any listeners set
# here. Each listener should be specified in URI format as above, e.g.
# tcp://0.0.0.0:0 or tcp://[::]:0 to listen on all interfaces.
Listen: [
tcp://[::]:xxxxx
tls://[::]:xxxxx
]
# Listen address for admin connections. Default is to listen for local
# connections either on TCP/9001 or a UNIX socket depending on your
# platform. Use this value for yggdrasilctl -endpoint=X. To disable
# the admin socket, use the value "none" instead.
AdminListen: tcp://localhost:9001
# Regular expressions for which interfaces multicast peer discovery
# should be enabled on. If none specified, multicast peer discovery is
# disabled. The default value is .* which uses all interfaces.
MulticastInterfaces:
[
.*
]
# List of peer encryption public keys to allow incoming TCP peering
# connections from. If left empty/undefined then all connections will
# be allowed by default. This does not affect outgoing peerings, nor
# does it affect link-local peers discovered via multicast.
AllowedEncryptionPublicKeys: []
# Your public encryption key. Your peers may ask you for this to put
# into their AllowedEncryptionPublicKeys configuration.
EncryptionPublicKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Your private encryption key. DO NOT share this with anyone!
EncryptionPrivateKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Your public signing key. You should not ordinarily need to share
# this with anyone.
SigningPublicKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Your private signing key. DO NOT share this with anyone!
SigningPrivateKey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# The port number to be used for the link-local TCP listeners for the
# configured MulticastInterfaces. This option does not affect listeners
# specified in the Listen option. Unless you plan to firewall link-local
# traffic, it is best to leave this as the default value of 0. This
# option cannot currently be changed by reloading config during runtime.
LinkLocalTCPPort: 0
# Local network interface name for TUN/TAP adapter, or "auto" to select
# an interface automatically, or "none" to run without TUN/TAP.
IfName: auto
# Set local network interface to TAP mode rather than TUN mode if
# supported by your platform - option will be ignored if not.
IfTAPMode: false
# Maximux Transmission Unit (MTU) size for your local TUN/TAP interface.
# Default is the largest supported size for your platform. The lowest
# possible value is 1280.
IfMTU: 65535
# The session firewall controls who can send/receive network traffic
# to/from. This is useful if you want to protect this node without
# resorting to using a real firewall. This does not affect traffic
# being routed via this node to somewhere else. Rules are prioritised as
# follows: blacklist, whitelist, always allow outgoing, direct, remote.
SessionFirewall:
{
# Enable or disable the session firewall. If disabled, network traffic
# from any node will be allowed. If enabled, the below rules apply.
Enable: false
# Allow network traffic from directly connected peers.
AllowFromDirect: true
# Allow network traffic from remote nodes on the network that you are
# not directly peered with.
AllowFromRemote: true
# Allow outbound network traffic regardless of AllowFromDirect or
# AllowFromRemote. This does allow a remote node to send unsolicited
# traffic back to you for the length of the session.
AlwaysAllowOutbound: false
# List of public keys from which network traffic is always accepted,
# regardless of AllowFromDirect or AllowFromRemote.
WhitelistEncryptionPublicKeys: []
# List of public keys from which network traffic is always rejected,
# regardless of the whitelist, AllowFromDirect or AllowFromRemote.
BlacklistEncryptionPublicKeys: []
}
# Allow tunneling non-Yggdrasil traffic over Yggdrasil. This effectively
# allows you to use Yggdrasil to route to, or to bridge other networks,
# similar to a VPN tunnel. Tunnelling works between any two nodes and
# does not require them to be directly peered.
TunnelRouting:
{
# Enable or disable tunnel routing.
Enable: false
# IPv6 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... }
IPv6RemoteSubnets: {}
# IPv6 subnets belonging to this node's end of the tunnels. Only traffic
# from these ranges (or the Yggdrasil node's IPv6 address/subnet)
# will be tunnelled.
IPv6LocalSubnets: []
# IPv4 subnets belonging to remote nodes, mapped to the node's public
# key, e.g. { "a.b.c.d/e": "boxpubkey", ... }
IPv4RemoteSubnets: {}
# IPv4 subnets belonging to this node's end of the tunnels. Only traffic
# from these ranges will be tunnelled.
IPv4LocalSubnets: []
}
# Advanced options for tuning the switch. Normally you will not need
# to edit these options.
SwitchOptions:
{
# Maximum size of all switch queues combined (in bytes).
MaxTotalQueueSize: 4194304
}
# By default, nodeinfo contains some defaults including the platform,
# architecture and Yggdrasil version. These can help when surveying
# the network and diagnosing network routing problems. Enabling
# nodeinfo privacy prevents this, so that only items specified in
# "NodeInfo" are sent back if specified.
NodeInfoPrivacy: false
# Optional node info. This must be a { "key": "value", ... } map
# or set as null. This is entirely optional but, if set, is visible
# to the whole network on request.
NodeInfo: {}
}
```
Note that any field not specified in the configuration will use its default value, which may be random from run to run in the case of ports or keys.
