Configuring LND for use with Zap
In order to connect Zap to your own lnd node you must first ensure that your node is accessible from the computer where you intend to run Zap. There are several considerations for this:
Connections to Lnd are encrypted using TLS. When you first start LND it generates a self signed TLS certificate for you. This certificate must be used by clients when connecting to LNDs gRPC or REST interface (Zap uses the gRPC interface).
By default, the TLS certificate the LND generates is configured to only allow connections from localhost. However if you have Zap running on a different computer to your LND node you must adjust LND's TLS certificate to allow this.
There are two ways that you can do this:
tlsextraip setting you can add additional IP addresses to the TLS certificate. This will allow connecting to LND over IP addresses other than the localhost (127.0.0.1).
Edit your LND node's
lnd.conf filefile and set the
[YOUR_IP] with the IP address of your node. For example, if your LND node has an external IP address
220.127.116.11 you would set it like so:
This will allow you to connect to the LND node's gRPC or REST interface using your nodes external IP Address.
You can enter multiple IP addresses by repeating the directive over multiple lines. For example, to whitelist both
tlsextradomain setting you can add additional domain names to the TLS certificate. This will allow connecting to LND using a domain name in addition to or instead of an IP address.
Edit your LND node's
lnd.conf file and set the
[YOUR_DOMAIN] with the DNS name of your node. For example, if your LND node is accessible at
mylndnode.dyndns.org you would set it like so:
This will allow you to connect to the LND node's gRPC or REST interface using your nodes DNS name.
You can enter multiple DNS names by repeating the directive over multiple lines. For example, to whitelist both
After making either of the above changes you must ask LND to regenerate the TLS certificate. You can do this by deleting the old certificate files and restarting your node. For example.
- Remove the old TLS certificate and key:
$ rm ~/.lnd/tls.cert ~/.lnd/tls.key
- Restart the LND node (this command may vary, depending on how you are running your node):
$ sudo service restart lnd
When the node starts up it will automatically generate a new TLS certificate using the updated details from your lnd.conf file. See the troubleshooting section for details on how to verify your TLS certificate.
Zap must be able to connect to your LND node's gRPC interface, which by default listens on
If you intend to run Zap on another computer you will need to reconfigure your LND node so that it exposes it's gRPC interface externally.
lnd.conf file and set the
[HOST]:[PORT] with the interface to listen on for gRPC connections. For example, to accept connections on all external interfaces, you would set it like so:
You can enter multiple listen addresses by repeating the directive over multiple lines. For example, to listen only on
If you are running your LND node behind a network router, you may need to set up port forwarding to ensure that incoming traffic to port
10009 is directed to your lnd node.
Steps to do this will be dependent on your network configuration. On a typical home network this must be configured on your router.
Now you have LND configured properly you are ready to generate a connection string. Download and install LND Connect onto the machine where lnd is running.
Once installed, use lndconnect to generate a connection string for your node.
$ lndconnect -j
You may need to pass additional options to the
lndconnect command in order to ensure that it generates the desired connection string. Common options include:
Use a specific host:
$ lndconnect -j -h 18.104.22.168
Use a specific port:
$ lndconnect -j -p 11008
Use a specific macaroon and tls certificate:
$ lndconnect -j --adminmacaroonpath=/path/to/admin.macaroon --tlscertpath=/path/to/tls.cert
Get a full list of options for lnd connect:
$ lndconnect --help
Clearly the hardest part of all of this is configuring your LND node and ensuring that it is properly accessible. Here are some things to check in case you run into any issues.
Verify that you can access LND's port gRPC interface from the computer where you are running Zap:
telnet 22.214.171.124 10009
You can verify that your TLS cert contains the updated details using the following command:
$ openssl x509 -text -noout -in ~/.lnd/tls.cert
You should see your additional whitelisted IP addresses and/or domain names in the
Subject Alternative Name section.