See news here:

I followed the instructions for static, opened 9735 in my router, see the clearnet uri in getinfo, but the port appears closed in ping.eu. I don’t have ufw installed, and iptables --list show me this:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all – anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp – anywhere 10.21.21.11 tcp dpt:9050
ACCEPT tcp – anywhere 10.21.21.6 tcp dpt:cisco-sccp
ACCEPT tcp – anywhere 10.21.21.2 tcp dpt:http
ACCEPT tcp – anywhere 10.21.0.2 tcp dpt:51413
ACCEPT tcp – anywhere 10.21.0.3 tcp dpt:9091
ACCEPT udp – anywhere 10.21.0.2 udp dpt:51413
ACCEPT tcp – anywhere 10.21.0.4 tcp dpt:3233
ACCEPT tcp – anywhere 10.21.0.5 tcp dpt:8082
ACCEPT udp – anywhere 10.21.0.4 udp dpt:bootps
ACCEPT tcp – anywhere 10.21.0.6 tcp dpt:4444
ACCEPT tcp – anywhere 10.21.0.9 tcp dpt:7681
ACCEPT tcp – anywhere 10.21.0.11 tcp dpt:3001
ACCEPT udp – anywhere 10.21.0.4 udp dpt:domain
ACCEPT tcp – anywhere 10.21.0.13 tcp dpt:rtcm-sc104
ACCEPT tcp – anywhere 10.21.0.14 tcp dpt:8889
ACCEPT tcp – anywhere 10.21.0.16 tcp dpt:7421
ACCEPT tcp – anywhere 10.21.21.8 tcp dpt:8333
ACCEPT tcp – anywhere 10.21.0.17 tcp dpt:2100
ACCEPT tcp – anywhere 10.21.21.8 tcp dpt:8332
ACCEPT tcp – anywhere 10.21.21.9 tcp dpt:10009
ACCEPT tcp – anywhere 10.21.21.9 tcp dpt:9735
ACCEPT tcp – anywhere 10.21.21.9 tcp dpt:http-alt

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all – anywhere anywhere
RETURN all – anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all – anywhere anywhere
DROP all – anywhere anywhere
DROP all – anywhere anywhere
RETURN all – anywhere anywhere

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all – anywhere anywhere

Any ideas?

Could you confirm that you’ve entered both the listen-settings as well as the Tor-settings in your lnd.conf and restarted LND?

iptables isn’t used for inbound, so

• your router forward TCP 9735 to your node =>
• lnd.conf settings =>
• restarted lnd service (or the whole node) =>

If those three things are all , then it should work.
Please come back here if you keep struggling

I have followed several guides to make my hybrid node but it does not work, I have added this

but i have mistake

/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 22: tor.active=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 22: tor.active=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 23: tor.v3=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 23: tor.v3=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 25: tor.streamisolation=false: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 25: tor.streamisolation=false: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 27: tor.skip-proxy-for-clearnet-targets=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 27: tor.skip-proxy-for-clearnet-targets=true: orden no encontrada
Executing hook: /mnt/ssd/nodobtc/app-data/lightning/hooks/pre-start
Executing hook: /mnt/ssd/nodobtc/app-data/bitcoin/hooks/pre-start
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 22: tor.active=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 23: tor.v3=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 22: tor.active=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 25: tor.streamisolation=false: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 23: tor.v3=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 27: tor.skip-proxy-for-clearnet-targets=true: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 25: tor.streamisolation=false: orden no encontrada
/mnt/ssd/nodobtc/app-data/lightning/exports.sh: línea 27: tor.skip-proxy-for-clearnet-targets=true: orden no encontrada
WARNING: The APP_MEMPOOL_PORT variable is not set. Defaulting to a blank string.
WARNING: The APP_MEMPOOL_HIDDEN_SERVICE variable is not set. Defaulting to a blank string.
Any idea how to make my hybrid node?

default exports.sh is:

BIN_ARGS=()
BIN_ARGS+=( “–configfile=/data/.lnd/umbrel-lnd.conf” )

[Application Options]

BIN_ARGS+=( “–listen=0.0.0.0:${APP_LIGHTNING_NODE_PORT}” )
BIN_ARGS+=( “–rpclisten=0.0.0.0:${APP_LIGHTNING_NODE_GRPC_PORT}” )
BIN_ARGS+=( “–restlisten=0.0.0.0:${APP_LIGHTNING_NODE_REST_PORT}” )

[Bitcoin]

BIN_ARGS+=( “–bitcoin.active” )
if [[ “${APP_BITCOIN_NETWORK}” == “mainnet” ]]; then
BIN_ARGS+=( “–bitcoin.mainnet” )
elif [[ “${APP_BITCOIN_NETWORK}” == “testnet” ]]; then
BIN_ARGS+=( “–bitcoin.testnet” )
elif [[ “${APP_BITCOIN_NETWORK}” == “signet” ]]; then
BIN_ARGS+=( “–bitcoin.signet” )
elif [[ “${APP_BITCOIN_NETWORK}” == “regtest” ]]; then
BIN_ARGS+=( “–bitcoin.regtest” )
else
echo “Warning (${EXPORTS_APP_ID}): Bitcoin Network ‘${APP_BITCOIN_NETWORK}’ is not supported”
fi
BIN_ARGS+=( “–bitcoin.node=bitcoind” )