## Configuration Options
- `Listen`
- A list of strings in the form `[ "tcp://listenAddress:listenPort", "tls://listenAddress:listenPort", ... ]`, on which to listen for TCP or TLS connections from peers.
- Note that, due to Go language design choices, `[::]` listens on IPv4 and IPv6 on most platforms, while an empty IP or `0.0.0.0` listens only to IPv4.
- Note that a `tcp://` listener can only accept `tcp://` peer connections, and a `tls://` listener can only accept `tls://` peer connections
- `AdminListen`
- Port to listen on for the admin socket, specified in URI format, i.e. `tcp://localhost:9001`.
- On supported platforms, the admin socket can listen on a UNIX domain socket instead, i.e. `unix:///var/run/yggdrasil.sock`.
- The default is to listen on the loopback interface (`tcp://localhost:9001`) which ensures that only local connections to the admin socket are allowed.
- Note that if you change the listen address to a non-loopback address, this may allow other hosts on the network to manage the Yggdrasil process. This probably isn't desirable.
- `Peers`
- A list of strings in the form `[ "tcp://peerAddress:peerPort", "tls://peerAddress:peerPort", "socks://proxyAddress:proxyPort/peerAddress:peerPort", ... ]` of peers to connect to.
- Peer hostnames can be specified either using IPv4 addresses, IPv6 addresses or DNS names.
- Each entry should begin with `tcp://` or `socks://proxyAddress:proxyPort/`.
- `InterfacePeers`
- Like peers above, but arranged using specific interface names: `{ "eth0": [ "tcp://peerAddress:peerPort", "tls://peerAddress:peerPort", "socks://proxyAddress:proxyPort/peerAddress:peerPort", ... ], "eth1": [], ... }` of peers to connect to.
- Note that a `tcp://` peer connection can only connect to a `tcp://` listener, and a `tls://` peer connection can only connect to a `tls://` listener
- `AllowedEncryptionPublicKeys`
- A list of strings in the form `["key", "key", ...]`, where `key` is each node's `EncryptionPublicKey` key which you would like to allow connections from.
- This option allows you to restrict which other nodes can connect to your Yggdrasil node as a peer. It applies to incoming TCP connections.
- If the list is left empty, or the option is not specified, then Yggdrasil will automatically accept connections from any other node.
- Note that multicast link-local peerings (see below) will always override this option if enabled.
- `EncryptionPublicKey`
- A hexadecimal string representing the node's public Curve25519 key.
- A node's ID in the DHT is a (sha-512) hash of this public key.
- A node's IP address is derived from the ID.
- `EncryptionPrivateKey`
- A hexadecimal string representing the node's private Curve25519 key.
- This is a private key, **don't share it with anyone**.
- `SigningPublicKey`
- A hexadecimal string representing a node's public Ed25519 key.
- Used primarily for signatures in the greedy routing scheme.
- `SigningPrivateKey`
- A hexadecimal string representing the node's private Ed25519 key.
- This is a private key, **don't share it with anyone**.
- `MulticastInterfaces`
- A list of regex strings for matching which interfaces to enable multicast peer discovery on. Interfaces that don't match any of the provided regexes are ignored.
- The default value (`.*`) matches all interfaces.
- This is also useful if you want to prevent accidental peering over a layer 2 VPN running on top of Yggdrasil.
- These interfaces will be listened on UDP port 9001 which needs to be opened in firewall. For example with UFW: `ufw allow from fe80::/10 to any port 9001 proto udp`
- `IfName`
- The name of the `tun` or `tap` network interface to create or use. Applications send packets over this interface to use the network.
- On most platforms, an empty string or the default `"auto"` will create a new interface automatically.
- You can also specify `"none"` as the interface name, in which case Yggdrasil will run as a router only without opening a network interface. This effectively allows Yggdrasil to carry traffic for other nodes without exposing the system to the network.
- The behaviour of this option is different on different operating systems. Some quick notes:
- On Linux, any suitable interface name can be specified.
- On FreeBSD, OpenBSD and NetBSD, a full path to the TAP interface should be specified, i.e. `"/dev/tap0"`.
- On macOS, a `utun` device is automatically assigned by the operating system, therefore you cannot specify a name.
- On Windows, a network adapter friendly name (like `"Local Area Connection 2"`) can be specified to choose a specific adapter. Use "Network Adapters" in Control Panel to see and/or rename adapters.
- `IfTAPMode`
- If true, then the interface will be a `tap` device (Layer 2) instead of a `tun` (Layer 3) device.
- Default value is platform specific, and some platforms support only `tun` or `tap` mode.
- Note that the network only transports IPv6 packets, so frames sent to or received from a `tap` are decapsulated or encapsulated at the end points of a connection.
- In TAP mode, Yggdrasil automatically answers Neighbor Discovery Packet (NDP) requests on behalf of Yggdrasil IPv6 addresses.
- In TAP mode, it may be possible to bridge with the Yggdrasil `tap` adapter, e.g. to allow container bridging.
