Lnd: Can't connect to my node remotely
My lnd is running on a Linux machine which has both 9735 and 10009 ports opened (also properly forwarded on the router).
I'm trying to use the latest Zap (built from the source) on Mac and LND Thin Wallet on iOS to connect to my node remotely but I always get "_No Lightning Node available at the provided address_" message. I don't see anything related in _lnd.log_ though.
I was able to connect to the node with Zap around 3 months ago then it stopped working.
I have no problem using lncli locally, though.
I see the port is listening for remote connection and sudo netstat -nap | grep 10009 shows the following:
tcp6 0 0 :::10009 :::* LISTEN 27689/lnd
tcp6 0 0 192.168.1.106:10009 178.41.84.181:24221 ESTABLISHED 27689/lnd
My lnd.conf looks like this:
debuglevel=info
debughtlc=true
listen=0.0.0.0:9735
externalip=lnd.freedomnode.com
rpclisten=0.0.0.0:10009
alias=freedomnode.com
color=#ffdc00
maxpendingchannels=10
bitcoin.mainnet=1
bitcoin.active=1
bitcoin.node=bitcoind
bitcoind.rpcuser=<user>
bitcoind.rpcpass=<pass>
bitcoind.zmqpath=tcp://127.0.0.1:18501
lnd.freedomnode.com points to my public dynamic IP address which is updated regularly whenever the IP changes.
I suppose the problem is with my node, not the clients as they both behave in the same way.
Your environment
- lnd 26636ce
- Linux hackingmachine 4.15.0-22-generic #24-Ubuntu SMP Wed May 16 12:15:17 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
- bitcoind 0.16 (latest binaries)
mariodian
All 25 comments
@mariodian we just added the ability for lnd to detect dynamically changing IPs, that sounds like it is your issue. Here is the PR https://github.com/lightningnetwork/lnd/pull/1109
We currently support UPnP and NAT-PMP, if your router is compatible with either then this may help. Try adding nat=1 to your conf?
cfromknecht
on 13 Jun 2018
You'll need to check that your router is actually forwarding the ports properly as well.
Roasbeef
on 14 Jun 2018
@cfromknecht I'm getting the following:
2018-06-15 23:39:42.421 [ERR] SRVR: Unable to discover a UPnP enabled device on the local network: context canceled
2018-06-15 23:39:42.421 [INF] SRVR: Scanning local network for a NAT-PMP enabled device
2018-06-15 23:39:43.179 [ERR] SRVR: Unable to discover a NAT-PMP enabled device on the local network: read udp 192.168.1.106:54003->192.168.1.1:5351: recvfrom: connection refused
2018-06-15 23:39:43.179 [ERR] SRVR: unable to create server: Unable to discover a NAT-PMP enabled device on the local network: read udp 192.168.1.106:54003->192.168.1.1:5351: recvfrom: connection refused
@Roasbeef it is because I run other nodes that work just fine. Just LND stopped a few months ago.
mariodian
on 15 Jun 2018
Nothing changed in lnd related to the networking. Instead it seems that it's your network configuration which as changed. The -nat command will try on a best effort basis, but if your router doesn't support either of those protocols, then you'll need to turn to other measures.
You also never described what error you see on your end.
Roasbeef
on 16 Jun 2018
I checked from the outside and the 10009 is listening.
NAT is enabled on my router but I don't know whether it supports UPnP or NAT-PMP and since it's made for Asian market (dlink 6740c) there's not much info about it either.
When it comes to errors, I don't see anything in logs. Just those two thin clients (Zap and LND Thin Wallet) tell me they can't connect to my node.
Zap: _Error: 14 UNAVAILABLE: Connect Failed_
LND Thin Wallet: _No Lightning Node available at the provided address_
When I try to connect from either of the wallets sudo netstat -nap | grep 10009 shows the following:
tcp6 0 0 192.168.1.106:10009 109.230.62.239:50306 ESTABLISHED 18535/lnd
_109.230.62.239_ is the current IP on my phone so it seems they communicate remotely.
Is it possible there may be an issue with the tls.cert?
mariodian
on 16 Jun 2018
Oh you're trying to connect over _RPC_, not the p2p network? Yeah I'd check that you generated the TLS cert properly as required. If that's properly generated, then I'd check with the authors of those respective projects.
Roasbeef
on 18 Jun 2018
Yes sorry for not making that clear.
Is there any tut on how to properly create the certificate?
mariodian
on 18 Jun 2018
Yes, that would be super helpful. Also regarding how to connect with Shango mobile wallet (@neogeno).
Stadicus
on 21 Jun 2018
See lnd -h for the tls related options. I'd ask the Shango wallet author to possibly improve their set up options.
