I’m trying to work outside my home office more, but all my email is hosted on my home server. While disconnecting is nice, not having access when I need it has sucked.
After installing on my laptop (MacOS) and my desktop (Ubuntu) I updated
.ssh/config with my desktop’s IPv6 address and was able to SSH via IPv6 over
my local network. Perfect!
Step two: install on a server with a public IP. One more service running on my Digital Ocean instance.
I’m not interested, at the moment, with joining the full yggdrasil network, so I configured my public instance to only allow peering from my laptop and desktop’s public keys:
AllowedPublicKeys: [ "desktop-public-key" "laptop-public-key" ]
On the public server, I listen via TLS rather than plain TCP. It’s slightly slower, but also slightly more secure. Since I’m not moving a lot of traffic over the connection, the extra security is worth it to me:
Listen: [ tls://PUBLIC-IP-ADDRESS:56603 ]
I couldn’t find a recommended port to listen on, so I picked a random number. 🤣
(The only “gotcha” was remembering to open the firewall for yggdrasil.)
Ramces Red’s article about yggdrasil has more information about installing and configuring a basic VPN.