- `IfMTU`
- The MTU of the `tun`/`tap` interface.
- Defaults to the maximum value supported on each platform, up to `65535` on Linux/macOS/Windows, `32767` on FreeBSD, `16384` on OpenBSD, `9000` on NetBSD, etc.
- Yggdrasil automatically assists in Path MTU Discovery (PMTU) and will limit the MTU of a given connection between two hosts to the lower of the MTUs used by each endpoint. The operating system is made aware of these MTUs using ICMP.
- `SessionFirewall`
- The session firewall lets you control the traffic sent to/from that node. It is useful if you want to act as a router without allowing access to your host, or if you only want to allow access from a specific set of nodes.
- Contains the following configuration options:
- `Enable`
- Disables or enables the session firewall.
- If enabled, the rules from the below options apply. If disabled, all traffic is allowed.
- `AllowFromDirect`
- Decides whether or not traffic should be allowed from nodes that are directly peered to you.
- `AllowFromRemote`
- Decides whether or not traffic should be allowed from nodes that are elsewhere on the network and *not* directly peered to you.
- `AlwaysAllowOutbound`
- Decides whether to allow traffic to be sent to any node on the network, as long the connection is initiated from your node.
- Note that once you open a session with a remote node, they *can* send traffic back to you for the lifetime of the session.
- `WhitelistEncryptionPublicKeys`
- A list of node's `EncryptionPublicKey` keys that are always allowed to exchange traffic with this host, both incoming or outgoing.
- Takes priority over the above options, but is overridden by the blacklist below.
- `BlacklistEncryptionPublicKeys`
- A list of node's `EncryptionPublicKey` keys that are never allowed to communicate with this node under any circumstances, both incoming or outgoing.
- Takes priority over all other options.
- `TunnelRouting`
- Crypto-key tunnel routing allows you to tunnel either IPv4 or IPv6 traffic to remote nodes over Yggdrasil. This is similar to using a VPN.
- Contains the following configuration options:
- `Enable`
- Enables crypto-key routing.
- If enabled, the following crypto-key routes will be used by Yggdrasil. If disabled, the below options have no effect.
- `IPv6RemoteSubnets`
- A list of routes in the form `{ "aaaa:bbbb:cccc::/e": "EncryptionPublicKey", ... }`
- For each entry, an IPv6 route entry will be created that sends traffic destined for `aaaa:bbbb:cccc::/e` to the node with the specified `EncryptionPublicKey` (effectively your "remote" ranges).
- `IPv6LocalSubnets`
- A list of allowed source subnets in the form `[ "aaaa:bbbb:cccc::/e" ]`
- Specifies a list of source IPv6 addresses which are allowed to be sent over the tunnel (essentially your "local" ranges).
- Traffic from the Yggdrasil node's IPv6 address and routed subnet are always allowed.
- `IPv4RemoteSubnets`
- A list of routes in the form `{ "a.b.c.d/e": "EncryptionPublicKey", ... }`
- For each entry, an IPv4 route entry will be created that sends traffic destined for `a.b.c.d/e` to the node with the specified `EncryptionPublicKey` (effectively your "remote" ranges).
- `IPv4LocalSubnets`
- A list of allowed source subnets in the form `[ "a.b.c.d/e" ]`
- Specifies a list of source IPv4 addresses which are allowed to be sent over the tunnel (essentially your "local" ranges).
- `SwitchOptions`
- Switch options are advanced tuning settings. Ordinarily you should not attempt to change these from their defaults.
- Contains the following configuration options:
- `MaxTotalQueueSize`
- The maximum allowed size, in bytes, of all local switch queues combined. Default is `4194304` (or 4MB).
- `NodeInfo`
- Public information about your node. This information can be requested by any node and may be particularly useful for crawlers and network surveys.
- There are no set options - you can freely enter any valid HJSON or JSON (whichever your configuration file is using).
- An example of some ways in which you may populate nodeinfo:
```
NodeInfo:
{
name: hostname.y.domain.com
contact: email@domain.com
location: Place, Country
}
```
# Use Cases
## Manually Connecting to Peers
Yggdrasil can be configured to connect to other peers by adding entries into the `Peers` configuration section. At startup, Yggdrasil will attempt to open a connection to these peers.
A peering URI will look similar to one of the following:
| **Direct TCP connection**: | `tcp://hostname:port` |
| **Direct TCP+TLS connection**: | `tls://hostname:port` |
| **Via a SOCKS proxy**: | `socks://proxyhostname:proxyport/hostname:port` |
By default, only link-local auto-peering is enabled. This connects devices that are connected directly to each other at layer 2, including devices on the same LAN, directly connected by ethernet or configured to use the same ad-hoc wireless network.
As the network uses ordinary TCP, it is possible to connect over other networks, such as the Internet or WAN links, provided that the connecting node knows the address and port to connect to and that the connection is not blocked by a NAT or firewall. If the node resides behind a NAT, then port forwarding may be required in order to accept incoming connections.
