|
|
|
HOWTO USE TOR WITH C-LIGHTNING
|
|
|
|
|
|
|
|
what do we support
|
|
|
|
|
|
|
|
1 c-lightning has a public IP address and no TOR hidden service address,
|
|
|
|
but can connect to an onion address via a TOR socks 5 proxy.
|
|
|
|
|
|
|
|
2 c-lightning has a public IP address and a fixed TOR hidden service address that is persistent
|
|
|
|
so that external users can connect to this node.
|
|
|
|
|
|
|
|
3 c-lightning has a public IP address and not fixed TOR service address that (changes at each restart
|
|
|
|
and that vanish at restart of tor)
|
|
|
|
so that external users can connect to this node by TOR and IP
|
|
|
|
|
|
|
|
4 c-lightning has no public IP address, but has a fixed TOR hidden service address that is persistent
|
|
|
|
so that external users can connect to this node.
|
|
|
|
|
|
|
|
5 c-lightning has no public IP address, and has no fixed TOR hidden service address
|
|
|
|
(changes at each restart and vanish at restart of tor) to make it harder to track this node.
|
|
|
|
|
|
|
|
6 c-lightning has a public IP address and a fixed TOR V3 service address and a TOR V2 service address
|
|
|
|
that (changes at each restart and that vanish at restart of tor)
|
|
|
|
so that external users can connect to this node by TOR V2 and V3 and IP
|
|
|
|
|
|
|
|
7 c-lightning has no public IP address and a fixed TOR V3 service address and fixed TOR V2 service address
|
|
|
|
a 3rd V2 address that (changes at each restart and that vanish at restart of tor)
|
|
|
|
so that external users can connect to this node by TOR V2 and V3 and a random V2 until next tor release then also (V3 randomly)
|
|
|
|
|
|
|
|
8 c-lightning has a public IP address and no TOR hidden service address,
|
|
|
|
but can connect to any V4/6 ip address via a IPV4/6 socks 5 proxy.
|
|
|
|
|
|
|
|
|
|
|
|
to use tor you have to have tor installed an running.
|
|
|
|
|
|
|
|
i.e.
|
|
|
|
sudo apt install tor
|
|
|
|
/etc/init.d/tor start
|
|
|
|
|
|
|
|
if new to tor you might not change the default setting
|
|
|
|
# The safe default with minimal harassment (See tor FAQ)
|
|
|
|
ExitPolicy reject *:* # no exits allowed
|
|
|
|
|
|
|
|
this does not effect c-ln connect listen etc.
|
|
|
|
it will only prevent that you become a full exitpoint
|
|
|
|
Only enable this if you are sure about the implications.
|
|
|
|
|
|
|
|
|
|
|
|
if you want an auto service created
|
|
|
|
edit the torconfig file /etc/tor/torrc
|
|
|
|
|
|
|
|
set
|
|
|
|
ControlPort 9051
|
|
|
|
CookieAuthentication 1
|
|
|
|
CookieAuthFileGroupReadable 1
|
|
|
|
|
|
|
|
or create a password with
|
|
|
|
|
|
|
|
cmdline
|
|
|
|
tor --hash-password yourepassword
|
|
|
|
|
|
|
|
this returns an line like
|
|
|
|
16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F
|
|
|
|
|
|
|
|
put this in the /etc/tor/torrc file
|
|
|
|
|
|
|
|
i.e.
|
|
|
|
HashedControlPassword 16:533E3963988E038560A8C4EE6BBEE8DB106B38F9C8A7F81FE38D2A3B1F
|
|
|
|
|
|
|
|
save
|
|
|
|
and
|
|
|
|
/etc/init.d/tor restart
|
|
|
|
|
|
|
|
then you can use c-lightning with following options
|
|
|
|
|
|
|
|
--tor-service-password=yourpassword (not the hash) to access the tor service at 9051
|
|
|
|
|
|
|
|
--proxy=127.0.0.1:9050 : set the Tor proxy to use
|
|
|
|
|
|
|
|
or the password for the service if cookiefile is not accessable
|
|
|
|
|
|
|
|
--announce-addr=autotor:<torservice_ip:port> : try to generate an temp V2 onion addr.
