Author

Topic: [Lightning] Running a node behind NAT / Network Address Translation (Read 177 times)

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Interesting. A quick web search didn't bring up anything regarding externalhosts for c-lightning. Seems this is lnd exclusive. Good to keep in mind for the next LN box (still unsure between the 2 implementations rn).

c-lightning is probably a bit better then lnd for some things, and you can add a lot to it.
But, lnd does a lot more "out of the box" so to speak. It's a bit more bloaty in terms of code, but IMO, it is a bit of a one size fits all application.

And I feel lnd is easier to implement, and at a guess others do too, since it seems to be the go-to app for nodes in a box.

-Dave
Yup, agreeing on all points.

I found out that using announce-addr=[domain] and an A record on [domain], pointing to router's IPv4 should work. Will try when I get around to it and report back!
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Interesting. A quick web search didn't bring up anything regarding externalhosts for c-lightning. Seems this is lnd exclusive. Good to keep in mind for the next LN box (still unsure between the 2 implementations rn).

c-lightning is probably a bit better then lnd for some things, and you can add a lot to it.
But, lnd does a lot more "out of the box" so to speak. It's a bit more bloaty in terms of code, but IMO, it is a bit of a one size fits all application.

And I feel lnd is easier to implement, and at a guess others do too, since it seems to be the go-to app for nodes in a box.

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@75.127.136.68:9735
OR
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@dave.lightning.ninja:9735

will both get you to my node. If you have a bunch of nodes up it just makes sorting them a bit easier.
Interesting. I had my node set up with 'announce-address=[domain]' but it didn't work, a friend of mine couldn't find my node just through ID, gossip protocol somehow didn't relay my info with that setting. Somewhere I read that domains aren't resolved in Lightning so I needed to actually use IPv4, IPv6 or Tor address. But maybe that was old info? With which config entry do you set the domain? announce-addr? Or something else?

from https://github.com/lightningnetwork/lnd/blob/master/sample-lnd.conf
lines 64 to 67
Quote
; A list of domains for lnd to periodically resolve, and advertise the resolved
; IPs for the backing node. This is useful for users that only have a dynamic IP,
; or want to expose the node at a domain.
; externalhosts=my-node-domain.com

With that being said, no idea if having a dynamic IP and using a dynamic DNS provider can cause issues if between your IP changing and DNS being updated if something is being routed through your node or other financial transactions are happening at the same time.

-Dave
Interesting. A quick web search didn't bring up anything regarding externalhosts for c-lightning. Seems this is lnd exclusive. Good to keep in mind for the next LN box (still unsure between the 2 implementations rn).
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@75.127.136.68:9735
OR
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@dave.lightning.ninja:9735

will both get you to my node. If you have a bunch of nodes up it just makes sorting them a bit easier.
Interesting. I had my node set up with 'announce-address=[domain]' but it didn't work, a friend of mine couldn't find my node just through ID, gossip protocol somehow didn't relay my info with that setting. Somewhere I read that domains aren't resolved in Lightning so I needed to actually use IPv4, IPv6 or Tor address. But maybe that was old info? With which config entry do you set the domain? announce-addr? Or something else?

from https://github.com/lightningnetwork/lnd/blob/master/sample-lnd.conf
lines 64 to 67
Quote
; A list of domains for lnd to periodically resolve, and advertise the resolved
; IPs for the backing node. This is useful for users that only have a dynamic IP,
; or want to expose the node at a domain.
; externalhosts=my-node-domain.com

With that being said, no idea if having a dynamic IP and using a dynamic DNS provider can cause issues if between your IP changing and DNS being updated if something is being routed through your node or other financial transactions are happening at the same time.

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@75.127.136.68:9735
OR
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@dave.lightning.ninja:9735

will both get you to my node. If you have a bunch of nodes up it just makes sorting them a bit easier.
Interesting. I had my node set up with 'announce-address=[domain]' but it didn't work, a friend of mine couldn't find my node just through ID, gossip protocol somehow didn't relay my info with that setting. Somewhere I read that domains aren't resolved in Lightning so I needed to actually use IPv4, IPv6 or Tor address. But maybe that was old info? With which config entry do you set the domain? announce-addr? Or something else?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Option one is probably one of the hardest since many providers force regular DHCP changes on their residential customers to prevent this.
DYDNS is usually a good way around this.
Correct, but I don't see how to solve it via DynDNS. Afaik DynDNS is, well, DNS, so it translates a name to a (possibly often changing) IP, like a residential one. But I can't set a domain name as address in Lightning, at least I don't think any current implementation resolves hostnames.

03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@75.127.136.68:9735
OR
03f8a4c71e852ff1104d20ad204404992c120aaf0d41259ee02f96ad5f45f5fc8b@dave.lightning.ninja:9735

will both get you to my node. If you have a bunch of nodes up it just makes sorting them a bit easier.

Option two is what I use, but there are many nodes that do not so Tor so you do loose the potential of connecting to a bunch of people
Right, I think it's the easiest and safest to setup and use as well, and myself have both an onion and a fixed IPv4 address, but it's sad to hear many don't connect to Tor nodes, that was new for me!