By default, connections to peers are made over TCP. It is possible to route through a `socks://proxyAddr:proxyPort/` connection.
This uses TCP over the specified SOCKS proxy, and can be used to tunnel out from a network with a particularly restrictive firewall, for example, using SSH tunneling.
This can also be used to [connect over Tor](https://github.com/yggdrasil-network/public-peers/blob/master/other/tor.md), particularly for `.onion` hidden service addresses, although this does have a number of performance issues and is not generally recommended.
If you are unable to find nodes in the nearby area, a best effort is made to maintain a list of [Public Peers](https://github.com/yggdrasil-network/public-peers) for new users looking to join or test the network.
## Advertising a Prefix
While it is generally encouraged that nodes run the software locally, to provide end-to-end cryptographic sessions and participate in routing, this is not always practical.
Some network devices will inevitably be unable to run user code, but may still provide IPv6 connectivity.
Users may also prefer to avoid running the software on an otherwise compatible system, perhaps to provide guest access or to avoid any overhead to battery powered devices.
To that end, it is each node is assigned a `/64` prefix in parallel to their address.
A node acting as a router may advertise this prefix just as they would any other ordinary IPv6 network.
While it is generally encouraged that nodes run the software locally, to provide end-to-end cryptographic sessions and participate in routing, this is not always practical. The device may not have the resources to run the software or may not be able to run user code. To that end, Yggdrasil also provides each node with a routed `/64` subnet in addition to their IPv6 address. A node running Yggdrasil that acts as a router may advertise this prefix to other devices just as they would any other ordinary IPv6 network.
This may be best illustrated by example.
Suppose a node has generated the address: `200:1111:2222:3333:4444:5555:6666:7777`.
@ -353,9 +63,9 @@ Then the node may also use addresses from the prefix: `300:1111:2222:3333::/64`
On Linux, something like the following should be sufficient to advertise a prefix and a route to `200::/7` using radvd to a network attached to the `eth0` interface:
1. Enable IPv6 forwarding (e.g. `sysctl -w net.ipv6.conf.all.forwarding=1` or add it to sysctl.conf).
1. Enable IPv6 forwarding (e.g. `sysctl -w net.ipv6.conf.all.forwarding=1` or add it to `sysctl.conf`)
2. `ip addr add 300:1111:2222:3333::1/64 dev eth0` or similar, to assign an address for the router to use in that prefix, where the LAN is reachable through `eth0`.
2. `ip addr add 300:1111:2222:3333::1/64 dev eth0` or similar, to assign an address for the router to use in that prefix, where the LAN is reachable through `eth0`
3. Install/run `radvd` with something like the following in `/etc/radvd.conf`:
```
@ -371,8 +81,7 @@ interface eth0
};
```
Note that a `/64` prefix has fewer bits of address space available to check against the node's ID, which in turn means hash collisions are more likely.
As such, it is unwise to rely on addresses as a form of identity verification for the `300::/8` address range.
Note that a `/64` prefix has fewer bits of address space available to check against the node's ID, which in turn means hash collisions are more likely. As such, it is unwise to rely on addresses as a form of identity verification for the `300::/8` address range.
## Generating Stronger Addresses (and Prefixes)

4
faq.md
View File

@ -16,10 +16,6 @@ Our official stance is that it is still alpha software. Expect things to not be
It is not a goal of the Yggdrasil project to provide anonymity. Your direct peers may be able to determine your location if, for example, you are peering over the Internet.
### Does Yggdrasil work on my platform?
Quite likely! Take a look at the [Platforms](platforms.md) page - you'll find platform-specific notes there.
### Does Yggdrasil require IPv6?
Your system must be IPv6-capable, which just about all modern operating systems are.

9
index.md
View File

@ -3,7 +3,7 @@ tags: dontlink
sitemap: true
---
# Introduction
# Yggdrasil
Yggdrasil is an early-stage implementation of a fully end-to-end encrypted IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4.
@ -17,17 +17,16 @@ A small number of users have been using and stress-testing Yggdrasil quite heavi
It is entirely possible that occasional breaking changes may still happen in future versions but generally Yggdrasil works well and has proven to be reasonably stable so far, with recent builds reaching weeks of uptime without crashes or failures.
Binaries are [automatically built](https://circleci.com/gh/yggdrasil-network/yggdrasil-go) each time that we commit to the Git repository for a number of platforms. Feel free to [download them](builds.md), play with them, stress-test them or even use them in your own environments. However, be prepared to upgrade frequently and we wouldn't recommend relying on Yggdrasil for anything mission-critical at this stage!
Binaries are [automatically built](https://circleci.com/gh/yggdrasil-network/yggdrasil-go) each time that we commit to the Git repository for a number of platforms. Feel free to [download them](https://github.com/yggdrasil-network/yggdrasil-go/releases), play with them, stress-test them or even use them in your own environments. However, be prepared to upgrade frequently and we wouldn't recommend relying on Yggdrasil for anything mission-critical at this stage!