|
|
|
|
|
|
|
|
NOTE if --always-use-proxy set all traffic will be rooted over the proxy, or if no non-TOR addresses are announced.
|
|
|
|
|
|
|
|
you can also set a fixed announce onion addr by option
|
|
|
|
--announce-addr=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion[:port] (V2 or V3 is allowed)
|
|
|
|
|
|
|
|
this addr can be created
|
|
|
|
in /etc/tor/torrc
|
|
|
|
|
|
|
|
HiddenServiceDir /var/lib/tor/bitcoin-service_v2/
|
|
|
|
HiddenServiceVersion 2
|
|
|
|
HiddenServicePort 1234 127.0.0.1:9735
|
|
|
|
|
|
|
|
and in later v3 enabled tor version's you can use for V3
|
|
|
|
|
|
|
|
HiddenServiceDir /var/lib/tor/other_hidden_service_v3/
|
|
|
|
HiddenServiceVersion 3
|
|
|
|
HiddenServicePort 1234 127.0.0.1:9735
|
|
|
|
|
|
|
|
|
|
|
|
the addr for
|
|
|
|
the --announce-addr option
|
|
|
|
or legacy use
|
|
|
|
|
|
|
|
you find after /etc/init.d/tor restart
|
|
|
|
|
|
|
|
i.e.
|
|
|
|
in /var/lib/tor/other_hidden_service_v3/hostname
|
|
|
|
|
|
|
|
to see your onion addr use
|
|
|
|
cli/lightning-cli getinfo
|
|
|
|
|
|
|
|
the .onion addr has not to be announced to other nodes
|
|
|
|
but you can with --announce-addr=xxxxxxxxxxxxxxxxxxxxxxx.onion[:port]
|
|
|
|
|
|
|
|
if the < port_global: 127.0.0.1:port_local > in torrc fit with your
|
|
|
|
lightningd options
|
|
|
|
|
|
|
|
--bind-addr=xxx.xxx.xxx.xxx:port_local
|
|
|
|
--addr=xxx.xxx.xxx.xxx:port_local
|
|
|
|
|
|
|
|
you can use the cli command : connect peerid xxxxxxxxxxxxxxxx.onion port_global
|
|
|
|
|
|
|
|
some examples:
|
|
|
|
|
|
|
|
sudo lightningd/lightningd --network=testnet --bind-addr=127.0.0.1:1234
|
|
|
|
--proxy=127.0.0.1:9050 --addr=autotor:127.0.0.1:9051 (auto binds 9735 global <--> local 1234)
|
|
|
|
|
|
|
|
this will try to generate an V2 auto hidden-service by reading the tor cookie file and
|
|
|
|
also create an not announced local ip address at port 1234
|
|
|
|
the .onion addr will show with the cli command getinfo
|
|
|
|
|
|
|
|
the node is accessible by connect peerid xxxxxxxxxxxxxxxx.onion 9735
|
|
|
|
or local by connect peerID 127.0.0.1 1234
|
|
|
|
|
|
|
|
lightningd/lightningd --network=testnet --bind-addr=127.0.0.1
|
|
|
|
--proxy=127.0.0.1:9050 --announce-addr=xxxxxxxxxxxxxxxxxxxxxxxxxxxx.onion:1234
|
|
|
|
|
|
|
|
this will use the hidden-service V2 or V3 set by /etc/tor/torrc and use the hidden service
|
|
|
|
so the node is accessable by connect peerID xxxxxxxxxxxxxxxxxxxxxxxx.onion 1234
|
|
|
|
|
|
|
|
for connects to a tor enabled node you can use
|
|
|
|
i.e cli/lightning-cli connect peerID xxxxxxxxxxxxxxxxxxxxxxx.onion 1234
|