Setup A Private Lightning Node Using Blockstream’s c-lightning Over Tor

bzzzzt

Running a c-lightning node previously has required a “clear” net address (ipv4 / ipv6) to connect to other nodes. This has certain privacy implications. As a result, one may would prefer to rent a VPS to run their node on in order to not expose their home IP address.

c-lightning has support for Tor, so a user can run their node behind Tor and even generate a .onion address for others to connect to to open channels — all at home and without exposing the user’s home IP address.

To run your c-lightning node over Tor, it takes four fairly basic steps:

  • Install Blockstream’s c-lightning
  • Install tor
  • Adding ~4 lines to your Tor config file
  • Running lightningd with the appropriate command line flags

Installing Blockstream’s c-lightning:

If you haven’t setup a c-lightning node yet, you can follow my previous guide located here:

Or check out the great documentation on GitHub:


Generating your Tor .onion address

On a Debian-based Linux (such as Ubuntu), simply install tor with apt:

$ sudo apt install tor

We need to edit our /etc/tor/torrc file to configure tor to pass traffic to our c-lightning node and to generate our .onion address(es).

$ sudo nano /etc/tor/torrc

Add these lines to your torrc file:

HiddenServiceDir /var/lib/tor/lightningd-service_v2/
HiddenServicePort 1234 127.0.0.1:9735

This will tell tor to create a version 2 .onion address.

HiddenServiceDir /var/lib/tor/lightningd-service_v3/
HiddenServiceVersion 3
HiddenServicePort 1234 127.0.0.1:9735

This will generate a version 3 address which has many advantages over the older v2 addresses. You can of course create both and be able to have peers connect to either.

With this tor configuration, your Lightning node will have a persistent .onion address and be able to accept incoming channels privately — without exposing your home address.

Once you have your torrc file setup, you can simply restart the tor daemon:

$ sudo systemctl restart tor

Your newly generated addresses can be found in:

/var/lib/tor/lightningd-service_v2/hostname

and

/var/lib/tor/lightningd-service_v3/hostname

Configuring c-lightning:

To run your c-lightning node completely over Tor, simply pass these flags when you start lightningd .

$ ./lightningd --mainnet --bind-addr=127.0.0.1:9735 --announce-addr=<your v2 .onion> --announce-addr=<your v3 .onion> --proxy=127.0.0.1:9050

--bind-addr=127.0.0.1:9735 makes your node only listen for Tor connections.

--announce-addr= announces your onion addresses to the network.

--proxy=127.0.0.1:9050 proxies outgoing connections over Tor.

Now you should be running completely over Tor!

To test your Tor node out, you can try connecting to my Tor-only c-lightning node at these addresses:

03489ffbec21f45660a34dbb5e05adc9fd53192aadaee4c0089d3438565abf9a34@4u5ms4fzlny7lace.onion

03489ffbec21f45660a34dbb5e05adc9fd53192aadaee4c0089d3438565abf9a34@ouemp6xrmbciigltezxwyvuboz6otguvqgqabzb5icrdzzykjeeznaad.onion

Thanks for reading!

-grubles