## Implementation
Yggdrasil is written in Go. The codebase is fairly small and easy to navigate. It has been tested on a number of platforms (including [Linux](platform-linux.md), [Windows](platform-windows.md), [macOS](platform-macos.md), FreeBSD, OpenBSD and [Ubiquiti EdgeOS](platform-edgerouter.md)) although with various minor caveats. See the [Platforms](platforms.md) page for more information.
Yggdrasil is written in Go. The codebase is fairly small and easy to navigate. It has been tested on a number of platforms (including [Linux](platform-linux.md), [Windows](platform-windows.md), [macOS](platform-macos.md), FreeBSD, OpenBSD and [Ubiquiti EdgeOS](platform-edgerouter.md)).
## Get Involved
If you are interested in or would like to get involved in the Yggdrasil project, please feel free to join us!
- Set up Yggdrasil on your [own computer or router](platforms.md) and join the network - the bigger the network grows, the better understanding we will get of how Yggdrasil can scale!
- Set up Yggdrasil on your [own computer or router](installation.md) and join the network - the bigger the network grows, the better understanding we will get of how Yggdrasil can scale!
- Come and chat to us in our [Matrix channel](https://matrix.to/#/#yggdrasil:matrix.org) (or even [read our channel backlog](https://view.matrix.org/room/!DwmKuvGvRKciqyFcxv:matrix.org/))
- Alternatively, come and chat to us on the [Freenode IRC network](irc://chat.freenode.net/yggdrasil) in `#yggdrasil`
- Take a look at our [GitHub](https://github.com/yggdrasil-network/yggdrasil-go), and in particular, the [Open Issues](https://github.com/yggdrasil-network/yggdrasil-go/issues) which contain bugs waiting to be fixed, problems waiting to be solved and plenty of in-depth discussions about our implementation or design choices

113
installation-linux-edgeos.md
View File

@ -8,50 +8,93 @@ sitemap: true
Yggdrasil is supported on the Ubiquiti EdgeRouter using the
[vyatta-yggdrasil](https://github.com/neilalexander/vyatta-yggdrasil) package.
Please note that the package only supports EdgeOS 2.x.
Perform installation steps over SSH by connecting to the EdgeRouter as the
`ubnt` user, e.g. `ssh ubnt@192.168.1.1`, or another admin-level user if
configured.
## Package install from an Aptitude repository
## Notes
Start by adding the GPG key:
```
curl -o- https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt | sudo apt-key add -
```
- Although your Yggdrasil configuration will persist, the Yggdrasil package itself **does not** survive an upgrade of the EdgeRouter firmware. You must re-add the repository GPG key and re-install the `vyatta-yggdrasil` package after a system upgrade.
- After upgrading firmware and reinstalling Yggdrasil, use `load` to reload your configuration and then `commit` to make it effective again. Do not run `save` until after you have reloaded your configuration.
Then add the repository:
```
configure
set system package repository yggdrasil distribution edgerouter
set system package repository yggdrasil components yggdrasil
set system package repository yggdrasil url http://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/
commit
save
```
## Install the package
Then install the `vyatta-yggdrasil` package:
Download and copy the package onto the router. Once done, log into the router via SSH and use `dpkg` to install it:
```
sudo apt-get update
sudo apt-get install vyatta-yggdrasil
```
Yggdrasil can then be updated in the future by updating the packages:
```
sudo apt-get update
sudo apt-get upgrade
```
## One-off package install from CircleCI
If you do not want to configure the repository above, you can perform a one-off
installation by [downloading the latest vyatta-yggdrasil `.deb`
package](https://circleci.com/api/v1.1/project/github/yggdrasil-network/yggdrasil-go/latest/artifacts) and then install it:
```
curl -O https://xx-xxxxxxxxx-gh.circle-artifacts.com/x/vyatta-yggdrasil-x.x.xxx-mipsel.deb
sudo dpkg -i vyatta-yggdrasil-x.x.xxx-mipsel.deb
```
## After installation
## Generate configuration
Read the [EdgeRouter platform page](platform-edgerouter.md) page for information
on how to configure Yggdrasil and guidance on modifying the configuration.
Configuration for Yggdrasil is generated automatically when you create an interface, e.g. as `tun0`:
```
configure
set interfaces yggdrasil tun0
commit
save
```
At this point, Yggdrasil will start running using default configuration, which includes automatic peer discovery of other Yggdrasil nodes on the same network using multicast.
## Configuration
Once you have generated a configuration file, as above, then you should make configuration changes (like [adding peers](https://github.com/yggdrasil-network/public-peers)) by editing the `/config/yggdrasil.tun0.conf` file.
For example, if using `tun0`:
```
vi /config/yggdrasil.tun0.conf
```
To make configuration changes effective, restart Yggdrasil:
```
restart yggdrasil tun0
```
## Masquerade
If you want to allow other IPv6 hosts on your network to communicate through yggdrasil, you can configure an IPv6 masquerade rule. All traffic sent from other hosts on the network through the Yggdrasil interface will be NAT'd.
