Lightningd.service fail after installing Tunnelsats

[salenjak]

Hi,

I am trying to install Tunnels sats on my Raspiblitz node v1.10.0rc5 with CLN 23.11. but after install I am getting next message in terminal:

Restarting Core Lightning Job for lightningd.service failed because the control process exited with error code. See "systemctl status lightningd.service" and "journalctl -xe" for details.

submenu signaled exit code '1' --> forward to outside loop

admin@192.168.1.6:~ ₿ systemctl status lightningd.service ● lightningd.service - lightningd needs cgroup before it can start Loaded: loaded (/etc/systemd/system/lightningd.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/lightningd.service.d └─tunnelsats-cgroup.conf Active: activating (auto-restart) (Result: exit-code) since Mon 2023-12-11 15:42:53 GMT; 25s a> Process: 2007594 ExecStartPre=/home/admin/config.scripts/cl.check.sh prestart mainnet (code=exi> Process: 2007596 ExecStart=/usr/bin/cgexec -g net_cls:splitted_processes /bin/sh -c /usr/local/> Process: 2007597 ExecStartPost=/home/admin/config.scripts/cl.check.sh poststart mainnet (code=e> Main PID: 2007596 (code=exited, status=1/FAILURE) CPU: 1.579s

---

This is my CLN original config:

lightningd configuration for bitcoin mainnet

network=bitcoin log-file=cl.log plugin-dir=/home/bitcoin/cl-plugins-enabled

Tor settings

proxy=127.0.0.1:9050 bind-addr=127.0.0.1:9736 addr=statictor:127.0.0.1:9051/torport=9736 always-use-proxy=true

rpc-file-mode=0660 alias=blabla database-upgrade=true log-level=debug

---

This is new config for Tunnelsats:

lightningd configuration for bitcoin mainnet network=bitcoin log-file=cl.log plugin-dir=/home/bitcoin/cl-plugins-enabled

Tor

addr=statictor:127.0.0.1:9051/torport=9735 proxy=127.0.0.1:9050 always-use-proxy=false

VPN

bind-addr=0.0.0.0:9735 announce-addr=de2.tunnelsats.com:22084

rpc-file-mode=0660 alias=blabla database-upgrade=true log-level=debug

I have noticed that newer versions of CLN have different setuo for CLN config ("⚠️ CLN v23.08: Due to changes in DNS handling, please resolve VPN DNS {vpnDNS} to its original IP address {vpnIP} and enter as described below."). I have tried to edit config and replace announce-addr=de2.tunnelsats.com:22084 with announce-addr=myexternalip:22084 but CLN won't start even with this setup.

[blckbx]

I have tried to edit config and replace announce-addr=de2.tunnelsats.com:22084 with announce-addr=myexternalip:22084 but CLN won't start even with this setup.

Did you replace de2.tunnelsats.com with its underlying IP address 5.75.184.195 ?

[salenjak]

Yes.

config:

lightningd configuration for bitcoin mainnet

network=bitcoin log-file=cl.log plugin-dir=/home/bitcoin/cl-plugins-enabled

Tor

addr=statictor:127.0.0.1:9051/torport=9736 proxy=127.0.0.1:9050 always-use-proxy=false

VPN

bind-addr=0.0.0.0:9735 announce-addr=5.75.184.195:22084

rpc-file-mode=0660 alias=blabla database-upgrade=true log-level=debug

[salenjak]

