Running a c-lightning node previously has required a “clear” net address (ipv4 / ipv6) to connect to other nodes. This has certain privacy implications. As a result, one may would prefer to rent a VPS to run their node on in order to not expose their home IP address.
c-lightning has support for Tor, so a user can run their node behind Tor and even generate a .onion address for others to connect to to open channels — all at home and without exposing the user’s home IP address.
To run your c-lightning node over Tor, it takes four fairly basic steps:
- Install Blockstream’s
c-lightning - Install
tor - Adding ~4 lines to your Tor config file
- Running
lightningdwith the appropriate command line flags
Installing Blockstream’s c-lightning:
If you haven’t setup a c-lightning node yet, you can follow my previous guide located here:
Or check out the great documentation on GitHub:
Generating your Tor .onion address
On a Debian-based Linux (such as Ubuntu), simply install tor with apt:
$ sudo apt install tor
We need to edit our /etc/tor/torrc file to configure tor to pass traffic to our c-lightning node and to generate our .onion address(es).
$ sudo nano /etc/tor/torrc
Add these lines to your torrc file:
HiddenServiceDir /var/lib/tor/lightningd-service_v2/
HiddenServicePort 1234 127.0.0.1:9735This will tell tor to create a version 2 .onion address.
HiddenServiceDir /var/lib/tor/lightningd-service_v3/
HiddenServiceVersion 3
HiddenServicePort 1234 127.0.0.1:9735This will generate a version 3 address which has many advantages over the older v2 addresses. You can of course create both and be able to have peers connect to either.
With this tor configuration, your Lightning node will have a persistent .onion address and be able to accept incoming channels privately — without exposing your home address.
Once you have your torrc file setup, you can simply restart the tor daemon:
$ sudo systemctl restart tor
Your newly generated addresses can be found in:
/var/lib/tor/lightningd-service_v2/hostname
and
/var/lib/tor/lightningd-service_v3/hostname
Configuring c-lightning:
To run your c-lightning node completely over Tor, simply pass these flags when you start lightningd .
$ ./lightningd --mainnet --bind-addr=127.0.0.1:9735 --announce-addr=<your v2 .onion> --announce-addr=<your v3 .onion> --proxy=127.0.0.1:9050--bind-addr=127.0.0.1:9735 makes your node only listen for Tor connections.
--announce-addr= announces your onion addresses to the network.
--proxy=127.0.0.1:9050 proxies outgoing connections over Tor.
Now you should be running completely over Tor!
To test your Tor node out, you can try connecting to my Tor-only c-lightning node at these addresses:
03489ffbec21f45660a34dbb5e05adc9fd53192aadaee4c0089d3438565abf9a34@4u5ms4fzlny7lace.onion
03489ffbec21f45660a34dbb5e05adc9fd53192aadaee4c0089d3438565abf9a34@ouemp6xrmbciigltezxwyvuboz6otguvqgqabzb5icrdzzykjeeznaad.onion
Thanks for reading!
-grubles