For example:
```
configure
set interfaces yggdrasil tun0 masquerade from xxxx:xxxx:xxxx::/48
commit
save
```
If you have multiple IPv6 subnets, then they can be configured individually by setting multiple `masquerade from` source ranges. Both private/ULA and public IPv6 subnets are acceptable.
## Default Firewall Config
Use this as an example firewall configuration, which will allow outgoing connections but prevent unexpected incoming ones, with the exception of ICMPv6 which will be allowed, e.g. if using `tun0`:
```
configure
set firewall ipv6-name YGG_IN default-action drop
set firewall ipv6-name YGG_LOCAL default-action drop
set firewall ipv6-name YGG_IN rule 10 action accept
set firewall ipv6-name YGG_IN rule 10 state established enable
set firewall ipv6-name YGG_IN rule 10 state related enable
set firewall ipv6-name YGG_IN rule 20 action drop
set firewall ipv6-name YGG_IN rule 20 state invalid enable
set firewall ipv6-name YGG_IN rule 30 action accept
set firewall ipv6-name YGG_IN rule 30 protocol icmpv6
set firewall ipv6-name YGG_LOCAL rule 10 action accept
set firewall ipv6-name YGG_LOCAL rule 10 state established enable
set firewall ipv6-name YGG_LOCAL rule 10 state related enable
set firewall ipv6-name YGG_LOCAL rule 20 action drop
set firewall ipv6-name YGG_LOCAL rule 20 state invalid enable
set firewall ipv6-name YGG_LOCAL rule 30 action accept
set firewall ipv6-name YGG_LOCAL rule 30 protocol icmpv6
set interfaces yggdrasil tun0 firewall in ipv6-name YGG_IN
set interfaces yggdrasil tun0 firewall local ipv6-name YGG_LOCAL
commit
save
```

25
installation.md
View File

@ -4,21 +4,40 @@ sitemap: true
# Installation
Installation guides are available for the following platforms/distributions.
Yggdrasil can be downloaded for major platforms from our [GitHub Releases](https://github.com/yggdrasil-network/yggdrasil-go/releases) page. Additionally, installation guides are available for the following platforms/distributions.
## Linux
Yggdrasil is well supported on Linux. There are a number of distribution packages and additional installation instructions available:
- [Debian, Ubuntu, elementaryOS, Linux Mint and similar](installation-linux-deb.md)
- [Red Hat Enterprise Linux, Fedora, CentOS and similar](installation-linux-rpm.md)
- [Gentoo Linux](installation-linux-gentoo.md)
- [Ubiquiti EdgeOS](installation-linux-edgeos.md)
- [Manual install or build from source](installation-linux-other.md)
## macOS
Yggdrasil is well supported on macOS. The preferred installation method is the `.pkg` installer:
- [macOS `.pkg` installer](installation-macos-pkg.md)
- [Manual install or build from source](installation-macos-other.md)
## Windows
- [Windows `.msi` installer](installation-windows.md)
Yggdrasil works on Windows and [an MSI installer is available](installation-windows.md), but the installer is supported on a best-effort basis only and may have bugs:
## FreeBSD
Yggdrasil is well supported on FreeBSD and [an official `net/yggdrasil` port](https://www.freshports.org/net/yggdrasil/) is available.
## Ubiquiti EdgeRouter
Yggdrasil is well supported on EdgeOS 2.x and [packages are available](installation-linux-edgeos.md).
## Android
An [Yggdrasil port to Android](https://github.com/yggdrasil-network/yggdrasil-android/releases) has been contributed by the community:
## iOS
Yggdrasil is supported on iOS but no binary builds exist at this time. You will need an Apple Developer subscription, access to the Network Extensions entitlements and to [build the app from source](https://github.com/yggdrasil-network/yggdrasil-ios).

97
platform-edgerouter.md
View File

@ -1,97 +0,0 @@
---
tags: dontlink
sitemap: true
---
# EdgeRouter
Yggdrasil is supported on the Ubiquiti EdgeRouter using the [vyatta-yggdrasil](https://github.com/neilalexander/vyatta-yggdrasil) package.
## Notes
- Although your Yggdrasil configuration will persist, the Yggdrasil package itself **does not** survive an upgrade of the EdgeRouter firmware. You must re-add the repository GPG key and re-install the `vyatta-yggdrasil` package after a system upgrade.
- After upgrading firmware and reinstalling Yggdrasil, use `load` to reload your configuration and then `commit` to make it effective again. Do not run `save` until after you have reloaded your configuration.
## Generate configuration
Configuration for Yggdrasil is generated automatically when you create an interface, e.g. as `tun0`:
```
configure
set interfaces yggdrasil tun0
commit
save
```
At this point, Yggdrasil will start running using default configuration, which includes automatic peer discovery of other Yggdrasil nodes on the same network using multicast.