dmin@192.168.1.6:~ ₿ sudo journalctl -fu lightningd -- Journal begins at Sun 2023-12-10 10:05:05 GMT. -- Dec 11 17:39:59 raspberrypi systemd[1]: Starting lightningd needs cgroup before it can start... Dec 11 17:39:59 raspberrypi systemd[2802122]: lightningd.service: Executable /home/admin/config.scripts/cl.check.sh missing, skipping: No such file or directory Dec 11 17:39:59 raspberrypi systemd[2802124]: lightningd.service: Executable /home/admin/config.scripts/cl.check.sh missing, skipping: No such file or directory Dec 11 17:39:59 raspberrypi systemd[1]: lightningd.service: Can't open PID file /run/lightningd/lightningd.pid (yet?) after start-post: Operation not permitted Dec 11 17:40:00 raspberrypi cgexec[2802125]: lightningd: Config file /home/bitcoin/.lightning/config line 8: addr=statictor:127.0.0.1:9051/torport=9736: unknown option Dec 11 17:40:00 raspberrypi systemd[1]: lightningd.service: Main process exited, code=exited, status=1/FAILURE Dec 11 17:40:00 raspberrypi systemd[1]: lightningd.service: Daemon never wrote its PID file. Failing. Dec 11 17:40:00 raspberrypi systemd[1]: lightningd.service: Failed with result 'exit-code'. Dec 11 17:40:00 raspberrypi systemd[1]: Failed to start lightningd needs cgroup before it can start. Dec 11 17:40:00 raspberrypi systemd[1]: lightningd.service: Consumed 1.435s CPU time. Dec 11 17:40:30 raspberrypi systemd[1]: lightningd.service: Scheduled restart job, restart counter is at 239. Dec 11 17:40:30 raspberrypi systemd[1]: Stopped lightningd needs cgroup before it can start. Dec 11 17:40:30 raspberrypi systemd[1]: lightningd.service: Consumed 1.435s CPU time. Dec 11 17:40:30 raspberrypi systemd[1]: Starting lightningd needs cgroup before it can start... Dec 11 17:40:30 raspberrypi systemd[2805442]: lightningd.service: Executable /home/admin/config.scripts/cl.check.sh missing, skipping: No such file or directory Dec 11 17:40:30 raspberrypi systemd[2805449]: lightningd.service: Executable /home/admin/config.scripts/cl.check.sh missing, skipping: No such file or directory Dec 11 17:40:30 raspberrypi systemd[1]: lightningd.service: Can't open PID file /run/lightningd/lightningd.pid (yet?) after start-post: Operation not permitted Dec 11 17:40:32 raspberrypi cgexec[2805457]: lightningd: Config file /home/bitcoin/.lightning/config line 8: addr=statictor:127.0.0.1:9051/torport=9736: unknown option Dec 11 17:40:32 raspberrypi systemd[1]: lightningd.service: Main process exited, code=exited, status=1/FAILURE Dec 11 17:40:32 raspberrypi systemd[1]: lightningd.service: Daemon never wrote its PID file. Failing. Dec 11 17:40:32 raspberrypi systemd[1]: lightningd.service: Failed with result 'exit-code'. Dec 11 17:40:32 raspberrypi systemd[1]: Failed to start lightningd needs cgroup before it can start. Dec 11 17:40:32 raspberrypi systemd[1]: lightningd.service: Consumed 1.647s CPU time.

[salenjak]

Maybe this is a problem?

Dec 11 17:40:32 raspberrypi cgexec[2805457]: lightningd: Config file /home/bitcoin/.lightning/config line 8: addr=statictor:127.0.0.1:9051/torport=9736: unknown option

[blckbx]

Could it be that you are missing the bind for Tor here:

bind-addr=127.0.0.1:9736

I don't think this option is unknown. RaspiBlitz adds the same:

addr=statictor:127.0.0.1:9051/torport=9736

https://github.com/raspiblitz/raspiblitz/blob/v1.10/home.admin/config.scripts/cl.install.sh#L284

[salenjak]

I don't know. Maybe this is a problem: Dec 11 17:39:59 raspberrypi systemd[1]: Starting lightningd needs cgroup before it can start...

Or something in config.

This is my CLN config.

network=bitcoin
log-file=cl.log
plugin-dir=/home/bitcoin/cl-plugins-enabled

Tor

addr=statictor:127.0.0.1:9051/torport=9736 proxy=127.0.0.1:9050 bind-addr=127.0.0.1:9736 always-use-proxy=false

VPN

bind-addr=0.0.0.0:9735 announce-addr=5.75.184.195:22084

rpc-file-mode=0660 alias=blabla database-upgrade=true
log-level=debug

[blckbx]

This looks all good. One more thing, make sure there is no empty line between the options. This was a problem in earlier versions, not sure if this still persists.

