Skip to Content

Mesh virtual networks

Last modified by Shangril on 2026/03/11 10:56

Introduction to Mesh Networks

Mesh networks like Yggdrasil (the most used) or Cjdns (its historical predecessor) transform every device into an autonomous routing node, creating a decentralized and end-to-end encrypted Internet infrastructure. In this model, the IP address becomes a permanent and inviolable cryptographic identity, allowing the deployment of sovereign services (web, mail, video conferencing) totally free from central servers.

Any device incorporating Yggdrasil can establish a direct IP connection with any other node in this global mesh network. This allows, for example, remote access to an SSH console at home while traveling, without needing to configure a NAT rule on an "ISP router" or have a static "public IP address". This model can also be used to establish a resilient and secure neighbor-to-neighbor network, enabling local communication without data ever having to travel across the globe to reach its destination from one local routing node to another: this is known as "meshlocal."

1. What is a "Mesh" Network?

In a classic network, everything goes through a central point (your router, then your provider's servers). If the center is cut, everyone is disconnected.
In a mesh network, every user becomes a "node". Computers connect to each other directly (via Wi-Fi, network cable, or even via the classic Internet as a "tunnel").

  • Resilience: If a node fails, data finds another path.
  • Horizontality: There is no hierarchy. It is the "Peer-to-Peer" principle applied to the very infrastructure of the web.

2. The Choice of Yggdrasil

Yggdrasil is an experimental and encrypted mesh network. Unlike the classic Internet (standard IPv4 or IPv6), Yggdrasil uses automatic node-to-node routing that requires no centralizing gateway.

  • Privacy and Security: All communications on Yggdrasil are end-to-end encrypted by default.
  • Independence: The goal is to be able to create a "parallel Internet" that can operate in total isolation if the global network were to be cut or censored.

Implications of Mesh

Mesh networks based on protocols like Yggdrasil or Cjdns represent a major evolution of internet infrastructure, replacing centralized hierarchy with horizontal cooperation between machines.

Here are the key points for understanding their technical operation and concrete applications:

1. TCP/IP Compatibility and Application Transparency

One of the greatest strengths of these networks is that they do not require rewriting existing software. They create a virtual network interface (generally named `tun0`) which natively supports the TCP/IP stack.

  • Operation: Any application capable of communicating in IPv6 (such as a web browser, an SSH client, or a game server) works immediately.
  • Usage: You can host a website or a file server on your mesh machine; other users access it via your mesh IP address exactly as if they were on the classic web.

2. Permanent Cryptographic Identity

Unlike the traditional internet where your IP address changes depending on your provider or geographical location, here, the IP address is generated from a cryptographic key (generally an Ed25519 key pair).

  • Authenticity: The IP address *is* the proof of the machine's identity. It is mathematically impossible to spoof another user's address.
  • Static for life: Your address remains the same forever, no matter where you plug in your machine in the world, as long as you keep your configuration file (your private key).

Practical Applications

1. Native Decentralized Applications

Certain tools specifically exploit these capabilities to offer totally sovereign services:

  • Yggmail : A complete mail server (MTA) that sends and receives emails natively on the Yggdrasil network. Unlike classic mail, every message is end-to-end encrypted and the address (e.g.: `your-key@yggmail`) is linked to your network identity.
  • Visiophonygg : A peer-to-peer video calling application designed to run on Yggdrasil. It allows audio/video communications without any central server to relay the call, guaranteeing total privacy.

2. Local Deployment: Building or Block

To create a physical mesh network independent of the Internet, we rely on the deployment guide available at Clewn's Open Mesh using Wi-Fi routers flashed with OpenWRT.

  • Mesh Configuration: Routers communicate with each other via the 802.11s protocol (Layer 2 mesh). This creates a Wi-Fi "cloud" where routers see each other and transmit packets automatically.
  • Yggdrasil encrypted overlay: By installing the `yggdrasil` package on each router, we give any computer or smart device in the home network incorporating this router the ability to be equipped with Yggdrasil and to possess an encrypted and authenticated Yggdrasil IPv6 address forever.
  • Cjdns Integration: By installing the `cjdns` package on two OpenWRT routers belonging to this meshlocal, no matter how many nodes away they are, an IP tunnel (Connection Sharing) can be implemented that allows a meshlocal node with Internet access (the "Gateway") to encapsulate the traffic of another node without internet and share its access.
    • The "client" node sends its packets via the mesh to the "gateway" node.
    • Thanks to the tunnel, the gateway redirects this flow to the public Internet.
    • This allows sharing a single internet subscription for an entire building or block in a secure and isolated manner.

3. Global Interconnection and Public Peering

Beyond the neighborhood scale, the mesh network breaks free from physical limits by using "tunnels" over the conventional Internet to link distant islands. By configuring a peering to a public node of the Yggdrasil Network, your local mesh instantly unifies with the rest of the global network.

  • Network Fusion: This gateway allows all nodes in your building to communicate with any other node on the planet, as if they were in the same room.
  • Universal Remote Access: Your mobile computer, even when traveling to the other side of the world, if you simply install the Yggdrasil software and if it can reach a public peer, becomes capable of exchanging data with local services (Visiophonygg at your home or at a neighbor's, file servers, ssh terminal on one of your devices at home) transparently.
  • Service Continuity: Whether you are connected via direct Wi-Fi to a meshlocal router or through a 4G connection abroad, your cryptographic identity and your IP remain identical, ensuring permanent and secure reachability without complex VPN configuration.

Conclusion

The adoption of this mesh architecture makes it possible to build a digital infrastructure whose resilience no longer depends on a central point, guaranteeing service continuity even in the event of a widespread failure of the global network. By relying on protocols like Yggdrasil or Cjdns, every user gains access to sovereign and encrypted communication tools, such as mail or video conferencing, where digital identity is protected by an inviolable cryptographic key. The entry cost into this ecosystem has become extremely accessible: a new router, already pre-flashed with the OpenWRT free system and ready to use, can be found today for around 25 €. It is a minor investment to transform your home into a trusted node, capable of offering safe and sustainable connectivity at a neighborhood scale.

Langues / Languages

🇫🇷 Français | 🇬🇧 English