I’ve previously posted here regarding having a server (bitcoind) running in a Whonix Workstation and then LND running in another Workstation. LND is able to successfully communicate with the Bitcoind node.
The reason for this post is that I am having issues having LND communicate with Tor Controller.
LND starts up fine but after a while it crashes due to the following error: [ERR] TORC: DEL_ONION got error: undefined response code: 510, err: unexpected code
I figured this issue was due to onion-grater. The issue did not go away after I created the following profile for onion-grater and restarted it:
Keep in mind that I am not very well versed when it comes to onion-grater and unsure what I might need to do on top of this. I am also curious what happens when DEL_ONION is called. What if Bitcoind has an onion service, can LND delete that too if I get this working?
LND is listening on 0.0.0.0:10009 and 0.0.0.0:8080
I have Bitcoind working and it manages to create onion services. I used the default onion-grater configuration for that. I understand that for LND I may need to make a different kind of configuration as far as ADD_ONION goes but so far it only complains about DEL_ONION.
Here’s some LND documentation: https://docs.lightning.engineering/lightning-network-tools/lnd/configuring_tor
I was trying to search on my own for quite a bit of time but after posting this, I did run into some documentation about the Tor Control protocol. Unfortunately only via some other post elsewhere, not via a direct search which is why I posted here.
I do have some ideas regarding how to proceed now with a better understanding of how DEL_ONION works. It seems to only delete Onion Services that originated from the same Tor Control session and thus is a non-issue.
If I get this working and figure out a working Onion-grater profile, I will report back.
LND seems to require onion-grater profile that allows DEL_ONION with empty Service ID i.e. deletion of detached onions. Now LND shuts down with new error:
Seems I misread DEL_ONION documentation. It is true that LND calls DEL_ONION with empty string (should not happen, there is discussion about it on Github but nothing has been done about it). It is a mystery to me why LND does not create an Onion though but that discussion I will take to LND Github.
As far as Whonix and onion-grater goes, I don’t think there’s any issue with it regarding LND.
Adding onion-grater rules for ADD_ONION seems to have resolved that issue. I am now faced with different errors though.
[ERR] DISC: Unable to query bootstrapper BOLT-0010 DNS Seed: [[nodes.lightning.directory soa.nodes.lightning.directory] [lseed.bitcoinstats.com]]: tor host is unreachable
Could Whonix firewall be blocking some requests regarding these queries?
[ERR] SRVR: Unable to retrieve initial bootstrap peers: no addresses found
I’ve managed to fix this. I had to add onion-grater profile that allows DEL_ONION and ADD_ONION. I use LND watchtower so two onion services are created, one on port 9735 and one on 9911. I had to also open external ports in the workstation to make the onion services work.
LND sometimes sends DEL_ONION with empty Service ID which will shutdown LND even if ‘.+’ is used instead of ‘.*’ but I opted to use the latter anyway.
Previously LND did not use DEL_ONION which is why there is a Whonix Forum post floating which discards the onion private key in the ADD_ONION replacement but now that DEL_ONION is used, LND needs the private key.
Or should this be a dedicated onion-grater profile because LND is using different code to interface with the Tor control protocl than Bitcoin Core?
Maybe. Or maybe the session could get hijacked by another application running inside the same VM. But that’s most likely information security theoretical, complex stuff, not actionable. And might not even be worth digging deep into due to:
That is what I thought would be the problem initially. Turns out that error was likely due to not having opened ports in the Workstation for the onion services that LND starts. After onion-grater and the firewall were setup, that error no longer appeared.
My guess is that LND does not make actual DNS queries.
Yes, absolutely.
I’ll see to making a pull request.
Interesting stuff. Looking forward to seeing that’s to come.
Hey, I am trying to install LND with my bitcoin node too but why did you use 2 workstations? And was your bitcoin node pruned? I am thinkking of using neutrino. Did you face any whonix specific troubles when setting up LND
No other reason than added security of having the two programs running isolated. It will definitely be simpler with them running in the same workstation.
No. Pruning will negatively affect LND performance. You should also run bitcoind with txindex=1. I personally have no experience with Neutrino.
There were some obstacles like firewall, onion-grater for tor control, configuring LND and bitcoind. If you run into some issues specific to bitcoind or LND, I may be able to help.
Note: the onion-grater profile I have posted above is incomplete and does not allow LND to function fully. I will update it when I have time and also make a pull request to github.
awesome, Thank You! But I assume those issue with the onion-grater occur due to your workstations having to talk to each other… I hope I dont need to configure anything if I put everything, such as Bitcoin node and lnd in the same workstation.
U got any XP with joinmarket? I had faced some issues with their installer… It was downloading some older version of Tor and they just deleted my issue in GitHub Lol
You will need onion-grater regardless of the fact that they all run in same Workstation. Bitcoind and LND both need to be able to add a new onion service which means that it needs to do it via the control port on the gateway. The gateway, by default, does not allow ADD_ONION or DEL_ONION which is what the onion-grater profile will allow. For LND you can use the profile above and for Bitcoind this will be used: https://github.com/Whonix/onion-grater/blob/master/usr/share/doc/onion-grater-merger/examples/40_bitcoind.yml
Bitcoind onion-grater profile is shipped in Whonix by default but you need to manually add LND.
Adding Bitcoind onion-grater is as simple as: sudo onion-grater-add 40_bitcoind and then sudo service onion-grater restart
in the Gateway.
LND profile needs to be manually added as it does not ship with Whonix yet. This assumes that you have 40_lnd.yml with the above profile as contents somewhere.
cd /usr/local/etc/onion-grater-merger.d sudo ln -s /path/to/40_lnd.yml 40_lnd.yml sudo service onion-grater restart
Same workstation only means that LND and Bitcoind can communicate via localhost and as Patrick said, it’s unrelated to onion-grater whether or not the two services run in a separate workstation. If they run in separate workstation, you need to ensure that both workstations listen also on their internal network IP address, not just localhost.
I don’t but I’ve been interested to set it up for a while. But I agree with Patrick, please keep this thread on-topic.