## Configuration
Once you have generated a configuration file, as above, then you should make configuration changes (like [adding peers](https://github.com/yggdrasil-network/public-peers)) by editing the `/config/yggdrasil.tun0.conf` file.
For example, if using `tun0`:
```
vi /config/yggdrasil.tun0.conf
```
To make configuration changes effective, restart Yggdrasil:
```
restart yggdrasil tun0
```
## Masquerade
If you want to allow other IPv6 hosts on your network to communicate through yggdrasil, you can configure an IPv6 masquerade rule. All traffic sent from other hosts on the network through the Yggdrasil interface will be NAT'd.
For example:
```
configure
set interfaces yggdrasil tun0 masquerade from xxxx:xxxx:xxxx::/48
commit
save
```
If you have multiple IPv6 subnets, then they can be configured individually by setting multiple `masquerade from` source ranges. Both private/ULA and public IPv6 subnets are acceptable.
## Crash Detection
Although Yggdrasil does not crash often, you can make sure that the process is restarted if it crashes by scheduling the `vyatta-check-yggdrasil` script to run at a regular interval:
```
configure
set system task-scheduler task check-yggdrasil executable path /opt/vyatta/sbin/vyatta-check-yggdrasil
set system task-scheduler task check-yggdrasil interval 1m
commit
save
```
## Default Firewall Config
Use this as an example firewall configuration, which will allow outgoing connections but prevent unexpected incoming ones, with the exception of ICMPv6 which will be allowed, e.g. if using `tun0`:
```
configure
set firewall ipv6-name YGG_IN default-action drop
set firewall ipv6-name YGG_LOCAL default-action drop
set firewall ipv6-name YGG_IN rule 10 action accept
set firewall ipv6-name YGG_IN rule 10 state established enable
set firewall ipv6-name YGG_IN rule 10 state related enable
set firewall ipv6-name YGG_IN rule 20 action drop
set firewall ipv6-name YGG_IN rule 20 state invalid enable
set firewall ipv6-name YGG_IN rule 30 action accept
set firewall ipv6-name YGG_IN rule 30 protocol icmpv6
set firewall ipv6-name YGG_LOCAL rule 10 action accept
set firewall ipv6-name YGG_LOCAL rule 10 state established enable
set firewall ipv6-name YGG_LOCAL rule 10 state related enable
set firewall ipv6-name YGG_LOCAL rule 20 action drop
set firewall ipv6-name YGG_LOCAL rule 20 state invalid enable
set firewall ipv6-name YGG_LOCAL rule 30 action accept
set firewall ipv6-name YGG_LOCAL rule 30 protocol icmpv6
set interfaces yggdrasil tun0 firewall in ipv6-name YGG_IN
set interfaces yggdrasil tun0 firewall local ipv6-name YGG_LOCAL
commit
save
```

23
platform-ios.md
View File

@ -1,23 +0,0 @@
---
tags: dontlink
sitemap: true
---
# iOS
Yggdrasil is supported on iOS thanks to a native app currently in TestFlight. It
can be used on both iPhones or iPads and is implemented as a VPN extension.
Although it should work on most recent releases of iOS, using the latest version
is recommended.
## Notes
- Functionality in the app is somewhat limited compared to Yggdrasil on other
platforms - some features like crypto-key routing are not available at this
time
- The app is developmental and might have some bugs or may, in some limited
cases, drain battery power. Please make sure to report bugs to us via
Matrix/IRC
- Each TestFlight release is only valid for 90 days. You will be notified by
push notification and/or email when a new TestFlight build is available so
please make sure to upgrade as soon as possible after each release

16
platform-linux.md
View File

@ -1,16 +0,0 @@
---
tags: dontlink
sitemap: true
---
# Linux
Yggdrasil is well supported on Linux.
## Notes
- Should work with any kernel that includes the `tun` and/or `tap` modules.
- The maximum MTU size supported on Linux is 65535 in TUN mode and 65521 in TAP mode.
- IPv6 needs to be enabled in order for Yggdrasil to work - IPv6 is usually enabled by default, but if not, enable using `sysctl -w net.ipv6.conf.all.disable_ipv6=0` or similar.
- If using TUN/TAP then `/dev/net/tun` should be present on your system.
- The [BBR](https://github.com/google/bbr) congestion control algorithm is strongly recommended, as it can significantly reduce latency when under load. On recent distributions, this can be done with `sysctl -w net.ipv4.tcp_congestion_control=bbr` or similar.

99
platform-macos.md
View File

@ -1,99 +0,0 @@
---
tags: dontlink
sitemap: true
---
# macOS
Yggdrasil is well supported on macOS out of the box, thanks to the inclusion of the `utun` driver in macOS.
## Notes
- Tested and working out of the box on macOS 10.13 High Sierra and 10.14 Mojave.
- May work in theory on any macOS version with `utun` support (which was added in macOS 10.7 Lion), although this is untested at present.
- TAP mode is not supported on macOS, therefore the `IfTAPMode` option will have no effect and will default to TUN mode automatically.
- The maximum MTU size supported on macOS is 65535.
