/
Lightning on Bitcoin Core (lnd)

Lightning on Bitcoin Core (lnd)

Owned by Charles Wernicke
Last updated: Sep 20, 2024
11 min read

The Lightning Network can be used with any node software that supports SegWit. In this example, we'll demonstrate the steps to install Lightning with Bitcoin Core. This guide is intended to merely demonstrate specific commands for installing an LND node for use with CAS.

DO NOT INSTALL NODES ON THE SAME HOST AS YOUR CAS.

Using a single server for multiple systems is dangerous (for multiple reasons) and discouraged.

If you need an introduction to Lightning. Please learn the intricacies & nuances of the Lightning network at introductory sites such as: https://bitcoiner.guide/lightning/

This article is not intended to describe usage of the Lightning Network or transmission/receipt of payments.

In this example, an LND node will be installed on top of a Bitcoin Core node.

This article implements LND v0.18.1.

1. Setup a Bitcoin Core node (as illustrated here).

2. Configure Bitcoin Core.

a) Open the Bitcoin Core config file for editing (default shown):

sudo nano "$HOME/.bitcoin/bitcoin.conf"

The bitcoin.conf may exist in several places, but only one will be active. You’ll need to determine which one is active to edit the correct file. Search for all config files first:

find / -name bitcoin.conf -print 2>/dev/null

Typically, whoever executed bitcoind will have the .bitcoin folder in their home directory.

  • So look in your $HOME/.bitcoin or /root/.bitcoin folders first (assuming you started bitcoind).

  • Note your rpcuser & rpcpass located in the config file for later use (below).

b) Add these additional settings to the config file.

They are required for lnd and bitcoind to communicate.

# Block and Transaction Broadcasting with ZeroMQ zmqpubrawblock=tcp://127.0.0.1:29000 zmqpubrawtx=tcp://127.0.0.1:29001

  • Save & exit nano (Ctrl-X).

c) Restart Bitcoin Core to load the new settings.

3. Install LND.

a) Download the LND pre-compiled tarball:

Lightning is currently “beta” software. There is no other type (at this time).

  • Don’t be alarmed by the “beta” tag in the filename.

latest=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/lightningnetwork/lnd/releases/latest) lnversion=${latest##*/} wget "https://github.com/lightningnetwork/lnd/releases/download/$lnversion/lnd-linux-amd64-$lnversion.tar.gz"

b) Verify the file’s integrity (recommended):

See: https://github.com/lightningnetwork/lnd/releases

c) Extract the program to the system path.

WARNING: any existing version will overwritten!

sudo tar -C /usr/local/bin --strip-components=1 -xzf "lnd-linux-amd64-$lnversion.tar.gz"

4. Configure LND.

Create the default LND directory:

mkdir ~/.lnd

Create and secure the LND configuration file:

touch ~/.lnd/lnd.conf chmod 0600 ~/.lnd/lnd.conf

Open the configuration file for modification:

nano ~/.lnd/lnd.conf

Add these entries to the lnd.conf file:

[Application Options] maxpendingchannels=10 restlisten=127.0.0.1:8088 alias=gbdemo-lnd color=#C413D1 [Bitcoin] bitcoin.active=1 bitcoin.mainnet=1 bitcoin.node=bitcoind [Bitcoind] bitcoind.rpcuser=[put your bitcoind RPC user name here] bitcoind.rpcpass=[put your bitcoind RPC password here] # defaults; ZMQ is used by Lightning to communicate with BTC Core bitcoind.zmqpubrawblock=tcp://127.0.0.1:29000 bitcoind.zmqpubrawtx=tcp://127.0.0.1:29001

  • Add the correct credentials for bitcoind.rpcuser and bitcoind.rpcpass (determined during your Bitcoin Core installation). LND uses the RPC credentials to communicate with Bitcoin Core.

  • Note: the “restlisten” port is an important CAS parameter, and can be changed (as needed) to avoid conflicts with other services that may be running on your node server.

  • the alias “gbdemo-lnd” will be broadcast to the world. Choose another alias carefully.

  • Save & exit nano (Ctrl-X).

5. Start the node.

a) Start the daemon.

lnd

The node will stop & complain that that the wallet is locked. You’ll need to create one (next).

  • If you already have a LN wallet, unlock the wallet when requested.

b) Create a new LN wallet.

If you already have a LN wallet in place, then unlock it now (in a new window) and skip this step.

  • Do not close the original (daemon) window while unlocking the wallet.

