[bitfolk] "Easily Accessing All Your Stuff with a Zero-Trust Mesh VPN"

Hello, I found this an interesting read: https://changelog.complete.org/archives/10478-easily-accessing-all-your-stu… The author's favourite is Yggdrasil which I'll summarise. It can be used as a simple VPN of course, but also an overlay network to easily connect together disparate networks, VMs and containers. Once you run the daemon your host generates itself a static IPv6 address inside 200::/7 (a range of addresses that are marked as deprecated so should not be in use anywhere else). That IPv6 address stays with you as long as the keys the daemon generated still exist, and it's how other nodes on the overlay network talk to you. Initially I was a bit perturbed by this use of "someone else's" IPv6, but it does make things very simple. A normal VPN does all of that as well, but it's interesting that yggdrasil will try to pick an optimal route. For example, if you have two laptops which are away from their home network and they want to talk to each other on their 200::/7 addresses they will try to peer with each other directly over the Internet. That might fail if they are both behind multiple layers of NAT or on really restrictive networks or something. They would both also be trying to peer with every other peer they know about though, so you'd probably also have a node on your home network for them to connect to. Once they'd both connected to that, traffic between them would go via that node as if they were both traditional VPN clients in a star topology. Yet once they both end up at their home network again the traffic would go directly between them, bypassing the home server node - without you having to change anything. It's doing TCP-over-TCP which is also frowned upon, but they seem to have taken some steps to optimise it. You might not notice the overhead unless you're on a >1Gbps network. It's comparable to Tailscale and ~50% to ~66% that of Wireguard. As far as I understand, Tailscale does a lot of similar things as well. I've not used it yet, but I'm liking the apparent simplicity of Yggdrasil. Tailscale's free pricing tier is only for personal use and you have to authenticate with github to use it. Anyone else looked at Yggdrasil? Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting