Topic: Using Electrum via Proxy - page 2. (Read 801 times)

nbxplore is a prereq for btcpayserver, otherwise you don't need your own block explorer (and, eventough the name contains the word xplore, it's not a real block explorer, merely an utxo tracker)
But for the rest it looks like you're on the right track!

bitcoind + lnd (or c-lightning) + nbxplore + btcpayserver

This setup will allow you to create custom invoices, and do automatic billing aswell... And, there's a free plugin for wordpress+woocommerce

If you use the xpub generated by wasabi, you can directly coinjoin from wasabi's gui and have a reasonable amount of privacy (meaning: it'll be very, very, very hard for anybody to detect how much btc you're actually holding, and it'll be very, very, very hard for anybody to link the coinjoined btc in your wallet to your identity). If you're afraid a hacker will get his/her hands on your xpub and nullify your coinjoins, you could always opt for 2 wallets (like i said in my previous post): one for receiving funds, then move your funds to a second wallet and coinjoin over there. If a hacker ever gets his hands on your xpub, it'll be the xpub from your first (receiving) wallet, and not the xpub from the wallet where your funds were coinjoined.
Instead of coinjoining, you could also send funds from the first wallet to a mixer, and chose an address generated by the second wallet as the mixer's output.

Good luck! If you have specific questions about the bitcoind + lnd + nbxplore + btcpayserver + apache/nginx/... + wordpress + woocommerce + ... setup => don't hesitate to ask! I'm a c-lightning fan myself, but i've recently done the rest of the setup.

Well when you put it like that... everything becomes much more clear.

It is going to be a clearnet site, and it is a combination of WooCommere + Wordpress. I will have to manually generate some invoices, but majority of the time, the prices will be set and I would like the shop to handle the accounting logistics (and if I could figure out a way for people to place bids, that would be super cool). Not trying to evade taxes or hide from the IRS, and I am already doxed, so realistically I just want the ability to accept crypto payments the right way.  

I have bitcoind and lnd already installed. Just need to figure out the wallet situation and download a block explorer; I already planned on using btcpayserver .

And by no means am I an expert,  quite the opposite actually. Would rather start with a beginner setup that I can handle and if anything progress towards the more technical, complex setups further down the line once I have a better handle on things.

Well, this might change things a little bit... Yes..
A couple follow up questions:

• Is it a clearnet website
• Will you be using a shopping script (woocommerce, opencart, prestashop,...)
• What will be the level of automation (will you be generating addresses/ln invoices manually, or will your shop be handling all this accouting?)
• What level of anonimity are you requiring: protection against a $5 wrench attack, protecting yourself from the IRS (or any other tax authority) or selling bitcoins in a country where owning cryptocurrencys is so illegal you'll end up in jail

If it's a clearnet site with shopping script and automatic accounting, i'd probably go for bitcoind + c-lightning + nbxplore + btcpayserver.

You'll need to think the anonimity aspect completely trough tough... I mean, if it's a clearnet site, you're already pretty exposed as it is... You have a host that can keep logs (or you've rented a dedicated box/vps), you have purchased a domain name,...
People will be able to link deposit addresses to your domain/ip/..., they'll need to be able to open channels to your lightning wallet aswell.
If you want automatic accounting, you'll need to derive addresses from an xpub (btcpayserver does this for you), if a hacker gets his hands on this xpub, he'll be able to derive all past and future deposit addresses presented to all your clients (he won't be able to rob them tough).

Without knowing the full picture, it's hard to give advice, but if you're running a clearnet shop, and you want a reasonable amount of privacy, i guess you might be best off creating 2 wasabi wallets, you export the xpub from the first one and import it into btcpayserver, after a couple ln channels have closed you move funds to this wallet aswell. After a while you move your funds from the first wallet to the second one and then do a coinjoin, or you use a mixer between the first and the second wallet... This *should* be enough to protect you from a $5 wrench attack.

Other setups are possible too, but the flow, the level of expertise and the amount of time required to setup/maintain setups will increase almost exponentially if you start messing around with bulletproof hosting, hidden services, i2p, lightningd over tor, bitcoind over tor,... In case you need these kinds of setups, i'd probably tell you to hire a security expert and let him/her help you set things up, and teach you how to maintain everything...

For my use case, I am trying to determine the level of privacy that is actually necessary.

FYI, I am building a website and would like to have the capacity to accept BTC and lightning network payments. Not sure if that changes anything, but the main factors I am looking for are safety, privacy, and efficiency. With that in mind, do you think going through the extra hurdles to get electrum up and running is worth it? Or is it just not worth the extra effort? I plan on moving the coins to a hardware wallet most of the time anyways, so this would just be for sending/receiving and temporary short-term storage. I thought that having electrum available on multiple devices might prove beneficial, but maybe I am mistaken or overvaluing the utility it provides? I already have Wasabi downloaded, and am very close to just using that and calling it a day.

As for Discord, yes I am aware it is not the most privacy savvy. However, I do have 2fa enables and take the necessary precautions that are available to protect myself. I have no problems hanging out on this Bitcoin talk forum, however, I assume I will be much less active on here and check it much less frequently than I would a discord server. As we all know, there does come a point where privacy compromises convenience..

I didn't check if it was arm compatible tbh... But apparently, there are problems with dependencies:
https://github.com/zkSNACKs/WalletWasabi/issues/2189

I just (wrongfully) assumed you'd be able to run wasabi on an rpi...

So, basically linux or windows on x64 or mac

Or your router has a firewall enabled?

Try to set up your router/modem and disable your firewall it might be one of the reasons why the Electrum can't connect to your Tor.
Or your Electrum is not set up properly.

Much better bring your issue here https://github.com/Stadicus/RaspiBolt/issues
So that other raspibolt users can help with your issue or start again and maybe you forgot something.

Start from this guide and follow it properly
- https://github.com/Stadicus/RaspiBolt/blob/master/raspibolt_20_pi.md#L249

about Wasabi: it would probably fit best on your desktop, eventough you could run it on a rPi aswell (you'd have to make sure x forewarding is enabled tough...).

Hidden-service related, wasabi is basically "the same" as if you'd run tor on your local machine and configured electrum to use your local tor proxy. The big difference is that wasabi actually eliminates the need to run tor seperately (tor is just part of wasabi's setup), a second "plus" on wasabi's side is that routing packets over tor is default for wasabi, and not default for electrum (so if you start wasabi for the first time, tor will already be enabled, whilst if you run electrum for the first time without adding command line parameters or additional config, it won't route it's packages over tor).
You could configure wasabi not to route it's packages over the tor network, and you can configure electrum to route it's packages over the tor network... There's just a difference in default behaviour. And since the default behaviour of wasabi is to route it's packages over tor, it has tor included in it's bundle, making your life a little bit easyer

Now, don't get me wrong... I use electrum all the time, it's a great wallet (eventough you have to make sure you're downloading it from the correct repo, and double check the signature), it's just that wasabi comes with better privacy features out of the box. This doesn't make wasabi safer, faster or more feature-rich... It just makes it more private without having to jump trough a couple of extra hoops).

btw: a big plus on electrum's side is that you can also run it as a daemon (without gui). That way it's easyer to run on your rPi without having to mess with x forewarding... And electrum is also older, so it *should* theoretically be vetted more than wasabi... But both wallets are open-source, and both have been vetted by the community... So i wouldn't worry about this to much...

Funny you say that...

I thought to myself the other day that this seemed quite complicated for what was supposed to be a rather simple setup. As this is just the wallet, I would probably be fine settling for something like a Wasabi. Is that the consensus best alternative, and do I download it to the pi or my local desktop?

Only reason I went with Electrum in the first place is because it was in the guide and not cutting any corners seemed like the right thing to do. However, if there is no real difference in privacy, I would much rather use the easier, more efficient, updated wallet. I am just about over troubleshooting lol 

Out of curiosity, is there perhaps a discord forum for bitcoin talk? I am online much more often over there. Regardless, I appreciate all the guidance!

P.s. Thank you for the first merit. Happy to stick around as one of the good guys

I quickly browsed this topic, and the RaspiBolt documentation... And i just wanted to ask: is there any point in making your setup so complicated?
The more layers you add, the more devices, the more daemons, the more firewalls, proxy's, certificates,... The bigger the odds you mess up and expose yourself...

You could just run tor on your local machine, then connect electrum trough your local tor proxy and have really good privacy.
Sure, you'll be using public electrum nodes, but you'd be connecting over tor.

An other option would be to switch to wasabi, which has the tor bundle built-in, and it has an out-of-the-box coinjoin application, which makes it easy to gain privacy after receiving funds.

I know this isn't the answer to your question, i just want to tell you there might be an easyer sollution for many use-cases instead of configuring a pi as electrs node, making it a hidden service and connecting a local electrum client to your electrs node over tor...

This being said, i'd probably start troubleshooting by:

• testing out your electrs node over the clearnet... If it doesn't work over the clearnet, you know it'll never work as a hidden service
• disabling your firewall to test for firewall issues. If it works when you disable your firewall service, but doesn't when you re-enable it, it's a firewall issue
• "service tor status". Is it active? Maybe even setup a second hidden service like nginx, so you have an "easy" testcase
• try connecting to your electrs hidden service using telnet (yes, telnet is still a thing... I use it quite often when debugging a setup)
• letting somebody else test your electrs node, connecting trough your hidden service. IF somebody else can use your hidden service, but you cannot, it's a client issue... Afterwards, you can just remove tor's keyfiles and let it generate new ones, the tester will never be able to expose you this way

PS/EDIT: I gave you post a merit, please stick around on bitcointalk... We need more people that are discussing topic like this one, and less people that come here to spam ico's

Is there a firewall of some description running on the Pi? If you're not able to connect, and there is nothing showing in the "electrs" debugging that shows connection attempts, it's possible the connection is being blocked.

Hi,

I checked the Tor configuration and all seems correct. Restarted Tor and ran the commands to start, enable, and start Tor through service. Typed in journalctl -xe and was met with this.

https://i.imgur.com/nufXw7v.jpg

All seems like it's running okay, no apparent issues. However, even without using proxy, I still cannot connect to my raspberry Pi via IP address (showing red light on Electrum). The proxy is working through public servers when I have the Tor browser open on my computer, but still does not work when I use my Pi's IP.

It's a tor issue or you might put set it to different port as you can see on the logs it show 9150 that's why the error shows (Host unreachable).

Check this guide on how to install the Tor here https://stadicus.github.io/RaspiBolt/raspibolt_22_privacy.html#tor-project

After install modify the Tor configuration to make sure both Electrum use the same port.


Then restart the Tor to apply the config.


The guides is under than link above.
Now make sure Electrum is use the same port.

That seems to indicate that the electrs "hidden service" may not be running properly due to the directory permissions... either you need to change the user, or the directory permissions for your current user.

Possibly something has gone astray during your setup and subsequent troubleshooting etc.

Looks like I am running into a problem where Electrum (on my computer) will not connect to my Raspberry Pi via its IP. I think this is related to the issue I am having - I keep getting hit with a red light, even without a proxy on. Not sure how to proceed, it worked before but I have reinstalled Electrum several times at this point.

In relation to my issues with the Tor proxy, I tried typing in "tor" on the SSH command line prompt to my Pi and was greeted with this snippet of information. Maybe this is related to my problem?

https://i.imgur.com/ebGWPWv.jpg

Hi everyone,

So I uninstalled Electrum and restarted the Electrum section of the Stadicus guide to see if I missed anything (any command line entries or improper file writing). Still ending up with no connection. I followed HCP's advice and found the debug.log in the %appdata% folder. Everything seems to be working up until this error comes up:

https://i.imgur.com/YCA8LfP.jpg

In response to BitMaxz, the Tor proxy I am using appears to be online - Tor has been locally installed on my computer - not sure how to run it first through command, I simply open the Tor client prior to opening Electrum.

In response to bob123, I'm not sure how to check the logs from my server.

My apologies for the lack of experience with command line and technical jargon, I am new to all of this.

Hoping this info can help you help me. Thanks!

Did you check the log files?
There must be an issue somewhere (either client- or server side).

You can start troubleshoot the issue by checking your client logs (electrum) and then, if it just says it couldn't connect, check the logs from your server.

Maybe the Tor server he trying to use might not active or offline.

Did you install the Tor locally?
You must run the Tor service first through command.

Check this video below just found it on Youtube.
- Electrum over Tor

Is the pi running the server not expecting a tor proxy for connections? I don't think you can just connect to it directly if so?

Also is the server you're trying to connect to fully synchronised? If you've connected to an external one it might be expecting a block height >= that servers block height.

There's not much info from that image aside from a non-connected state Electrum.

It's best if you can follow HCP's guide above to get the debug.log in order to see what's the actual issue.
Just carefully censor the parts which you do not want to share for privacy reasons.

Hi all,

I reinstalled Electrum 4.0.3 to get the most up-to-date version of the software so I can follow along with your help. I recreated my test wallet (nothing in it to make sure I'm not playing around with real funds yet) and attempted to connect to my Raspberry Pi using the device IP and port 50002. It seems like Electrum will not even connect to the Pi anymore (red light on connection) and I can't figure out why.

The service works just fine when I check "Select server automatically", the light turns green. Here's a screenshot of the client in action:
https://i.imgur.com/3D88yev.jpg

Not sure what is going wrong here, would appreciate some further assistance. Thanks!