Yggdrasil 0.4 Released: Decentralized Private Network Over the Internet

The reference implementation of the Yggdrasil 0.4 protocol has been released, enabling the deployment of a separate decentralized private IPv6 network on top of the regular global internet. End-to-end encryption is used to protect privacy within this network. Any existing application that supports IPv6 can operate over the Yggdrasil network. The implementation is written in Go and distributed under the LGPLv3 license. Supported platforms include Linux, Windows, macOS, FreeBSD, OpenBSD, and Ubiquiti EdgeRouter.

Key Features of Yggdrasil

Yggdrasil introduces a new routing concept for building a global decentralized network. Nodes can connect directly in mesh mode (for example, via Wi-Fi or Bluetooth) or interact over existing IPv6 or IPv4 networks (network over network). A distinctive feature of Yggdrasil is its self-organizing operation, eliminating the need for explicit routing configuration—route information is calculated based on a node’s position relative to others in the network. Devices are addressed using standard IPv6 addresses, which remain unchanged even if the node moves (Yggdrasil uses the unused 0200::/7 address range).

The entire Yggdrasil network is viewed as a single structured spanning tree with one “root,” where each node has one parent and one or more children. This tree structure allows for route construction to a destination node relative to the source node using a “locator” mechanism that determines the optimal path from the root. Tree information is distributed among nodes and not stored centrally. A distributed hash table (DHT) is used for exchanging routing data, allowing a node to retrieve all necessary route information to another node.

The network itself provides only end-to-end encryption (transit nodes cannot see the content), but not anonymity. When connecting over the internet, peer nodes with direct connections can determine the real IP address. For anonymity, it is recommended to connect nodes via Tor or I2P.

Although the project is still in the alpha development stage, it is considered stable enough for daily use, but backward compatibility between releases is not guaranteed. For Yggdrasil 0.4, the community maintains a set of services, including a platform for hosting Linux containers for personal websites, the YaCy search engine, a Matrix communication server, IRC server, DNS, VoIP system, BitTorrent tracker, a map of connection points, an IPFS gateway, and proxies for accessing Tor, I2P, and the clearnet.

What’s New in Version 0.4

• A new routing scheme has been implemented, which is not compatible with previous Yggdrasil releases.
• Key pinning is now used when establishing TLS connections with nodes. If no pinning was present during connection, the received key will be pinned to the connection. If pinning was set but the key does not match, the connection will be rejected. TLS with key pinning is now the recommended method for connecting to peers.
• The code for routing and session management has been completely redesigned and rewritten, increasing bandwidth and reliability, especially for nodes that frequently change peers. Cryptographic sessions now feature periodic key rotation.
• Source routing support has been added, allowing user IPv6 traffic to be redirected as needed.
• The architecture of the distributed hash table (DHT) has been reworked, and DHT-based routing is now supported. Routing algorithms have been moved to a separate library.
• IPv6 addresses are now generated from ed25519 public keys instead of their X25519 hash, which will result in all internal IPs changing after upgrading to Yggdrasil 0.4.
• Additional settings have been provided for discovering multicast peers.

For more information, visit the official Yggdrasil website.