can anyone connect to my lightning node? I think my ISP started blocking inbound connections to lightning =/
03f3c108ccd536b8526841f0a5c58212bb9e6584a1eb493080e7c1cc34f82dad71@ln.damus.io:9735
Discussion
Maybe the IP is wrong? Can’t ping or get any kind of response.
my ip has been static for like a year. they changed it to the one I have now:
dig +short myip.opendns.com @resolver1.opendns.com
24.84.153.116
so I updated my dns (ln.damus.io) to that, but now I can't connect to it from my external VPS. thinking rogers (my isp) started filtering me.
no other config has changed.
gonna change my port to see if its a port blocking thing
bleh nothing. guess I'm switching ISPs
Can they actually know that it's lightning traffic? or are they just blocking the ln.damus.io?
rogers recently bought shaw (the ISP i was with). it looks like i just got kicked off my static ip into a CGNAT, so I can't host anything anymore. lame.
That sucks.
Cgnat is 💀
Look into cloudflare tunnel... Free
I'm passing off a 2 second AI query as my own 😂
Alternatives to Cloudflare Tunnel
For ease of use and features:
ngrok: A popular and feature-rich option for developers, it's known for being easy to set up and use, offering features like TLS tunnels.
LocalTunnel: A straightforward and easy-to-use tool for quickly exposing a local port to the internet.
Pinggy: A simple and accessible alternative for creating tunnels.
For private networks:
Tailscale: Ideal for securely connecting your own devices in a peer-to-peer network, often used for accessing a home lab or NAS. Unlike Cloudflare Tunnel, which acts as a reverse proxy, Tailscale creates a private network that only your devices can join.
For self-hosted and maximum control:
Pangolin: A self-hosted solution that combines features of Cloudflare Tunnels and other tools like Traefik using WireGuard for a high degree of control over your infrastructure.
Traefik: A modern reverse proxy that can be used to build self-hosted solutions similar to Cloudflare Tunnel, giving you full control over your setup.
Other options:
LocalXpose: Another alternative for tunneling.
Zrok: A self-hosted option with a focus on privacy and easy sharing.
Put tailscale on your machine
Run a vps, the cheapest one you can find
Put tailscale there
Write a caddy config that routes traffic to your home server via tailscale.
Problem solved
I will guide you through the whole setup over here if you want
Already did this but just used wireguard since tailscale is a backdoor into your network
nevent1qqsgk2hhnr5zh7fgc0k9c48t3n05tdtmwl6n383em9hntgqtz4zlxtgl9ynyx
why is tailscale a backdoor since it's also WG
tailscale has a control plane which can add a removes machines to your mesh. they control this unless you run your own.
its just simpler to run wireguard imo
they could in theory backdoor into any tailscale network. scary shit. I wouldn't be surprised in governments are already thinking about using this.
What about headscale?
Not true, or not entirely true
The control plane can be self hosted (headscale), and they have a mitigation for mitm or attack surface in the control plane - tailscale lock.
It's FOSS, on their clients, if their control plane is FULLY compromised, literally completely taken over, they can still not add new machines, nor access them, at best they can shut you out of derp (can't even prevent your already logged in machines to connect because holepunch)
now i probably need nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpp4mhxue69uhkummn9ekx7mqpzpmhxue69uhkummnw3ezumrpdejqx0sfxm to explain because I'm 5 and retarded
basically tailscale does direct connections between nodes, yes, and it is encrypted
but these nodes at the start don’t know each other, they ask the tailscale control plane “what nodes are there”
if the control plane lies and inserts fake/impersonating nodes, it could pretend to be your trusted laptop for example
this makes no sense. if they couldn't add machines then how do they add your machines? something has to coordinate everything.
It's true without tailscale lock, please look into that feature
Do you pay for static IP? With some ISPs that is part of the agreement and so maybe the new ISP is breaching yours...
I don’t think there was an agreement, it was just how shaw had their network setup
IPv4s finally got expensive enough that it became worth it for legacy carriers to transition networks over to CGNAT, at least if they’re already redoing it like in an acquisition. Sucks…
was able to hack a fix together with wireguard:
nostr:note13v400x8g90uj3slvt32whrxlgk6hkal48z0rnkt0xksqk9297vkswwszr7
its nested noise protocols all the way down
{
"code": 401,
"message": "All addresses failed: Error connecting to ln.damus.i
o: Tor server reply: general SOCKS server failure. ln.damus.io:9735
: Connection establishment: Connection refused. Error connecting to
24.84.153.116: Tor server reply: general SOCKS server failure. 24.
84.153.116:9738: Connection establishment: Connection refused. "
}
cannot connect
seems to work?
{
"id": "03f3c108ccd536b8526841f0a5c58212bb9e6584a1eb493080e7c1cc34f82dad71",
"features": "0898882a8a59a1",
"direction": "out",
"address": {
"type": "ipv4",
"address": "45.79.91.128",
"port": 9735
}
}
yeah I have my VPS acting as a wireguard proxy for now
Damn sorry brother