Yggdrasil VPN
I’m trying to work outside my home office more, but all my email is hosted on my home server. While disconnecting is nice, not having access when I need it has sucked.
Enter yggdrasil!
After installing on my laptop (MacOS) and my desktop (Ubuntu) I updated
.ssh/config
with my desktop’s IPv6 address and was able to SSH via IPv6 over
my local network. Perfect!
Step two: install on a server with a public IP. One more service running on my Digital Ocean instance.
I’m not interested, at the moment, with joining the full yggdrasil network, so I configured my public instance to only allow peering from my laptop and desktop’s public keys:
AllowedPublicKeys: [
"desktop-public-key"
"laptop-public-key"
]
On the public server, I listen via TLS rather than plain TCP. It’s slightly slower, but also slightly more secure. Since I’m not moving a lot of traffic over the connection, the extra security is worth it to me:
Listen: [
tls://PUBLIC-IP-ADDRESS:56603
]
I couldn’t find a recommended port to listen on, so I picked a random number. 🤣
(The only “gotcha” was remembering to open the firewall for yggdrasil.)
Ramces Red’s article about yggdrasil has more information about installing and configuring a basic VPN.