Slow down Machine After Installing TunnelSats

[thisrod29]

I installed TunnelSats on an Umbrel and apparently everything worked properly, but I didn't get to do a reboot.

A few days later I turned off tor through the Umbrel interface, because I understood that this would be my connection to umbrel and not the node to peers.

After the reboot the machine started to slow down, even without consuming CPU resources.

I then had to uninstall TunnelSats, which allowed me to re-sync the blockchain and no slowdown issues, but I couldn't get the LND anymore.

Then I tried to install TunnelSats again and the same slow issues came back. Do you have any documentation on what address settings should look like after installation?

Tks

[blckbx]

Hi @thisrod29,

A few days later I turned off tor through the Umbrel interface, because I understood that this would be my connection to umbrel and not the node to peers.

This refers to the option "remote access", correct?

After the reboot the machine started to slow down, even without consuming CPU resources.

What exactly is slowing down? The Umbrel GUI?

Do you have any documentation on what address settings should look like after installation?

In LND App there should be 2 address fields. You can take a look if you click the "..." button at the top right corner.

[thisrod29]

1) Yes, I'm referring to the "Remote TOR Access" setting from the Umbrel setup page

2) No, the whole machine slowed down, but after I manually reconfigured the DNS it got a lot better.

3) The Lightning Node app doesn't even open, and docker keeps restarting every minute. This only happens with NLD's docker. Bitcoin is synchronizing noramally. I see this when running the command below:

$ sudo docker ps | grep lightning [sudo] senha para thisrod: f8be0c62b4f8 getumbrel/app-proxy:v0.5.2 "docker-entrypoint.s…" 11 hours ago Up 11 hours 0.0.0.0:2101->2101/tcp, :::2101->2101/tcp lightning_app_proxy_1 c39d565f7d2d getumbrel/umbrel-lightning:v1.2.0 "docker-entrypoint.s…" 11 hours ago Up 11 hours 3006/tcp lightning_app_1 ae7245f56e5a getumbrel/tor:0.4.7.8 "tor" 11 hours ago Up 11 hours lightning_tor_1 f49a396317e4 lightninglabs/lnd:v0.17.4-beta "lnd '--configfile=/…" 11 hours ago Restarting (1) 16 seconds ago lightning_lnd_1 deebfeaaf263 boltz/boltz-lnd:1.2.7 "boltzd --lnd.host=\"…" 11 hours ago Up 11 hours 9002-9003/tcp ride-the-lightning_boltz_1 569b0d68fdd5 shahanafarooqui/rtl:0.14.1 "/data/entrypoint.sh" 11 hours ago Up 11 hours 3000/tcp ride-the-lightning_web_1 e82f826ae835 getumbrel/app-proxy:v0.5.2 "docker-entrypoint.s…" 11 hours ago Up 11 hours 0.0.0.0:3001->3001/tcp, :::3001->3001/tcp ride-the-lightning_app_proxy_1

[blckbx]

Please verify that wireguard is active and running: sudo wg show (do not post wireguard info here). It should show an active connection and some info about latest handshake. If so, it's working correctly.

[thisrod29]

Yes, Wireguard is working.

I'm suspicious that my modem/router isn't allowing forwarding through the VPN port provided in the TunnelSatsv2.conf file. But to set this up I need to know where I find the fixed VPN IP to set up on my modem/router.

Also, I realized that not mentioning, the equipment I'm using is not Raspberry Pi, as mentioned here (https://guide.tunnelsats.com/FAQ.html#which-setups-are-supported).

Here's my setup:

Dell Inc. G3 3579 16,0 GiB Intel® Core™ i7-8750H CPU @ 2.20GHz × 12 NV137 / Mesa Intel® UHD Graphics 630 (CFL GT2) 2TB Ubuntu 22.04.4 LTS 64 bits GNOME 42.9 Wayland

Could this be a problem?

[blckbx]

Yes, Wireguard is working.

Ok, that's good.

I'm suspicious that my modem/router isn't allowing forwarding through the VPN port provided in the TunnelSatsv2.conf file. But to set this up I need to know where I find the fixed VPN IP to set up on my modem/router.

There's no need to forward ports for VPN traffic to happen.

the equipment I'm using is not Raspberry Pi

Umbrel amd64 is not officially supported, nevertheless if it's pure ubuntu without virtualization and/or other network interferences like zerotier/tailscale, it should work right out of the box. Could you please check LND logs and also see if services are actively running like

sudo systemctl status nftables.service

[thisrod29]

Great.