[salenjak]

I have removed empty line but still not working.

network=bitcoin log-file=cl.log plugin-dir=/home/bitcoin/cl-plugins-enabled addr=statictor:127.0.0.1:9051/torport=9736 proxy=127.0.0.1:9050 bind-addr=127.0.0.1:9736 always-use-proxy=false bind-addr=0.0.0.0:9735 announce-addr=5.75.184.195:22084 rpc-file-mode=0660 alias=blabla database-upgrade=true log-level=debug

[salenjak]

I have tried to run sudo bash setupv2.sh, but this time I selected LND as default.

It works.

But I need VPN for CLN and there is some problem with 9736 port.

[blckbx]

But I need VPN for CLN and there is some problem with 9736 port.

Do you run LND and CLN on the same system? Port 9736 is used by Tor for CLN.

[salenjak]

Yes. Both

[blckbx]

Yes. Both

Oh this could be the reason because: "only one lightning implementation per system is supported (configured to port 9735)"

[salenjak]

I have tried to follow instructions on https://guide.tunnelsats.com and tried to follow this ones https://raspibolt.org/guide/bonus/lightning/tunnelsats.html.

Maybe I need to add something in LND config if I want to run both implementations, but CLN being main one behind VPN and Tor.

[blckbx]

Ok, you could try to set LND p2p port to something else like 9737.

[salenjak]

Can you show me example of LND config to set p2p port to something else like 9737. Is listen=:9737 ok?

[blckbx]

Can you show me example of LND config to set p2p port to something else like 9737. Is listen=:9737 ok?

Are you running LND Tor-only? If so, no listen port needs to be set. I guess this is default on RaspiBlitz.

[Application Options]
listen=localhost
...
[tor]
tor.active=true
tor.v3=true
tor.streamisolation=true

[salenjak]

The problem was ClearnetPort.

Install setupv2.sh script suggest next:

VPN

bind-addr=0.0.0.0:9735

Correct setting:

VPN

bind-addr=0.0.0.0:VPNPort sudo grep "#VPNPort" /etc/wireguard/tunnelsatsv2.conf | awk '{ print $3 }'

[salenjak]

https://github.com/raspiblitz/raspiblitz/issues/2787#issuecomment-1173425297

[blckbx]

The problem was ClearnetPort.

Install setupv2.sh script suggest next:

VPN

bind-addr=0.0.0.0:9735

Correct setting:

VPN

bind-addr=0.0.0.0:VPNPort sudo grep "#VPNPort" /etc/wireguard/tunnelsatsv2.conf | awk '{ print $3 }'

I'm not sure if this is correct. For VPN, we route outgoing traffic from 9735 through the VPN: internal 9735 -> Wireguard -> VPN IP / VPN Port and incoming traffic from the assigned VPN endpoint to LN implementation: VPN IP/Port -> Wireguard -> internal 9735

Please confirm that your config works as intended by checking your reachability with portchecker.co (enter vpn ip/port). If it says "open", CLN is reachable.

[salenjak]

5.75.184.195:22084 (Closed)

[blckbx]

But interesting, that CLN starts up fine now with the new bind port set. No more config line error?

[salenjak]

I don't see any errors.

