Let’s create a routing LND node, part 2 - Finalising setup and funding

Series: Let’s create a routing LND node

Supporting this series

If you want to support this series, you can:

  • Use tippin.me to send me a tip.
  • Use Tootmoney to ask for a Lightning invoice. On Mastodon, just send a toot like ‘@OpinionatedGeek #TootMoney #send 10000’ to have it reply with an invoice QR code.
  • Send bitcoin to this address: bc1qsaampnjm5ykcpd40pstcewt75xrtfy5cxpnpdf

LND finally finished syncing. That initial sync can take a long time - I’d forgotten just how long...

I’ve done a bit more setup stuff. The S0.5 Time4VPS instance (€3.99 per month) just wouldn’t cut it. It kept running out of memory, restarting bitcoind. I turned off a couple of services that were running by default but it didn’t help much:

chkconfig sendmail off

chkconfig smb off

So I’ve upgraded it to an S1 instance (€5.99 per month). We’ll see how that gets on.

I also took this opportunity to upgrade bitcoind to Bitcoin Core 0.18. For the record, here’s my current bitcoind configuration. If you spot anything wrong with it please do let me know! (I’ve changed all the IP addresses and other sensitive bits.)

# Own public IP address.

externalip=1.2.3.4


# RPC server configuration

server=1

rpcbind=0.0.0.0:8332


# LND server

rpcallowip=5.6.7.8


# Other IP

rpcallowip=9.10.11.12


# Authentication - generated by Core's rpcauth.py script. Can have multiple rpcauth= lines.

# Format is rpcauth=<USERNAME>:<SALT>$<HASH>

rpcauth=nope:nope$nope


# Zero MQ

zmqpubrawblock=tcp://1.2.3.4:28332

zmqpubrawtx=tcp://1.2.3.4:28333


# Options only for mainnet

[main]

bitcoind won’t start the RPC server unless you specify the IP addresses you want to connect from, so there are a couple of rpcallow lines. That then restricts RPC connections to only allow from those specified addresses.

However, there’s no such niceness for the ZeroMQ ports. They’re unauthenticated and open, so if I want to protect them I need to take that into my own hands. In this case I added some iptables rules to limit incoming connections to just the same IP addresses as for RPC. I used the following commands:

iptables -A INPUT -p tcp --dport 28332 -s 5.6.7.8/32 -j ACCEPT

iptables -A INPUT -p tcp --dport 28332 -s 9.10.11.12/32 -j ACCEPT

iptables -A INPUT -p tcp --dport 28332 -j DROP

iptables -A INPUT -p tcp --dport 28333 -s 5.6.7.8/32 -j ACCEPT

iptables -A INPUT -p tcp --dport 28333 -s 9.10.11.12/32 -j ACCEPT

iptables -A INPUT -p tcp --dport 28333 -j DROP

Then I saved those rules to make them permanent across reboots.

Now that LND is ready, I’ve transferred some funds to this new instance. I’m starting with 0.5BTC (I may add more or take some out, but for now I’m using half a bitcoin.)

I sent the coins from my old LND server, and I did it in two transactions. Why? Because if I did it in one transaction, I’d only have one UTXO, which would mean I would only be able to have a single channel-opening transaction on the go at one time. This way I’ll have two UTXOs, so I can tell LND to open a channel and - while I’m waiting for that to confirm - I can open another channel. (There are better, smarter ways to handle this, but this keeps it all nice and simple for me.)

I just ran:

sendcoins p2wkh-address 25000000

endcoins p2wkh-address 25000000

I use lntoolkit (disclosure: I wrote it) to send me regular reports on my server, so here’s the current state of play:

OpinionatedGeek ⚡ - synced: ✅

Total Balance: 50,000,000 satoshi, Wallet: 50,000,000 satoshi (50,000,000 satoshi/0 satoshi)

Fees: 0 this month, 0 this week, 0 today

Channels: 0 active, 0 inactive, 0 pending, containing: 0 satoshi

Version: 0.6.0-beta commit=v0.6-beta-dirty

URI: 023c5b5667b16cd7fcca5591a8c0f47beb76c9405e16a4f2d6b42c7b9904a7f0e6@95.179.191.59:9735

Pending:

None.

Unbalanced - High:

None.

Unbalanced - Low:

None.

All Channels:

None.

And that’s where we are now - the LND server is up, running and funded.

Next up, opening some channels.

Tags: Lightning
Created by on Logo15659OpinionatedGeek Ltd.Logo15659