Are you inviting me to troubleshoot my existing node with you over a channel over Tor? Or encouraging me to go clearnet and then open a channel with you? 🤝
Discussion
Tor is a DDoSed piece of crap. I switched to using Tailscale a few months ago and now love using my node again. I can access it at lightning speeds now from my phone. I now have zero issues. I'd say give Tailscale a try. I would never go Clearnet for privacy concerns. I don't want to expose my home IP.
It’s a pain when you need to re-authenticate though and no warning. I do prefer least dependencies as possible.
Tailscale? Never heard of it. Where so I start with it to migrate my TOR LN node?
Tailscale is a VPN (Wireguard) platform allowing you to create a private mesh network for your devices. Tailscale.com. Several Bitcoin node platforms have Tailscale in their respective app stores. You can also install it manually in your devices.
Be careful when suggesting tailscale for bitcoin stuff. They are a trusted third party and can access your home network if they wanted to.
The most secure setup is simply wireguard or https://lnlink.app + CLN. No third parties needed.
Oh snap.
I'm going to look into wireguard. It sounds interesting. When you say to use "simply Wireguard or + CLN", do you mean use Wireguard and CLN? Or is there something built in to Core Lightning on its own that can obscure one's IP. The LNLink app you posted appears to be for administration of a node but unrelated to the node's IP address obscurity.
You could setup a wireguard from ex. Ovpn.com on your node and then you got a hybrid node without exploit your privat public ip. Only the wireguard ip.
It makes for example LNBits easier to setup. Regulate Trafic with Firewall ufw.
Works like a charm, i got that setup on my node. But i run LND, not c-lightning.
Sorry the link preview thing was buggy, I said Wireguard or lnlink.app + CLN
I see. I hate to waste your time, but I don't see how lnlink app + CLN can hide my IP.
I thought we were talking about connecting to your node at home in the most efficient way possible. Wireguard is fine for your use case then.
I'm mostly thinking of how to run my nodes (CLN and Lnd) without using Tor but also not showing my IP to amboss and everyone else.
You can run the command server yourself with Headscale.
Most people will not do this
True. Hmm. Maybe we should advocate that these node platforms implement Headscale to help with this.
PiVPN is slightly more hands-on, but ends up being like 1 or 2 stupidly easy commands. Just sets up pure WireGuard w/no other external relay/lookup.
Raspiblitz already includes Zerotier which is a competitor to Tailscale.
Zerotier has the same problem
In the form provided by Raspiblitz yes. But Tailscale controller is closed source (Headscale is an open source reimplementation), while Zerotier controller is open source and you can host your own with the same code they run: https://github.com/zerotier/ZeroTierOne/tree/dev/controller
No sir — ZeroTier allows you to run your own controller 🧠
Again, no-one does this
Might be out of the loop here, but why not setup WireGuard and cut out the middle-men? My WG tunnels work perfectly, it didn’t take long to figure out setup, and there’s no limits and/or cost.
I'm trying to understand Wireguard. Would I be setting it up on my node at home, then adding a connection to an IP I don't care about (like a VPS I pay for), and then the IP of the VPS I'm using would appear to be my node's IP? Or is there some magical thing happening where Wireguard, running on my node at home without any other servers, can someone obscure my home IP?
it is super easy to set up, you can literally be up and running in like 10 minutes. just install wireguard on your server, wireguard tools on your client, create the config files on both, and then put your client public key on server, start the tunnel and you're in business
You just need a VPN into your local network. Then you can access your node like you are on your local network. You can run OpenVPN or WireGuard on any machine inside your network. Then, when you connect to that remotely, you will be "inside" your network.
Ok I think I see. So I would still need a VPN provider (I have one I pay for) and Wireguard is a superior client that can connect to that VPN provider. I was thinking there was some kind of magical tech that didn't involve any third party.
No, you dont need a "provider". You will be the provider
Oh my god. This sounds like magic and I'm simply not grokking. How would a peer node know how to find the service I'm providing?
My setup is entirely free.
WireGuard is a VPN protocol. You run the open source server somewhere on the network you want to get into and the client(s) on the devices you want to connect in using. You can do quite creative things with the config(s), but they pretty much mirror each other.
My IP is dynamic and I catch it using DuckDNS.
I understand this part: it is a VPN protocol and would run on same server as my nodes. The thing I don't understand is how any other Lightning peers would connect to me, unless they are also running a Watchguard client and I whitelist them.
But even then, a VPN endpoint needs an IP address. So instead of having my node IP showing, I'd have my Watchguard IP showing. (Which is also my home).
Your node won't be going through the VPN.. all the VPN will be doing is giving you access into your network from the outside.. your node will be connected however you would normally do it through clearnet, hybrid, tor, or i2p.
This was my point. If your LN node is already on public clearnet there’s no reason to not just use lightning itself to connect to your node. It’s basically the wireguard protocol anyways (noise). If it’s a tor-only node then yeah wireguard might make more sense since tor is shit.
Ok. I see the disconnect here. I'm currently running my nodes over Tor. It is shit. I'm considering going over clearnet for the nodes but not sure if I'm ready to share my home IP address. I believe all the suggestions were about how I could contact/admin my own node. I'm looking for options on how to change my node itself to no longer use Tor.
It seems like clearnet is maybe the only option, or I could maybe build a ssh-style on a VPS IP address or whatnot.
Just use a Cloudflare tunnel if you don't want your IP public
A VPN coming into your local network has nothing to do with all the other devices connected to your internal network. Its just a way into your network
udp is blocked on many public networks, which is why I eventually decided to build lnsocket + lnlink.app to do payments. Its the fastest possible and pretty much unblockable (modulo DPI) if using 443
Are there any good guides on setting up headscale?
😱😱😱😱😱
I’ve to learn how to use WireGuard soon
I use ZeroTier for same reason, and it is fantastic
Why not just setup a VPN on the router you use for your node?
I just have a old linksys router with open firmware installed on it that I run a VPN directly on to host any nodes. Protection from ip leaks etc.