lnme icon indicating copy to clipboard operation
lnme copied to clipboard

Published 20 hours ago verified publisher icon bumi

Connect to lightning node through TOR

Open carlosmassa opened this issue 5 years ago • 18 comments
trafficstars

Is there any way to connect lnme to a lightning node like Umbrel (https://github.com/getumbrel/umbrel) through an REDACTED.onion:8333 address?

carlosmassa avatar Oct 28 '20 05:10 carlosmassa

hey! thanks for bringing this up! Right now I think this is not possible out of the box (or without additional proxies.) But this is for sure something that I would like to add. Can you help with that? Do you want to run lnme on the same system as umbrel or somewhere else?

bumi avatar Oct 28 '20 22:10 bumi

Hi! I'd like to run lnme in a github hosted webpage, and connect to a remote umbrel node. I can definitely help with testing.

carlosmassa avatar Oct 29 '20 05:10 carlosmassa

Running it as a static page does sadly not work. The invoice needs to be created that's why this is a small Golang app that does this for you. You can then embed it in any page, but the server part needs to run. - potentially that can run on the same machine as your LND node.

bumi avatar Oct 29 '20 14:10 bumi

My LND node runs on a raspberry pi, and I can run javascript on a GitHub static page.

Would it work if the app to create the invoice runs in that same server and then a piece of javascript is embedded on the static webpage?

carlosmassa avatar Oct 29 '20 15:10 carlosmassa

yes, that's the idea. lnme runs on the same sever as your LND and then you can use JS from a static page to get the invoice. As described here: https://github.com/bumi/lnme#javascript-widget-integration

you only need to make sure that the JS can access lnme on your raspberry pi server then.

bumi avatar Oct 29 '20 17:10 bumi

Ok, I understand now. Thanks! Looks like an easy setup. It would be great if lnme could be accessed through a TOR hidden service to avoid exposing the IP address of the bitcoin full and lightning node.

carlosmassa avatar Oct 30 '20 03:10 carlosmassa

If you run lnme on the same node it connects through localhost. but then the lnme must be accessible. Connecting from the outside through tor should for sure be easier and I will add this to lnme. Do you by any chance have a tor test LND node?

bumi avatar Oct 30 '20 10:10 bumi

I have a branch that supports connecting through tor. You can test it here: https://github.com/bumi/lnme/tree/tor-connections feedback welcome!

bumi avatar Nov 02 '20 20:11 bumi

Very interesting project. Straight to the point. I was trying to use BTCPAY server, but it seems too complex for what I need.

I will try to make it work on TOR and give you feedback anyway.

Thanks!!

aplnx avatar Jun 29 '21 21:06 aplnx

It didn't work so far.

I have all tls.* set. Tor is running ok. Hidden Services are set on 10009.

It returns the following error message:

2021/08/24 17:23:18 Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "raspberrypi")"

aplnx avatar Aug 24 '21 20:08 aplnx

thanks for your feedback! sadly I do not have much experience with TOR so far, so help is greatly appreciated.

your error message does not sound that bad to me...it seems a connection could be made but the LND cert was invalid? are you sure you have the correct cert? with which command do you run lnme?

bumi avatar Aug 25 '21 07:08 bumi

thanks for your feedback! sadly I do not have much experience with TOR so far, so help is greatly appreciated.

your error message does not sound that bad to me...it seems a connection could be made but the LND cert was invalid? are you sure you have the correct cert? with which command do you run lnme?

It was my bad. The current version of lnme I am working on was picking old tls files from other directory path. I could not notice that until today. It is now working like a charm! Thanks!

By the way, congratulations for your work. Lnme is very good and I am loving it!

I have no experience working as github collaborator. I have added interesting features to lnme. If you are interested to know it, please, let me know.

aplnx avatar Aug 25 '21 12:08 aplnx

ok, that's great to hear! thanks! You've worked with the tor branch? (https://github.com/bumi/lnme/tree/tor-connections)?

yes, please! any interesting feature would be helpful. feel free to open issues (and PRs if you have some code... I am happy to help if you have questions)

bumi avatar Aug 26 '21 08:08 bumi

I'm trying to set up my lnme and I have it working fine using clearnet, but when I change my lnd-address in my config to my tor address I get the following message: Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: EOF"

I'm testing by paying myself through Thunderhub. Here are the errors that spits out if they help at all:

{
  error: Error: Server Error
      at LnUrlResolver.lnUrlPay (/app/dist/modules/api/lnurl/lnurl.resolver.js:105:23)
      at runMicrotasks (<anonymous>)
      at processTicksAndRejections (node:internal/process/task_queues:96:5)
      at async target (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:74:28)
      at async Object.lnUrlPay (/app/node_modules/@nestjs/core/helpers/external-proxy.js:9:24),
  level: 'error',
  message: 'Error paying to LnUrl service',
  timestamp: '2023-07-12T22:27:51.112Z'
}
{
  context: 'ExceptionsHandler',
  stack: [
    'Error: ProblemPayingLnUrlService\n' +
      '    at LnUrlResolver.lnUrlPay (/app/dist/modules/api/lnurl/lnurl.resolver.js:110:19)\n' +
      '    at runMicrotasks (<anonymous>)\n' +
      '    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n' +
      '    at async target (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:74:28)\n' +
      '    at async Object.lnUrlPay (/app/node_modules/@nestjs/core/helpers/external-proxy.js:9:24)'
  ],
  level: 'error',
  message: 'ProblemPayingLnUrlService',
  timestamp: '2023-07-12T22:27:51.112Z'
}

When I start the application (lnme) I see it connecting to my .onion followed by the cli splash and http server started on so I assume no errors on start.

theLockesmith avatar Jul 12 '23 22:07 theLockesmith

@theLockesmith the macaroon and the certificate are correct? the error "authentication handshake failed" sounds like the authentication issue?

bumi avatar Jul 12 '23 23:07 bumi

@bumi that was my first thought. I've tried both the file path and the hex with both clearnet and tor addresses, and both path and hex work for clearnet. Unless I need to pass them differently for tor, they're both correct afaict.

theLockesmith avatar Jul 12 '23 23:07 theLockesmith

ok. and the onion address is correct with port an everything? but I think the error looks also more like it's on the tor connection side. but sadly I don't know right now.

bumi avatar Jul 13 '23 00:07 bumi

I changed it back to the tor address to test and the error has changed: Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing socks connect tcp 127.0.0.1:34887->my.onion:[port]: unknown error host unreachable" I think you're right with it being on the tor side. I'll dig around some. Thanks.

theLockesmith avatar Jul 13 '23 01:07 theLockesmith