[Bitcoind]

BIN_ARGS+=( “–bitcoind.rpchost=${APP_BITCOIN_NODE_IP}:${APP_BITCOIN_RPC_PORT}” )
BIN_ARGS+=( “–bitcoind.rpcuser=${APP_BITCOIN_RPC_USER}” )
BIN_ARGS+=( “–bitcoind.rpcpass=${APP_BITCOIN_RPC_PASS}” )
BIN_ARGS+=( “–bitcoind.zmqpubrawblock=tcp://${APP_BITCOIN_NODE_IP}:${APP_BITCOIN_ZMQ_RAWBLOCK_PORT}” )
BIN_ARGS+=( “–bitcoind.zmqpubrawtx=tcp://${APP_BITCOIN_NODE_IP}:${APP_BITCOIN_ZMQ_RAWTX_PORT}” )

[tor]

BIN_ARGS+=( “–tor.active” )
BIN_ARGS+=( “–tor.v3” )
BIN_ARGS+=( “–tor.control=${TOR_PROXY_IP}:29051” )
BIN_ARGS+=( “–tor.socks=${TOR_PROXY_IP}:${TOR_PROXY_PORT}” )
BIN_ARGS+=( “–tor.targetipaddress=${APP_LIGHTNING_NODE_IP}” )
BIN_ARGS+=( “–tor.password=${TOR_PASSWORD}” )

Solved, thanks @smolgrrr

Don’t forget the updated guidance on managing lnd.conf, described in “Locating the lnd.conf File” in The FAQ . It’s an important step.

I switched my LND to Hybrid mode, so my node is now reachable under Tor as well as under Clearnet. I´m using tunnselsat VPN for security reasons. It´s working well and the setup wasn´t too complicate. Major issue was that I had to turn down the WiFi connection of my Raspi and only use the LAN, not both. And learn to create an LND.conf file that was not in place, in addition to the umbrel-lnd.conf file in the same directory.

But when looking up my node, neither Amboss nor Lightning Terminal etc do show the new Clearnet connection.

Do I need to do anything else to publish that?

Great to hear you give T S a chance!
As long you’ve followed the guide, the clearnet IP should propagate via gossip in a relatively short time. Relatively depends on the number of channels you have. As more you have, the quicker your gossip travels.

If it’s not on amboss yet after a couple of hours, it’s worth validating all is done properly. Couple of ways:

• Check lncli getinfo on your console if there are two uris, one with a Tor onion, and the second with the VPN:PORT
• If there is, check whether you can connect to it: enter VPN-IP + PORT to https://portchecker.co/, it should show the port as Open (that’s your LND responding to the connection request), or use our Telegram Bot @TunnelSatsBot

In case this doesn’t resolve for you, come back here or in our channel and we’ll look further into it.

All checks are OK but still no clearnet connection shown on amboss etc. Only my Tor adress is shown.
My clearnet node adress is:

039cc5f54fcb4ceb6900d13d899a1ea5a142f350cebceaae21043d1d502bb85ef5@5.75.184.195:48859

Your tunnel is working fine, I can connect to your node via clearnet.

But something’s seem off with your lnd.conf. Did you follow our guide or the official FAQ Locating the lnd.conf File, adding your VPN details into

`nano ~/umbrel/app-data/lightning/data/lnd/lnd.conf`

your lnd.conf should have the following, tailored configuration details you have received after installing with our install-script:

  [Application Options]
  # omit the listen setting for Umbrel v5+
  listen=0.0.0.0:9735
  # the following placeholders {vpnDNS} and {vpnPort}
  # are provided at the end of the setupv2.sh script
  externalhosts={vpnDNS}:{vpnPort}
  
  [Tor]
  # set streamisolation to 'false' if currently set 'true'.
  # if not set at all, just leave it out
  tor.streamisolation=false
  tor.skip-proxy-for-clearnet-targets=true

Then restarting LND and you should be good after a few minutes.

LND.conf is as it should be. The port and the IP adress are shown as OPEN. Restarted the Node a few times. When opening the LND app in the Umbrel GUI, it shows me TOR as well as Clearnet as my Node ID.

But neither Amboss nor https://terminal.lightning.engineering/ do show the Clearnet data of my Node. They only show Tor. Since 2 days now.

Okay, thanks for confirming.

I heard that umbrel has a tor.skip setting in the advanced settings of LND since the last update a couple of days ago. Could you go into your UI and check
a) whether you have that setting and
b) could you change whatever is set, restart LND and check amboss or ping here again?