The node (lnd) must already be running in the background, and it must continue to run in the background while creating a new LN wallet. The Ubuntu screen utility or tmux utility is perfect for this - or you may use 2 separate terminal windows. Either approach will work. Create the wallet in a different window from the already running server daemon (LND) window.

lncli create

  • Enter a new password. You’ll need this password every time you start the node. Make it memorable.

The Lightning node will now begin synchronizing. It won’t take very long (about an hour). It depends upon the underlying Bitcoin node. Both nodes must operate simultaneously.

You’ll need to unlock the wallet every time you start/restart the Lightning node.

  • Use lncli unlock to unlock the wallet when requested.

6. Fund the node.

The node will need to be funded for a channel to be opened. This involves sending an opening transaction to your LN node from a Bitcoin wallet. Obviously, if you already have already funded your node, skip to the next step - you need not fund it again (unless you have insufficient funds).

a) Create a new LIGHTNING deposit address.

A deposit address is required to add BTC to fund your LN wallet. You may create as many deposit addresses as you like; they all fund the same LN node. The BTC sent to the LN wallet remains in the LN wallet until explicitly transferred elsewhere (or spent in LN transactions).

lncli newaddress p2tr

  • Creates a “pay-to-taproot” wallet, to which you’ll send Bitcoin to fund a channel (put BTC in escrow).

image-20240702-220319.png

A Lightning Channel is a type of temporary ledger that commits a certain amount of Bitcoin to all the contained, aggregate transactions. Think of it as a deposit, an amount that’s held in escrow until the channel is closed. When the channel closes, the tallies are committed to the Bitcoin blockchain (resulting in a finalizing transaction with normal BTC mining fees).

b) Fund the new wallet.

Use: lncli channelbalance to view any existing balances already committed to a channel.

If you have not yet funded your wallet, send a suitable amount of Bitcoin to the address created in the previous step. The minimum amount is 0.0002 BTC (= 20,000 Satoshis).

Wait for the requisite confirmations (normally 3), then check your funding wallet balance:

lncli walletbalance

  • in this example, I’ve sent a trivial example amount of 20,000 Satoshis to my funding wallet.

  • In production, you’ll send much more (for a larger, more practical channel).

  • See: Funding Guidelines

c) Create (open) a Payment Channel.

Some helpful advice: https://github.com/openoms/lightning-node-management

You must open a channel to someone else on the Lightning network. It doesn’t really matter who it is, but it should be a channel that fits your specific needs.

  • Their channel capacity must be greater than your intended funding (or it will fail to open),

  • e.g. the channel capacity I select must exceed my funding of 20,000 Satoshis.

lncli listchannels

  • shows that NO channels are currently open. You can’t send any LN on the network, until you connect a channel to another node, so pick a channel from any suitable explorer.

Some popular Lightning Channel Explorers:

In this example, I’ll use the Lightning node listed by General Bytes:

  • 02254f26976d6487f7664aa941e006642ac3f3974d20c19f4117069e5803418dbe@ln1.generalbytes.com

We’ll use this info (from the Lightning explorer website) to extract 2 required channel details.

  • public key = 02254f26976d6487f7664aa941e006642ac3f3974d20c19f4117069e5803418dbe

  • node address = ln1.generalbytes.com

The final required piece is the amount. You’ll have to commit a certain amount to the initial transaction, and this will be locked up (you can’t spend the Bitcoin) until the final transaction is broadcast. If you commit 20,000 Satoshis to the channel, then that will be the maximum amount you can send back & forth.

In this example, I’ll commit the total & trivial amount of 20,000 Satoshis. This is the resulting command:

lncli openchannel --node_key 02254f26976d6487f7664aa941e006642ac3f3974d20c19f4117069e5803418dbe --connect ln1.generalbytes.com --local_amt 20000

  • If successful, the request will return the funding transaction ID:

image-20240716-173709.png

  • The transaction (as with any Bitcoin Tx) may then take anywhere from minutes to hours to confirm.

FUNDING GUIDELINES

Normally, you’ll commit the largest expected transaction amounts to the channel (much more than 20000 Satoshis). This amount is for demonstration only. We can’t suggest a number that fits your needs - only you can possibly have those details.

  • The minimum amount required to open a channel is 20,000 Satoshis (.0002 BTC).

  • Many channels require a minimum of 500,000 Satoshis (.005 BTC).

  • There is no maximum (except what you commit to the funding transaction).

  • The capacity of the channel to which you decide to connect - must be a larger amount.