CORE LIGHTNING (MAINNET) SYSTEMD STATUS ● lightningd.service - lightningd needs cgroup before it can start Loaded: loaded (/etc/systemd/system/lightningd.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/lightningd.service.d └─tunnelsats-cgroup.conf Active: active (running) since Wed 2023-12-13 10:37:56 GMT; 1h 36min ago Process: 9591 ExecStartPre=/home/admin/config.scripts/cl.check.sh prestart mainnet (code=exited, status=0/SUCCESS) Process: 9608 ExecStartPost=/home/admin/config.scripts/cl.check.sh poststart mainnet (code=exited, status=0/SUCCESS) Main PID: 9622 (lightningd) Tasks: 20 (limit: 9352) CPU: 55.938s CGroup: /system.slice/lightningd.service ├─ 9607 /bin/sh -c /usr/local/bin/lightningd --conf=/home/bitcoin/.lightning/config --pid-file=/run/lightningd/lightningd.pid --rpc-file-mode 0660 ├─ 9622 /usr/local/bin/lightningd --conf=/home/bitcoin/.lightning/config --pid-file=/run/lightningd/lightningd.pid --rpc-file-mode 0660 ├─ 9779 /usr/local/libexec/c-lightning/plugins/autoclean ├─ 9780 /usr/local/libexec/c-lightning/plugins/chanbackup ├─ 9781 /usr/local/libexec/c-lightning/plugins/bcli ├─ 9782 /usr/local/libexec/c-lightning/plugins/commando ├─ 9788 /usr/local/libexec/c-lightning/plugins/funder ├─ 9789 /usr/local/libexec/c-lightning/plugins/topology ├─ 9790 /usr/local/libexec/c-lightning/plugins/keysend ├─ 9792 /usr/local/libexec/c-lightning/plugins/offers ├─ 9796 /usr/local/libexec/c-lightning/plugins/pay ├─ 9797 /usr/local/libexec/c-lightning/plugins/txprepare ├─ 9799 /usr/local/libexec/c-lightning/plugins/cln-renepay ├─ 9800 /usr/local/libexec/c-lightning/plugins/spenderp ├─ 9801 /usr/local/libexec/c-lightning/plugins/sql ├─ 9803 /usr/local/libexec/c-lightning/plugins/bookkeeper ├─ 9805 python3 /home/bitcoin/cl-plugins-available/plugins/backup/backup.py ├─10042 /usr/local/libexec/c-lightning/lightning_hsmd ├─10934 /usr/local/libexec/c-lightning/lightning_connectd └─11069 /usr/local/libexec/c-lightning/lightning_gossipd

Dec 13 10:37:56 raspberrypi systemd[1]: lightningd.service: Supervising process 9622 which is not our child. We'll most likely not notice when it exits. Dec 13 10:37:56 raspberrypi systemd[1]: Started lightningd needs cgroup before it can start.

LAST CORE LIGHTNING (MAINNET) INFO LOGS For details also use command --> cllog sudo tail -n 50 /home/bitcoin/.lightning/bitcoin/cl.log 2023-12-13T11:36:04.745Z DEBUG lightningd: io_loop: plugins_exclusive_loop 2023-12-13T11:36:04.757Z DEBUG gossipd: REPLY WIRE_GOSSIPD_NEW_BLOCKHEIGHT_REPLY with 0 fds 2023-12-13T11:36:10.580Z DEBUG lightningd: Feerate estimate for 6 blocks set to 29129 (was 29125) 2023-12-13T11:36:33.294Z DEBUG gossipd: seeker: no peers, waiting 2023-12-13T11:36:41.046Z DEBUG lightningd: Feerate estimate for 2 blocks set to 37232 (was 39801) 2023-12-13T11:37:33.349Z DEBUG gossipd: seeker: no peers, waiting 2023-12-13T11:38:30.455Z DEBUG plugin-autoclean: setting next timer 2023-12-13T11:38:33.357Z DEBUG gossipd: seeker: no peers, waiting 2023-12-13T11:39:33.385Z DEBUG gossipd: seeker: no peers, waiting 2023-12-13T11:40:33.441Z DEBUG gossipd: seeker: no peers, waiting 2023-12-13T11:41:33.498Z DEBUG gossipd: seeker: no peers, waiting

[blckbx]

And does CLN + TunnelSats work if LND is stopped?

[salenjak]

Ok. I have removed LND to try and now it works, but only when tor port is being 9736.

I assume this is ok.

When checking on https://portchecker.co/check-it for 5.75.184.195:22084 it shows the port is open.

lightningd configuration for bitcoin mainnet

network=bitcoin log-file=cl.log
plugin-dir=/home/bitcoin/cl-plugins-enabled

Tor settings

proxy=127.0.0.1:9050 bind-addr=127.0.0.1:9736 addr=statictor:127.0.0.1:9051/torport=9736 always-use-proxy=false
bind-addr=0.0.0.0:9735 announce-addr=5.75.184.195:22084 rpc-file-mode=0660 alias=uztutuu database-upgrade=true
log-level=debug

Thanks for helping blckbx :)

[blckbx]

One last thing to try to get both implementations running is to force LND to use another port for listen.

lnd.conf

listen=localhost:9737

This would also require a change to the hidden service entry for LND in the torrc file:

HiddenServicePort 9735 127.0.0.1:9737