Does anyone run private services for themselves on Yggdrasil by allowlisting specific IPs and piggybacking on the routing layer? I've thought about doing this but haven't tried it.

I wish TLS behaved better with private networks but I around certificates continues to mostly be oriented around the Internet.

▲ realreality 3 days ago | parent | next [-]

Yes. All you have to do is whitelist your clients' yggdrasil addresses in your firewall.

in pf syntax:

  table <yggdrasil> persist file "/etc/yggdrasil-allowed"

  pass in quick on tun0 inet6 proto tcp from <yggdrasil> to port $services

▲

Karrot_Kream 3 days ago | parent [-]

Have you had issues with bad actors flooding you? And how are your routes (when you're stationary?) Just curious

	▲	MarsIronPI 3 days ago \| parent \| next [-]
		I actually don't have firewalls set up on my devices that run Yggdrasil yet (please don't crack me). I haven't noticed any brute-force attacks on my SSH servers yet. Though I really should set up firewalls. As for routing, I run my own node on a VPS, so all my edge devices are peered with that machine so routing is fine. Though when my machines are on the same network they automatically peer with each other directly.
	▲	realreality 3 days ago \| parent \| prev [-]
		I haven't noticed any bad actor traffic. Perhaps yggdrasil is still too obscure to bother attacking. The stationary nodes are connected to several public yggdrasil peers that are geographically close by. The routing "just works", though connecting to a peer can take a few seconds, at first.

▲ MarsIronPI 3 days ago | parent | prev [-]

I don't run services on Yggdrasil yet, but I use it heavily to get static, publicly routable addresses for SSH purposes. It's very nice because Yggdrasil automatically finds peers on the local network, so my addresses still work for devices on the same local network, if there's no uplink.