Yggdrasil 0.5 Released: Decentralized Private Network Over the Internet

After more than two years of development, the reference implementation of the Yggdrasil 0.5 protocol has been released. Yggdrasil enables the deployment of a separate, decentralized private IPv6 network on top of the regular global internet, using end-to-end encryption to protect privacy. Any existing application that supports IPv6 can be used within the Yggdrasil network. The implementation is written in Go and is distributed under the LGPLv3 license. Supported platforms include Linux, OpenWRT, Windows, macOS, FreeBSD, OpenBSD, VyOS, and Ubiquiti EdgeRouter.

Key Features of Yggdrasil

• Yggdrasil introduces a new routing concept for building a global decentralized network. Nodes can connect directly in mesh mode (e.g., via Wi-Fi or Bluetooth) or interact over existing IPv6 or IPv4 networks (network over network).
• Self-organizing operation: No explicit routing configuration is required. Routing information is calculated based on the node’s position relative to others in the network.
• Devices are addressed using standard IPv6 addresses, which remain unchanged even if the node moves (Yggdrasil uses the unused 0200::/7 address range).
• The entire Yggdrasil network is structured as a single spanning tree, not as a collection of isolated subnets. There is one “root,” and each node has one parent and one or more children. This tree structure allows for efficient routing using a “locator” mechanism to determine the optimal path from the root to any node. Tree information is distributed among nodes and is not stored centrally.
• End-to-end encryption is used to protect against traffic analysis (transit nodes cannot see the content), but anonymity is not guaranteed. When connecting over the internet, directly connected peers can see your real IP address. For anonymity, it is recommended to connect nodes via Tor or I2P.
• Although the project is still in alpha, it is stable enough for daily use. However, backward compatibility between releases is not guaranteed.
• The Yggdrasil community maintains a set of services, including a Linux container hosting platform, the YaCy search engine, a Matrix communication server, IRC server, DNS, VoIP system, BitTorrent tracker, connection point map, IPFS gateway, and proxies for accessing Tor, I2P, and the clearnet.

What’s New in Version 0.5

• Added the ability to authenticate peer connections using a password. The password is set via the “password=” parameter, for example: tls://a.b.c.d:12345?password=123456abcdef.
• Support for the QUIC protocol (based on UDP) for peer communication. To use QUIC, specify the quic:// URI scheme in the Listen and Peers directives. Note: QUIC support is not as thoroughly tested as TCP and TLS.
• New PrivateKeyPath option allows storing the private key in PEM format, separate from the main configuration file. Use the -exportkey option to export the key to a separate file.
• Introduced a new routing scheme that is not backward compatible with previous versions (Yggdrasil 0.5 nodes cannot interact with Yggdrasil 0.4 hosts). This new scheme resolves most stability and scalability issues present in the 0.4 branch and significantly reduces memory usage and network traffic during inactivity. The new implementation uses a probabilistic Bloom filter structure to track links and nodes. The distributed hash table (DHT) is no longer used for routing data exchange or public key binding in the tree network.
• To maintain local consistency and reduce dependency on routes to root nodes, nodes now transmit information about each link separately, tracked in CRDT structures. Instead of source routing, greedy algorithm-based routing is used (requests are sent to the nearest neighbor node).
• Connection negotiation and multicast formats have been redesigned for better extensibility. Link handling code has been rewritten for more reliable peer state tracking. Separate tracking of reconnection intervals for each configured peer is now provided.
• For failure detection, instead of periodic keepalive requests, traffic acknowledgment messages are used. This eliminates unnecessary traffic during network inactivity, reducing power consumption on mobile devices by avoiding idle traffic.