From my 100% unscientific looking around and playing with my LN setups, it really seems that most people are on clearnet. I can't prove it or provide and pretty charts and graphs, but just from how many peers and channels I have and can see TOR just seems much more limited in terms of numbers and amounts.

Option three. Don't get me started, 90% of the world can't reach stuff on IPv6, there are major providers that would not know if it came up and bit them in the ass.
So bad? Cheesy To be honest, I'm not sure myself how to set an IPv6, but I'll try it and add guide-type info about all 3 methods in my starter post in the next days.

Yeah, so bad. At least here in the US most providers do not give IPv6 to home small biz users. 
I am sure there are some but even asking about it for the most part will get you nowhere.

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Option one is probably one of the hardest since many providers force regular DHCP changes on their residential customers to prevent this.
DYDNS is usually a good way around this.
Correct, but I don't see how to solve it via DynDNS. Afaik DynDNS is, well, DNS, so it translates a name to a (possibly often changing) IP, like a residential one. But I can't set a domain name as address in Lightning, at least I don't think any current implementation resolves hostnames.

Option two is what I use, but there are many nodes that do not so Tor so you do loose the potential of connecting to a bunch of people
Right, I think it's the easiest and safest to setup and use as well, and myself have both an onion and a fixed IPv4 address, but it's sad to hear many don't connect to Tor nodes, that was new for me!

Option three. Don't get me started, 90% of the world can't reach stuff on IPv6, there are major providers that would not know if it came up and bit them in the ass.
So bad? Cheesy To be honest, I'm not sure myself how to set an IPv6, but I'll try it and add guide-type info about all 3 methods in my starter post in the next days.

I was thinking: I could use a VPS that has a fixed IP and forwards requests to my residential IP. A device inside the local network will just have to inform the VPS of any changes. These things can be got for like 1$ a month, but maybe there's a better solution like via DNS? Not sure. Would be cool to hear of other options, if there are any outside the 3 I first mentioned!
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
My idea for this topic was to create a guide about properly running a Lightning node behind NAT, which is what is present in most home networks.
It's the way my node runs and I'd like to summarize the various options & discuss about other possibilities and what the 'best' solutions are depending on scenario.

To my knowledge, the gossip protocol needs to know your IP or onion address, so you can't unfortunately use a fixed domain of yours and DynDNS to point it to your home IP. This is an issue for people whose IP changes frequently. Some ISPs reconnect all routers every 24h thus giving them a new IP daily for example. If however, you have a fixed IP, it's quite simple.

First of all, in default settings, behind NAT without open ports, you can use the node, create new channels and send & receive payments without any of the following, but others won't be able to find and connect to you.

Option 1: Forward port 9735 in router and use IPv4 address. Totally fine as long as your IP isn't changing all the time.
Option 2: Use Tor (onion address) - basically like tunneling through a VPS, whose IP stays the same, even if yours is changing and you remain reachable.
Option 3: Use a unique IPv6 address that is exposed / reachable from the internet and doesn't change when your router's IP changes, since it's directly associated with your node device only.



I'm looking forward to your opinions on above methods, any corrections of mistakes and additional options I haven't yet considered!
Looking to update this starter post with better and more accurate information then.
Maybe also some screenshots, example configs etc. for newbies!

Option one is probably one of the hardest since many providers force regular DHCP changes on their residential customers to prevent this.
DYDNS is usually a good way around this.

Option two is what I use, but there are many nodes that do not so Tor so you do loose the potential of connecting to a bunch of people

Option three. Don't get me started, 90% of the world can't reach stuff on IPv6, there are major providers that would not know if it came up and bit them in the ass.

-Dave
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
My idea for this topic was to create a guide about properly running a Lightning node behind NAT, which is what is present in most home networks.
It's the way my node runs and I'd like to summarize the various options & discuss about other possibilities and what the 'best' solutions are depending on scenario.

To my knowledge, the gossip protocol needs to know your IP or onion address, so you can't unfortunately use a fixed domain of yours and DynDNS to point it to your home IP. This is an issue for people whose IP changes frequently. Some ISPs reconnect all routers every 24h thus giving them a new IP daily for example. If however, you have a fixed IP, it's quite simple.

First of all, in default settings, behind NAT without open ports, you can use the node, create new channels and send & receive payments without any of the following, but others won't be able to find and connect to you.

Option 1: Forward port 9735 in router and use IPv4 address. Totally fine as long as your IP isn't changing all the time.
Option 2: Use Tor (onion address) - basically like tunneling through a VPS, whose IP stays the same, even if yours is changing and you remain reachable.
Option 3: Use a unique IPv6 address that is exposed / reachable from the internet and doesn't change when your router's IP changes, since it's directly associated with your node device only.



I'm looking forward to your opinions on above methods, any corrections of mistakes and additional options I haven't yet considered!
Looking to update this starter post with better and more accurate information then.
Maybe also some screenshots, example configs etc. for newbies!
Jump to: