Running Zap on iOS connected to remote LND on windows via OpenVPN
So you got your lightning node running at home and you want to connect your phone wallet to it without having to open a port to your node. With OpenVPN running on your node you can have your phone appear on it's network at all times. This will let your phone connect to the server as if it were on the same network even when you leave the house, all without exposing your RPC port to the public internet. I think OpenVPN has some paid service that will mediate the connections so that you dont have to expose a port for the VPN server but this tutorial is intended for folks that want to run their own VPN for free.
Setting up OpenVPN seemed much harder than it should have for such a fundamental tool. I have a feeling the information is actively obfuscated so that barrier to entry will persuade you to go with one of the fee based VPN providers, aka trusted third parties. I'll be working on an OpenVPN installer to make this easier one day.
Here is the stack:
Windows Server: (static-ish IP or DynDNS)
iOS iPhone
- Run Pierre's Lightning Node Launcher to setup bitcoin node and lighting node.
- Setup VPN between your node and phone (openVPN with static IP or DynDNS or mediated like Hamachi)
- Configure LND for listening on your network adapter IP
- Create Zap connection text using LNDConnect or Node launcher's "Show QR" button when it's ready"
- Test it out by sending a tip: https://tippin.me/@missaghi
Step 0: Run the node launcher
- I forgot to click on the EasyRSA button so I didn't get the scripts but you can also get EasyRSA from github repo and when you run .\EasyRSA-Start.bat it will give you shell where you can type ./easyrsa and run similar scripts.
After you set the server up you need to run OpenVPN connect on your phone, email the config file to yourself and open in the ios default mail app (gmail app didn't handle the attachment correctly).
If you would like to exclude all traffic except to your node from the VPN (performance reasons usually) you can add these line to the server.OVPN file:
route-nopull
route yourNetworkAdaperIPaddress 255.255.255.255
In the node launcher's advanced page there is a link to the lnd.conf file. Open the file and add these lines for each IP you need:
externalip=yourNetworkAdaperIPaddress
tlsextraip=yourNetworkAdaperIPaddress
restlisten=yourNetworkAdaperIPaddress:8080
rpclisten=yourNetworkAdaperIPaddress:10009
Note that you don't need to put your public IP here becasue on the VPN your phone will address the local IP of your servers network adapter.
In the smae folder as lnd.conf you can delete the file tls.cert and tls.key, then restart LND, this will let LND create a new cert with "subject alt names" that include the IP addresses that you added.
In order for Zap to work it needs the URL, certificate, and macaroon from LND. The cert enables a TLS connection, the Macaroon is the credentials to control the node. There are two ways to get this info into ZAP, one is by pasting the connection string scanning a QR code representaion of it.
Update: now Zap Desktop will generate a settings QR using LNDConnect. Click on the QR code icon at the top left of the app and then select lndconnect.
You can creat the QR code by using LNDConnect which will generate the text and QR code. I tried to install go and run the first command in the instructions "go get -d github.com/LN-Zap/lndconnect" but nothing happened... if you know go language better then this would be the most future proof option.
The other option is to run a node script that builds the URI specified here, but this may not be backwards compatible.
- install node.js
- install VSCode
- Create a file called app.js, paste this code sample into it.
- Run without debugging (you may have to correct the path to your macaroon and cert, check the node launcher for those.)
- open the file created in the same folder ass app.js called lnd.txt and paste the contents into the app.
So the first time i set this up I kept getting TLS handshake errors but then an hour later it worked. You may need to go to the section "Certificates for remote usage (RaspiBolt tutorial)" at the ZAP remote node setup tutorial
Congrats!