Connect to lightning node through TOR

[carlosmassa]

Is there any way to connect lnme to a lightning node like Umbrel (https://github.com/getumbrel/umbrel) through an REDACTED.onion:8333 address?

[bumi]

hey! thanks for bringing this up! Right now I think this is not possible out of the box (or without additional proxies.)
But this is for sure something that I would like to add. Can you help with that?
Do you want to run lnme on the same system as umbrel or somewhere else?

[carlosmassa]

Hi! I'd like to run lnme in a github hosted webpage, and connect to a remote umbrel node. I can definitely help with testing.

[bumi]

Running it as a static page does sadly not work. The invoice needs to be created that's why this is a small Golang app that does this for you. You can then embed it in any page, but the server part needs to run. - potentially that can run on the same machine as your LND node.

[carlosmassa]

My LND node runs on a raspberry pi, and I can run javascript on a GitHub static page.

Would it work if the app to create the invoice runs in that same server and then a piece of javascript is embedded on the static webpage?

[bumi]

yes, that's the idea. lnme runs on the same sever as your LND and then you can use JS from a static page to get the invoice.
As described here: https://github.com/bumi/lnme#javascript-widget-integration

you only need to make sure that the JS can access lnme on your raspberry pi server then.

[carlosmassa]

Ok, I understand now. Thanks! Looks like an easy setup. It would be great if lnme could be accessed through a TOR hidden service to avoid exposing the IP address of the bitcoin full and lightning node.

[bumi]

If you run lnme on the same node it connects through localhost. but then the lnme must be accessible.
Connecting from the outside through tor should for sure be easier and I will add this to lnme.
Do you by any chance have a tor test LND node?

[bumi]

I have a branch that supports connecting through tor. You can test it here: https://github.com/bumi/lnme/tree/tor-connections
feedback welcome!

[aplnx]

Very interesting project. Straight to the point. I was trying to use BTCPAY server, but it seems too complex for what I need.

I will try to make it work on TOR and give you feedback anyway.

Thanks!!

[aplnx]

It didn't work so far.

I have all tls.* set. Tor is running ok. Hidden Services are set on 10009.

It returns the following error message:

2021/08/24 17:23:18 Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "raspberrypi")"

[bumi]

thanks for your feedback! sadly I do not have much experience with TOR so far, so help is greatly appreciated.

your error message does not sound that bad to me...it seems a connection could be made but the LND cert was invalid?
are you sure you have the correct cert? with which command do you run lnme?

[aplnx]

thanks for your feedback! sadly I do not have much experience with TOR so far, so help is greatly appreciated.

your error message does not sound that bad to me...it seems a connection could be made but the LND cert was invalid?
are you sure you have the correct cert? with which command do you run lnme?

It was my bad. The current version of lnme I am working on was picking old tls files from other directory path. I could not notice that until today. It is now working like a charm! Thanks!

By the way, congratulations for your work. Lnme is very good and I am loving it!

I have no experience working as github collaborator. I have added interesting features to lnme. If you are interested to know it, please, let me know.

[bumi]

ok, that's great to hear! thanks! You've worked with the tor branch? (https://github.com/bumi/lnme/tree/tor-connections)?

yes, please! any interesting feature would be helpful. feel free to open issues (and PRs if you have some code... I am happy to help if you have questions)

[theLockesmith]

I'm trying to set up my lnme and I have it working fine using clearnet, but when I change my lnd-address in my config to my tor address I get the following message:
Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: EOF"

I'm testing by paying myself through Thunderhub. Here are the errors that spits out if they help at all:

{
  error: Error: Server Error
      at LnUrlResolver.lnUrlPay (/app/dist/modules/api/lnurl/lnurl.resolver.js:105:23)
      at runMicrotasks (<anonymous>)
      at processTicksAndRejections (node:internal/process/task_queues:96:5)
      at async target (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:74:28)
      at async Object.lnUrlPay (/app/node_modules/@nestjs/core/helpers/external-proxy.js:9:24),
  level: 'error',
  message: 'Error paying to LnUrl service',
  timestamp: '2023-07-12T22:27:51.112Z'
}
{
  context: 'ExceptionsHandler',
  stack: [
    'Error: ProblemPayingLnUrlService\n' +
      '    at LnUrlResolver.lnUrlPay (/app/dist/modules/api/lnurl/lnurl.resolver.js:110:19)\n' +
      '    at runMicrotasks (<anonymous>)\n' +
      '    at processTicksAndRejections (node:internal/process/task_queues:96:5)\n' +
      '    at async target (/app/node_modules/@nestjs/core/helpers/external-context-creator.js:74:28)\n' +
      '    at async Object.lnUrlPay (/app/node_modules/@nestjs/core/helpers/external-proxy.js:9:24)'
  ],
  level: 'error',
  message: 'ProblemPayingLnUrlService',
  timestamp: '2023-07-12T22:27:51.112Z'
}

When I start the application (lnme) I see it connecting to my .onion followed by the cli splash and http server started on so I assume no errors on start.

[bumi]

@theLockesmith the macaroon and the certificate are correct? the error "authentication handshake failed" sounds like the authentication issue?

[theLockesmith]

@bumi that was my first thought. I've tried both the file path and the hex with both clearnet and tor addresses, and both path and hex work for clearnet. Unless I need to pass them differently for tor, they're both correct afaict.

[bumi]

ok. and the onion address is correct with port an everything?
but I think the error looks also more like it's on the tor connection side.
but sadly I don't know right now.

[theLockesmith]

I changed it back to the tor address to test and the error has changed:
Error creating invoice: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing socks connect tcp 127.0.0.1:34887->my.onion:[port]: unknown error host unreachable"
I think you're right with it being on the tor side. I'll dig around some. Thanks.