Roasbeef
on 25 Jun 2018
@mariodian did you ever figure this out?
lobsterpub
on 25 Jul 2018
@lobsterpub nope. I haven’t figured out how to “properly” generate certificates. I’m on a dynamic IP and I’m not sure you can generate it for 0.0.0.0.
mariodian
on 25 Jul 2018
The way to go is probably using a dyndns with a domain name. Then you can create the certs as I have documented here:
https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_69_lncli-web.md#optional-certificates-for-remote-usage
Stadicus
on 25 Jul 2018
@Stadicus thanks so much, that worked!
_Feel free to send me a PM with your BTC/XMR address._
mariodian
on 25 Jul 2018
No worries, glad it worked out. 👍
Stadicus
on 26 Jul 2018
@Stadicus + @mariodian Thanks for reporting and guiding me to a fix!
Was having the same issue connecting from a remote client. I ended up using the tlsextraip config option to add my ip address, then removing tls.cert and tls.key from .lnd and restarting the client. This makes it generate the proper certificates.
LightningK0ala
on 1 Aug 2018
This seems to have worked for me too @LightningK0ala,
I'm now getting 'Unable to connect to host: Deadline Exceeded'
Any idea?
{
"identity_pubkey": "xxx",
"alias": "xxx",
"num_pending_channels": 0,
"num_active_channels": 0,
"num_peers": 3,
"block_height": 537701,
"block_hash": "0000000000000000002998ca859d1500ae99fe5cf314195f956e63d4d631299b",
"synced_to_chain": true,
"testnet": false,
"chains": [
"bitcoin"
],
"uris": [
],
"best_header_timestamp": "1534802319",
"version": "0.4.2-beta commit=7cf5ebe2650b6798182e10be198c7ffc1f1d6e19"
}
I'm connecting to a local node (192.168.0.X), port 10009 opened and verified with nmap.
LaurensN
on 21 Aug 2018
Awesome, forgot to copy the latest admin.macaroon from the server to the client (after deleting tls.cert + tls.key and letting lnd regenerate the files). It works now 👍
LaurensN
on 21 Aug 2018
@LightningK0ala I added the tlsextraip with my instance's external ip address and generated the new tls.cert and tls.key files and am using the same to connect to the instance from my machine. Getting this error:
{
"code": 14,
"metadata": {
"_internal_repr": {}
},
"details": "Name resolution failure"
}
nandubatchu
on 15 Dec 2018
@nandubatchu what's your connection string / url? Haven't seen this issue b4, I might not be the right person to ask :/
LightningK0ala
on 17 Dec 2018
@LightningK0ala found it. While connecting with RPC, had to remove http:// or https:// from the hostname.
nandubatchu
on 17 Dec 2018
The way to go is probably using a dyndns with a domain name. Then you can create the certs as I have documented here:
https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_69_lncli-web.md#optional-certificates-for-remote-usage
Hi @Stadicus, I have some issue to connect zap wallet to my node (on raspberry), doc link is broken, possible to have an updated link?
Loopingo
on 19 Dec 2018
The way to go is probably using a dyndns with a domain name. Then you can create the certs as I have documented here:
https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_69_lncli-web.md#optional-certificates-for-remote-usage
This link no longer works. Anyone know where I can find a guide to connect my node remotely?
I'm trying to be able to use my mobile Zap wallet across my cellular connection. I currently have it working when at home and connected to my LAN, but once I turn off wifi it no longer works.
KayBeSee
on 27 Feb 2019
The way to go is probably using a dyndns with a domain name. Then you can create the certs as I have documented here:
https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_69_lncli-web.md#optional-certificates-for-remote-usageHi @Stadicus, I have some issue to connect zap wallet to my node (on raspberry), doc link is broken, possible to have an updated link?
didn't get to test it but this might help https://ln-zap.github.io/zap-tutorials/iOS-remote-node-setup.html#optional-certificates-for-remote-usage-raspibolt-tutorial
aweli
on 5 Mar 2019
I don't know why this had been deleted from newer version, but here is the link to the deleted article.
https://github.com/Stadicus/guides/blob/fdd6f8a2db6c376d4b3adde204ed52924d76e2cf/raspibolt/raspibolt_69_lncli-web.md#optional-certificates-for-remote-usage
ryomo
on 2 Apr 2019
@LightningK0ala 's solution (--tlsextraip) solved our problem. In addition, if you are using domain name, --tlsextradomain works in a similar way.
Detoo
on 22 Jun 2019
Related issues
pm47
·
3Comments
hxsquid
·
3Comments
stevenroose
·
3Comments
qubenix
·
3Comments
Richard87
·
3Comments
Most helpful comment
@Stadicus + @mariodian Thanks for reporting and guiding me to a fix!
Was having the same issue connecting from a remote client. I ended up using the tlsextraip config option to add my ip address, then removing tls.cert and tls.key from .lnd and restarting the client. This makes it generate the proper certificates.