## Installation using the macOS installer (preferred)
Visit the [Builds](builds.md) page and download the relevant `-macos-amd64.pkg` package file.
Once downloaded, open the Downloads folder in Finder, right-click the package and click "Open". (Alternatively, double-click and then use System Preferences > Security to "Open Anyway" after the developer prompt.)
Once installed, configuration will be generated/updated and Yggdrasil will automatically start in the background. You do not need to complete any of the below steps when using this package.
## Manual installation
System Integrity Protection in macOS prevents you from copying files into `/usr/bin`, therefore you should install into `/usr/local/bin` instead. This may not exist by default so create it if it doesn't exist:
```
sudo mkdir -p /usr/local/bin
```
Then [download the latest Yggdrasil binary](https://circleci.com/api/v1.1/project/github/yggdrasil-network/yggdrasil-go/latest/artifacts) and install it:
```
sudo cp ~/Downloads/yggdrasil-x.x.xx-darwin-amd64 /usr/local/bin/yggdrasil
sudo chmod +x /usr/local/bin/yggdrasil
```
Alternatively, compile Yggdrasil from source (below) and install:
```
sudo cp /path/to/yggdrasil-go/yggdrasil /usr/local/bin/yggdrasil
sudo chmod +x /usr/local/bin/yggdrasil
```
### Generate configuration
Before starting Yggdrasil, you should generate configuration:
```
sudo yggdrasil -genconf > /etc/yggdrasil.conf
```
### Run Yggdrasil
#### Run once
Open Terminal.app and start Yggdrasil using your generated configuration:
```
sudo nohup yggdrasil -useconffile /etc/yggdrasil.conf &
```
Alternatively, start Yggdrasil in auto-configuration mode:
```
sudo nohup yggdrasil -autoconf &
```
#### Run as a background service
Running as a background system service means that Yggdrasil will automatically start up in the background when your Mac boots. It also ensures that Yggdrasil will be restarted automatically if the process is terminated for some reason.
You can install Yggdrasil as a launchd service using the launchd scripts in the Git repository. Locate the [`yggdrasil.plist` file in the `contrib` folder](https://raw.githubusercontent.com/yggdrasil-network/yggdrasil-go/master/contrib/macos/yggdrasil.plist) of the repository and make sure that the paths match your installation (i.e. `/usr/local/bin/yggdrasil` and `/etc/yggdrasil.conf`) and then copy it into `/Library/LaunchDaemons/`.
If you already have the source repository to hand, you can instead retrieve `yggdrasil.plist` from there instead of downloading as above:
```
cd /path/to/yggdrasil-go
sudo cp contrib/macos/yggdrasil.plist /Library/LaunchDaemons/
```
Once the `yggdrasil.plist` file is in `/Library/LaunchDaemons/`, you can start the service:
```
sudo launchctl load /Library/LaunchDaemons/yggdrasil.plist
```
When using the launchd scripts from the repository, standard output is logged to `/tmp/yggdrasil.stdout.log` and error output is logged to `/tmp/yggdrasil.stderr.log`.
If you want to stop the Yggdrasil service and prevent it from being restarted by launchd:
```
sudo launchctl unload /Library/LaunchDaemons/yggdrasil.plist
```
## Build instructions
macOS has most of the tools needed to build Yggdrasil from source - you just need to install Go 1.11 or later.
1. Download the latest [Go .pkg installer for macOS](https://golang.org/dl/)
1. Run the installer to install Go on your system
1. Open Terminal.app, clone the repository and build:
```
cd /path/to
git clone https://github.com/yggdrasil-network/yggdrasil-go
cd yggdrasil-go
./build
```
1. The resulting `yggdrasil` file is your build - optionally install it into your system, as above.

39
platforms.md
View File

@ -1,39 +0,0 @@
---
sitemap: true
---
# Platform Notes
## Linux
- See the [Linux platform page](platform-linux.md).
## macOS
- See the [macOS platform page](platform-macos.md).
## iOS
- See the [iOS platform page](platform-ios.md).
## EdgeRouter
- See the [EdgeRouter platform page](platform-edgerouter.md).
## FreeBSD, NetBSD
- Works in TAP mode, but currently doesn't work in TUN mode.
- You may need to create the TAP adapter first if it doesn't already exist, i.e. `ifconfig tap0 create`.
- A [FreeBSD service script](https://github.com/yggdrasil-network/yggdrasil-go/blob/master/contrib/freebsd/yggdrasil) is available in the `contrib` folder. This might be adaptable to other BSDs.
## OpenBSD
- Works in TAP mode, but currently doesn't work in TUN mode.
- You may need to create the TAP adapter first if it doesn't already exist, i.e. `ifconfig tap0 create`.
- OpenBSD is not capable of listening on both IPv4 and IPv6 at the same time on the same socket, therefore you may need to specify both an IPv4 and an IPv6 listener, like so:
```
Listen: [
tcp://[::]:12345
tcp://0.0.0.0:12345
]
```