(no title)

My use-case was sharing things like game servers and websites with friends—which we previously did by sharing each other's machines/servers via Tailscale—and accessing my homelab remotely. For the first case, the public Yggdrasil network was much better than a mesh VPN like Tailscale: I don't have to manage invites or accounts—everyone who knows the address can just connect.

For the second case, assuming addresses are discoverable (since 128 bits would make them quite hard to enumerate), I think a firewall gating by incoming IP will take care of that (since your IP is just a hash of your public key), though for now I've kept most sensitive ports unbound from it. I hadn't yet tried anything like Tailscale bridging (exposing a LAN address without configuring the client on the endpoint), but I'll try once I have a bit more free time.

Tailscale is a nice abstraction on Wireguard, but Yggdrasil feels less like a solution to your specific infra problems and more like a coherent vision of how the internet ought to be. You can just rely on IPs as identities, link-layer encryption with Noise Protocol, and out-of-box hole punching, with relatively low latency (though I haven't tested the speed). It's the same feeling of awe as when I first saw how easy it is to host Onion Services, only not hampered by the abysmal speeds.