Series: Let’s create a routing LND node
Supporting this series
If you want to support this series, you can:
- Use tippin.me to send me a tip.
- Use Tootmoney to ask for a Lightning invoice. On Mastodon, just send a toot like ‘@OpinionatedGeek #TootMoney #send 10000’ to have it
reply with an invoice QR code.
- Send bitcoin to this address: bc1qsaampnjm5ykcpd40pstcewt75xrtfy5cxpnpdf
LND finally finished syncing. That initial sync can take a long time - I’d forgotten just how long...
I’ve done a bit more setup stuff. The S0.5 Time4VPS instance (€3.99 per month) just wouldn’t cut it. It kept running out of memory, restarting bitcoind. I turned off a couple of services that were running by default but it didn’t help much:
chkconfig sendmail off
chkconfig smb off
So I’ve upgraded it to an S1 instance (€5.99 per month). We’ll see how that gets on.
I also took this opportunity to upgrade bitcoind to Bitcoin Core 0.18. For the record, here’s my current bitcoind configuration. If you spot anything wrong with it please do let me know! (I’ve changed all the IP addresses and other sensitive bits.)
# Own public IP address.
# RPC server configuration
# LND server
# Other IP
# Authentication - generated by Core's rpcauth.py script. Can have multiple rpcauth= lines.
# Format is rpcauth=<USERNAME>:<SALT>$<HASH>
# Zero MQ
# Options only for mainnet
bitcoind won’t start the RPC server unless you specify the IP addresses you want to connect from, so there are a couple of rpcallow lines. That then restricts RPC connections to only allow from those specified addresses.
However, there’s no such niceness for the ZeroMQ ports. They’re unauthenticated and open, so if I want to protect them I need to take that into my own hands. In this case I added some iptables rules to limit incoming connections to just the same IP addresses as for RPC. I used the following commands:
iptables -A INPUT -p tcp --dport 28332 -s 184.108.40.206/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 28332 -s 220.127.116.11/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 28332 -j DROP
iptables -A INPUT -p tcp --dport 28333 -s 18.104.22.168/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 28333 -s 22.214.171.124/32 -j ACCEPT
iptables -A INPUT -p tcp --dport 28333 -j DROP
Then I saved those rules to make them permanent across reboots.
Now that LND is ready, I’ve transferred some funds to this new instance. I’m starting with 0.5BTC (I may add more or take some out, but for now I’m using half a bitcoin.)
I sent the coins from my old LND server, and I did it in two transactions. Why? Because if I did it in one transaction, I’d only have one UTXO, which would mean I would only be able to have a single channel-opening transaction on the go at one time. This way I’ll have two UTXOs, so I can tell LND to open a channel and - while I’m waiting for that to confirm - I can open another channel. (There are better, smarter ways to handle this, but this keeps it all nice and simple for me.)
I just ran:
sendcoins p2wkh-address 25000000
endcoins p2wkh-address 25000000
I use lntoolkit (disclosure: I wrote it) to send me regular reports on my server, so here’s the current state of play:
OpinionatedGeek ⚡ - synced: ✅
Total Balance: 50,000,000 satoshi, Wallet: 50,000,000 satoshi (50,000,000 satoshi/0 satoshi)
Fees: 0 this month, 0 this week, 0 today
Channels: 0 active, 0 inactive, 0 pending, containing: 0 satoshi
Version: 0.6.0-beta commit=v0.6-beta-dirty
Unbalanced - High:
Unbalanced - Low:
And that’s where we are now - the LND server is up, running and funded.
Next up, opening some channels.