    • e.g. a channel with a capacity of 1 BTC can only open channels less than 1 BTC.

d) Monitor your payment channel(s).

At any time, check your channel state using the lncli listchannels command demonstrated (above). It will take a certain amount of time to open the channel, but once it confirms (and the channel activates), you’ll see an active channel as shown here, using:

lncli listchannels

  • no channels listed probably means the channel is still pending. It may take hours+ to confirm.

    • use lncli pendingchannels to examine the situation (and other channels that might also be in limbo - such as closed channels).

  • The channel will also automatically deduct the closing transaction’s mining fees from your deposit.

    • e.g. while 20,000 satoshis were deposited, only the local_balance (19,273 satoshis) were available for spending. The current estimated mining fees (727 satoshis) for the closing transaction - are withheld.

Until a channel is fully opened (active), you cannot use your node for transactions!

7. Setup a secure tunnel for encrypted communication.

Your CAS server and this node must have a secure method of communicating. Your passphrase and other sensitive information will be passed back & forth, so encrypt (and protect) this communication by using a secure SSH tunnel. You have 2 different tunnel options; never use both (one or the other).

The GB Wallet Tunnel is recommended.

Option 1: General Bytes has incorporated an open-source SSH client into CAS.

Option 2 (unsupported by GB):

Build an SSH tunnel (instead of the GB Wallet Tunnel), see: https://generalbytes.atlassian.net/l/cp/b7j5AVHA

  • For those instructions, set FORWARDED_PORT=8088

Your Lightning node is now functional and ready for CAS.

  • Next, configure your Lightning node for specific use with CAS.

8. Prepare the parameters for the CAS Crypto Setting

This final step is also discussed here:lnd - BTC via Lightning Parameters

In a text file, on a single line, assemble these parameters. Each parameter is separated by only a single colon (no spaces). This example uses spaces only for clarity of view (don’t use spaces)!

The Parameter string includes these pieces:

url : macaroon : cert

Here’s a simple script to assemble the parameters:

url="https://$( wget -qO - ipv4.icanhazip.com ):$( cat ~/.lnd/lnd.conf | grep 'restlisten=' | cut -f2 -d':' )" macaroon=$( xxd -ps -u -c10000 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon ) cert=$( xxd -ps -u -c10000 ~/.lnd/tls.cert ) echo -e "Your assembled CAS parameter string:\n$url:$macaroon:$cert"

  • This script assumes you use the GB Wallet Tunnel.

Details matter.

In the event you have trouble above (or implement a custom solution), manually verify this data:

1. url

The first parameter is the URL, and it varies upon your implementation.

Common between all implementations is the “restlisten=” port you set in the ~/.lnd/lnd.conf file (step 8 way at the beginning). The example supplied port 8088, so if you haven’t deviated from the examples, then we know it’s 8088. To be certain, you may execute this:

cat ~/.lnd/lnd.conf | grep "restlisten=" | cut -f2 -d':'

  • If the result is empty, STOP. You better restart from the beginning.

  • Whatever number is returned: is the port you’ll need to append to the URL.

The base URL will be one (or the other) of these two:

  1. You used the GB Wallet Tunnel: use the URL or IP of that node server,

    1. e.g. if your public IP is “123.123.123.123”, then the URL will be: https://123.123.123.123

  2. You created your own tunnel, use: https://127.0.0.1

Finally, append the port to the URL. This is your “url”.

https://123.123.123.123:8088

2. macaroon:cert

These files are used for secure interprocess communication (between CAS and LND). The contents must be converted & entered as hex in the CAS parameters:

  • ~/.lnd/tls.cert

  • ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon

These 2 lines accomplish this:

xxd -ps -u -c10000 ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon xxd -ps -u -c10000 ~/.lnd/tls.cert

Separate the 2 results with a colon, and append to the parameter string (which already has the url).

Example parameter string:

https://123.123.123.123:8088:0201036C6E6402F801030A10F4E593E228A73119BCD52FCCAC68D6B71201301A160A0761646472657373120472656164120577726974651A130A04696E666F120472656164120577726974651A170A08696E766F69636573120472656164120577726974651A210A086D616361726F6F6E120867656E6572617465120472656164120577726974651A160A076D657373616765120472656164120577726974651A170A086F6666636861696E120472656164120577726974651A160A076F6E636861696E120472656164120577726974651A140A057065657273120472656164120577726974651A180A067369676E6572120867656E657261746512047265616400000620DB23D44E6B093EBDA381B7DDF706D74FC95CAF57591861639102DF98F9A8143A:2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0A4D4949434B7A4343416447674177494241674952414B37706E43587132384F53426E7839416F4B4C65455977436759494B6F5A497A6A3045417749774E4445660A4D4230474131554543684D576247356B494746316447396E5A57356C636D46305A57516759325679644445524D4138474131554541784D49596D7868593274690A623367774868634E4D6A45774F4445344D6A45794D6A51795768634E4D6A49784D44457A4D6A45794D6A5179576A41304D523877485159445651514B45785A730A626D5167595856306232646C626D56795958526C5A43426A5A584A304D5245774477594456515144457768696247466A61324A766544425A4D424D47427971470A534D34394167454743437147534D343941774548413049414244594130456175316E572F30794B6F7050684F77394E7838653038576A61515771394D596B57790A514759486235574D2B7A2B36426D6E59447643484A662B496643362B7842435A704739756153393675426D364941436A67634D776763417744675944565230500A4151482F4241514441674B6B4D424D47413155644A51514D4D416F47434373474151554642774D424D41384741315564457745422F7751464D414D42416638770A485159445652304F42425945464F3743484939364F73796E2F636569664E6964546A68614B6174674D476B4741315564455152694D47434343474A7359574E720A596D393467676C7362324E6862476876633353434248567561586943436E56756158687759574E725A58534342324A315A6D4E76626D364842483841414147480A454141414141414141414141414141414141414141414748424D436F2F6D4F484550364141414141414141414773424E2F2F343978703477436759494B6F5A490A7A6A30454177494453414177525149674C686E787269395775744876485536456859626E42337434594C6E4E5A713544714B665A36584F4F6E356B43495144320A4B446963706457776F7073737277766C355968634A45425A525631344D46764238422B76335A6B744B673D3D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0A

Finally, configure CAS.

Once you have the required information assembled, proceed to configure CAS:

Notes

IMPORTANT

A Lightning channel requires 2 Bitcoin transactions:

  • an opening transaction (funding) and

  • a closing transaction (settlement).

The Bitcoin doesn’t return to your original BTC wallet until the Lightning Channel is closed. There are a number of ways a channel may close (some deliberate - some not) but it must be closed to release your BTC funding tx. It will be locked up inside the channel until that final, closing transaction confirms.

  • A BTC mining fee is assessed for the “opening” transaction (funding), and

  • a BTC mining fee is assessed for the “closing” transaction (settlement).

After the channel is closed, it may take up to 2 weeks before the final transaction is posted!

Backups

Your Lightning wallet can be recovered from the seed generated during creation.

Closing a channel:

If you’ve decided that the channel you’ve opened is insufficient (too small) or problematic (bad routing), you can close the channel one of 2 ways.

First, get the channel details:

lncli listchannels

  • Locate channel_point.

  • NOTE: the 2 required parameters are separated by a colon in listchannels.

    • Replace the colon with a space when passing the parameters to closechannel.

  • When active = true, you may close cooperatively. When false, use option 2 (forced).

Option 1 (best; cooperative):

Close an active channel with a closing transaction.

  • Request closure using: lncli closechannel funding_txid channel_point e.g.

    • lncli closechannel 926fb8fc1aa69432bcaa7e4aa7b0cf9cde6f24378870b8a22b92eb036175ac1e 1

      • 926fb8fc1aa69432bcaa7e4aa7b0cf9cde6f24378870b8a22b92eb036175ac1eis the funding transaction ID.

      • 1 is the output_index from channel_point

  • The closing transaction should settle and your funds should become available within a few mining confirmations.

Option 2 (forced; unilateral );

Closes any channel, but may take a few weeks to recover your funding. In some situations you have no choice, such as when the channel goes inactive.

lncli --force closechannel 926fb8fc1aa69432bcaa7e4aa7b0cf9cde6f24378870b8a22b92eb036175ac1e

  • The funds may take a few weeks to return to your wallet. Use only as a last resort!

The BTC will remain in your node until you specifically and manually send them elsewhere.

  • To send BTC from your Lightning wallet, use: lncli sendcoins --addr=<address> --amt=all

Additional resources:

https://github.com/lightningnetwork/lnd/blob/master/docs/INSTALL.md

GitHub - alexbosworth/run-lnd: Rundown on running LND

Wallet Management | Builder's Guide

https://docs.lnpay.co/api/lnurl-withdraw/how-does-lnurl-withdraw-work

LND Overview and Developer Guide

Related content

Copyright © 2020-2024 General Bytes USA LLC