Documentation
General
Overview
Desktop
Getting StartedBTCPay ServerLND Remote ControlLND ConfigurationTroubleshootingNeutrino Remote Control

Configuring LND for use with Zap

In order to connect Zap to your own lnd node you must first ensure that your node is accessible from the computer where you intend to run Zap. There are several considerations for this:

Configure TLS Certificate

Connections to Lnd are encrypted using TLS. When you first start LND it generates a self signed TLS certificate for you. This certificate must be used by clients when connecting to LNDs gRPC or REST interface (Zap uses the gRPC interface).

By default, the TLS certificate the LND generates is configured to only allow connections from localhost. However if you have Zap running on a different computer to your LND node you must adjust LND's TLS certificate to allow this.

There are two ways that you can do this:

1) Configure an Extra IP Address

Using LND's tlsextraip setting you can add additional IP addresses to the TLS certificate. This will allow connecting to LND over IP addresses other than the localhost (127.0.0.1).

Edit your LND node's lnd.conf filefile and set the tlsextraip directive:

tlsextraip: [YOUR_IP]

Replace [YOUR_IP] with the IP address of your node. For example, if your LND node has an external IP address 1.2.3.4 you would set it like so:

tlsextraip: 1.2.3.4

This will allow you to connect to the LND node's gRPC or REST interface using your nodes external IP Address.

You can enter multiple IP addresses by repeating the directive over multiple lines. For example, to whitelist both 1.2.3.4 and 11.22.33.44:

tlsextraip=1.2.3.4
tlsextraip=11.22.33.44

2) Configure an Extra Domain

Using LND's tlsextradomain setting you can add additional domain names to the TLS certificate. This will allow connecting to LND using a domain name in addition to or instead of an IP address.

Edit your LND node's lnd.conf file and set the tlsextradomain directive:

tlsextradomain: [YOUR_DOMAIN]

Replace [YOUR_DOMAIN] with the DNS name of your node. For example, if your LND node is accessible at mylndnode.dyndns.org you would set it like so:

tlsextradomain: mylndnode.ddns.net

This will allow you to connect to the LND node's gRPC or REST interface using your nodes DNS name.

You can enter multiple DNS names by repeating the directive over multiple lines. For example, to whitelist both mylndnode.ddns.net and mynode.example.com:

tlsextradomain=mylndnode.ddns.net
tlsextradomain=mynode.example.com

Regenerate TLS Certificate

After making either of the above changes you must ask LND to regenerate the TLS certificate. You can do this by deleting the old certificate files and restarting your node. For example.

  1. Remove the old TLS certificate and key:
$ rm ~/.lnd/tls.cert ~/.lnd/tls.key
  1. Restart the LND node (this command may vary, depending on how you are running your node):
$ sudo service restart lnd

When the node starts up it will automatically generate a new TLS certificate using the updated details from your lnd.conf file. See the troubleshooting section for details on how to verify your TLS certificate.

Expose LND's gRPC service

Zap must be able to connect to your LND node's gRPC interface, which by default listens on localhost:10009.

If you intend to run Zap on another computer you will need to reconfigure your LND node so that it exposes it's gRPC interface externally.

Edit your lnd.conf file and set the rpclisten directive:

rpclisten: [HOST]:[PORT]

Replace [HOST]:[PORT] with the interface to listen on for gRPC connections. For example, to accept connections on all external interfaces, you would set it like so:

rpclisten=0.0.0.0:10009

You can enter multiple listen addresses by repeating the directive over multiple lines. For example, to listen only on localhost and 1.2.3.4:

rpclisten=localhost:10009
rpclisten=1.2.3.4:10009

Port Forwarding

If you are running your LND node behind a network router, you may need to set up port forwarding to ensure that incoming traffic to port 10009 is directed to your lnd node.

Steps to do this will be dependent on your network configuration. On a typical home network this must be configured on your router.

Generate LND Connect string

Now you have LND configured properly you are ready to generate a connection string. Download and install LND Connect onto the machine where lnd is running.

Once installed, use lndconnect to generate a connection string for your node.

$ lndconnect -j

You may need to pass additional options to the lndconnect command in order to ensure that it generates the desired connection string. Common options include:

Use a specific host:

$ lndconnect -j -h 1.2.3.4

Use a specific port:

$ lndconnect -j -p 11008

Use a specific macaroon and tls certificate:

$ lndconnect -j --adminmacaroonpath=/path/to/admin.macaroon --tlscertpath=/path/to/tls.cert

Get a full list of options for lnd connect:

$ lndconnect --help

Troubleshooting

Clearly the hardest part of all of this is configuring your LND node and ensuring that it is properly accessible. Here are some things to check in case you run into any issues.

Test your connection

Verify that you can access LND's port gRPC interface from the computer where you are running Zap:

telnet 1.2.3.4 10009

Verify your TLS certificate

You can verify that your TLS cert contains the updated details using the following command:

$ openssl x509 -text -noout -in ~/.lnd/tls.cert

You should see your additional whitelisted IP addresses and/or domain names in the Subject Alternative Name section.