Raspiblitz: tlsextraip settings for LND

Created on 15 Apr 2020  路  8Comments  路  Source: rootzoll/raspiblitz

Currently if I have there are more than 1 lines of tlsextraip is given in the lnd.conf there is a warning on the LCD:

While reading from '<string>' [line 18]: option 'tlsextraip' in section 'Application Options' already exists

Also the default setting tlsextraip=0.0.0.0 is not useful.
Any IP address or domain used to connect vis REST or GRPC needs to be added as a new
tlsextraip= or tlsextradomain= line.

See: https://github.com/lightningnetwork/lnd/blob/master/sample-lnd.conf#L31

picture openoms

Most helpful comment

I opened https://github.com/lightningnetwork/lnd/issues/4271 for the "finding" in my last comment here.

picture frennkie on 10 May 2020
🎉1 👍1

All 8 comments

Ah.. My bad. So you would suggest to not do any configuration validation from Raspiblitz side..?

frennkie picture frennkie on 15 Apr 2020

LND would not start with an erroneous lnd.conf, so I don't see the merit of checking it again.

openoms picture openoms on 15 Apr 2020

@openoms when is that happening ... the nodes I am running all just have one tlsextraip line and all is good.

rootzoll picture rootzoll on 17 Apr 2020

I needed to use multiple lines due to connecting through ZeroTier and using the Tor2IP tunnel too.

openoms picture openoms on 17 Apr 2020

I agree. The tlsextraip=0.0.0.0 line makes no sense and should be removed.

frennkie picture frennkie on 17 Apr 2020
👍1

Interesting (re)discovery.. run this on your Node: openssl x509 -in /mnt/hdd/lnd/tls.cert -noout -text | grep -A 1 "Subject Alternative Name"

frennkie picture frennkie on 17 Apr 2020

I opened https://github.com/lightningnetwork/lnd/issues/4271 for the "finding" in my last comment here.

frennkie picture frennkie on 10 May 2020
🎉1 👍1

when is that happening ... the nodes I am running all just have one tlsextraip line and all is good.

@rootzoll The point isn't really when this is happening.. the line makes no sense to me in any scenario. There is no possibility to connect to a RaspiBlitz using 0.0.0.0 as the destination IP address.

My suggestion would be to remove the lines that add this to lnd.conf from lnd.autounlock.sh. But I'm not sure whether we should also actively remove it from /mnt/hdd/lnd/lnd.conf. People who care can do this themselves. And new installations will not longer have this setting added.

Let me know if I missing something.

frennkie picture frennkie on 23 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cedricwalter picture cedricwalter  路  5Comments
2000jago picture 2000jago  路  5Comments
ChuckNorrison picture ChuckNorrison  路  4Comments
Kixunil picture Kixunil  路  3Comments
intorid picture intorid  路  3Comments