What is a little weird, I’ve checked my gossip and yes I only got your tor.onion, but the last update is from 11th of November

lncli getnododeinfo 039cc5f54fcb4ceb6900d13d899a1ea5a142f350cebceaae21043d1d502bb85ef5
{
    "node": {
        "last_update": 1699694003,
        "pub_key": "039cc5f54fcb4ceb6900d13d899a1ea5a142f350cebceaae21043d1d502bb85ef5",
        "alias": "ostinvestor",
        "addresses": [
            {
                "network": "tcp",
                "addr": "6v6esh5yw33bcitrqele3ab7md6lmbai5gaxgoujws6aiduk4ekfavid.onion:9735"
            }
        ],

date -d @1699694003 
Sat Nov 11 10:13:23 CET 2023

One more thing (good news): I have checked from the node which is running our TunnelPingBot, and for doing speed tests, it does lncli connect, so adding you as a peer.

I thought I checked your gossip there, and it indeed has your clearnet and is way more recent:

date -d @1700416576
Sun Nov 19 17:56:16 UTC 2023

lncli getnodeinfo 039cc5f54fcb4ceb6900d13d899a1ea5a142f350cebceaae21043d1d502bb85ef5
{
    "node": {
        "last_update": 1700416576,
        "pub_key": "039cc5f54fcb4ceb6900d13d899a1ea5a142f350cebceaae21043d1d502bb85ef5",
        "alias": "ostinvestor",
        "addresses": [
            {
                "network": "tcp",
                "addr": "5.75.184.195:48859"
            },
            {
                "network": "tcp",
                "addr": "6v6esh5yw33bcitrqele3ab7md6lmbai5gaxgoujws6aiduk4ekfavid.onion:9735"
            }

This is good, since
a) all your channels know your clearnet, and will (re-)connect over it
b) your tunnel works fine

What is weird is that your gossip seems slow for not connected nodes, even though you have some big channels. I’ll check with others what might be the reason, but can confirm your routing should be fine and enhanced.

In deed I updated to the latest LND on umbrel BEFORE I decided to purchase & install tunnelsat. And I changed this “switch” in the Umbrel/LND GUI to “enable Hybrid” as I thought this might ease the setup. Well it didn´t, I had to go through the process but it was super-easy thanks to your assistance on the Telegram channel and espcially the guide you provided.

I now have taken out this “Enable Hybrid mode” switch in the GUI and am restarting my node. Just checked - the LND.conf itself remained unchanged, so in the LND.conf I still have “tor.streamisolation=false
tor.skip-proxy-for-clearnet-targets=true” because Umbrel doesn´t touch that manually created file.

Now let´s see what happens after restart is finished.

LND has restarted. LND still shows me both Node IDs when I click the 3 dots in the upper right corner and looks like the port is still open, so LND.conf prevailed over the Umbrel-settings in the GUI (where I just disabled the Hybrid mode).
I´ll post an update should I now see my node on Amboss reachable also via Clearnet

So Mempool has your update.
Let’s keep an eye and check for amboss later tomorrow.

@Steve-Me - In addition to Mempool showing your clearnet IP like @Hakuna mentioned, Lightning Terminal and 1ML both show it as well, so things appear to be working fine now! Let us know if you’re still having issues.

Just to clarify things a bit for everyone:

• the recent Lightning Node update brought both tor.streamisolation and tor.skip-proxy-for-clearnet-targets into Advanced Settings. This means they should now be handled through the UI instead of manually through a custom lnd.conf. If you previously had these config options in your lnd.conf, your values will be brought over to Advanced Settings when you update the app. You can then delete these config parameters from your lnd.conf to avoid confusion. You will now be able to see them in umbrel-lnd.conf (edit this file through advanced settings, not manually). Turning on Hybrid mode will set tor.skip-proxy-for-clearnet-targets=true.

• If you also want to advertise your clearnet IP to the network then the only thing you have to do manually now is follow @Hakuna’s guide for adding options like externalip or externalhosts to your lnd.conf and forward port 9735. If you no longer want to advertise your IP, then remove exertnalip or related parameters from your lnd.conf and restart LND (easiest way to restart is through the UI)

• Seeing your clearnet Node ID in the UI even though you have Hybrid Mode disabled (tor.skip-proxy-for-clearnet-targets=false) is completely normal and is how LND works under the hood if you are also advertising your IP. What is happening is that you still have an externalip or externalhosts set in your in your lnd.conf, which tells LND what IP to advertise to the network. When you set this, LND will create a uri for it regardless of the value of tor.skip-proxy-for-clearnet-targets.

In the UI, we grab this URI from LND itself and display it to you in the Node ID window. You can check this yourself by running:

sudo ~/umbrel/scripts/app compose lightning exec lnd lncli getinfo

You will see your Node ID’s listed under "uris".

Future plans:
The plan is to eventually add the ability to set an IP address right from Advanced Settings, so no manual editing of conf files will be necessary. We didn’t add this for the most recent update because we want to make some changes to the Lightning Node app’s backend before we roll this feature out. These changes will allow us to reliably show meaningful errors to the user even when LND crashes and can’t restart… Right now if you input an IP that LND cannot resolve properly or you have a dynamic IP that changes and LND can no longer resolve it, then LND crashes. Right now, technical users who already know how to manually change the lnd.conf can probably figure out what went wrong and fix it themselves. But we didn’t want to give everyone the ability to easily set an incorrect IP address from the UI and then require them to figure out what went wrong, reach out to us or the community, and have to manually SSH in to their server.