$ sudo systemctl status nftables.service
[sudo] senha para thisrod: 
● nftables.service - nftables
     Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2024-03-18 08:33:31 -03; 1h 47min ago
       Docs: man:nft(8)
             http://wiki.nftables.org
    Process: 266 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
   Main PID: 266 (code=exited, status=0/SUCCESS)
        CPU: 17ms

mar 18 08:33:31 UmbrelOS systemd[1]: Finished nftables.

[thisrod29]

Digging deeper into the problem, I realized that there is some problem with the validation of the LND configuration file.

I turned the command:

sudo docker logs lightning_lnd_1 -f

I received the following error message

failed to load config: ValidateConfig: either bitcoin.active or litecoin.active must be set to 1 (true)

I just added the lines below in lnd.conf, but it didn’t make any difference

bitcoin.active=true
bitcoin.mainnet=true

[blckbx]

Ok, interesting. In latest Umbrel versions the lnd.conf should be pretty small and consisting of only a few lines. It should carry the TunnelSats config parameters:

[Application Options]
# the following placeholders {vpnDNS} and {vpnPort}
# are provided at the end of the setupv2.sh script
externalhosts={vpnDNS}:{vpnPort}

[Tor]
tor.streamisolation=false
tor.skip-proxy-for-clearnet-targets=true

[thisrod29]

I did as you indicated, but I noticed that syncrinization with the bitcoin blockchain has slowed down.

Apparently, it needs at least the line:

listen=0.0.0.0:9735

The lnc.conf updates the umbrel-lnd.conf parameters at umbrrel initialization. So, I kept only the information that was necessary.

The same problem follows. Any other suggestions?

Here's what the umbrel-lnd.conf settings look like

tlsautorefresh=true
sync-freelist=true
payments-expiration-grace-period=10000h
maxpendingchannels=10
minchansize=5000000
maxchansize=25000000
coop-close-target-confs=144
stagger-initial-reconnect=true
max-cltv-expiry=2016
max-commit-fee-rate-anchors=100
accept-keysend=true
accept-amp=true
gc-canceled-invoices-on-startup=true
gc-canceled-invoices-on-the-fly=true
alias={my-node-alias}
allow-circular-route=true
bitcoin.defaultchanconfs=3
bitcoin.basefee=1000
bitcoin.feerate=1500
bitcoin.timelockdelta=336
tor.skip-proxy-for-clearnet-targets=true
tor.streamisolation=false
watchtower.active=false
wtclient.active=true
wtclient.sweep-fee-rate=100
routerrpc.minrtprob=0.001
routerrpc.apriori.hopprob=0.7
routerrpc.apriori.weight=0.5
routerrpc.apriori.penaltyhalflife=2h
routerrpc.attemptcost=10
routerrpc.attemptcostppm=100
routerrpc.maxmchistory=100000
caches.channel-cache-size=500000
protocol.wumbo-channels=true
db.bolt.auto-compact=true
db.bolt.auto-compact-min-age=0h
rpcmiddleware.enable=true
routing.strictgraphpruning=true
listen=0.0.0.0:9735
externalhosts={vpnDNS}:{vpnPort}
tor.active=true
tor.V3=true

[blckbx]

The lnc.conf updates the umbrel-lnd.conf parameters at umbrrel initialization. So, I kept only the information that was necessary.

Perfect! TunnelSats parameter should be kept in a (manually created) lnd.conf. It gets merged with umbrel's umbrel-lnd.conf.

listen=0.0.0.0:9735 (besides other parameters) is not required because it's statically set on startup via exports.sh file, see https://github.com/getumbrel/umbrel-apps/blob/master/lightning/exports.sh#L12.

So basically only externalhosts and tor.skip-proxy-for-clearnet-targets should be provided.

[thisrod29]

Yes, I had already reviewed the export.sh file and seen it.

I've left only the lines below in lnd.conf.

[Application Options]
listen=0.0.0.0:9735
externalhosts={vpnDNS}:{vpnPort}

[tor]
tor.skip-proxy-for-clearnet-targets=true

But I honestly don't believe that this problem can be solved with these settings alone. I say this because the error message doesn't seem to make sense. It's like there's a configuration file validation process. I didn't find anything about it.

A few possibilities I thought about:

• RPC username and/or password error
• Incorrect IP or port in any tunnelsats or wireguard configuration
• Some corrupted file

Does it make sense?

The strangest thing of all is that even after the first error occurred I managed to synchronize the LND on 03/15 in the morning and left it running until 03/16 at 00:22 which suddenly stopped syncing. That was the last time the synchronization happened.

Do you think it's worth upgrading to version 1.0.0 that was recently lauched to see if it resolves or were the changes that were made more in the interface?

[blckbx]

Just to make sure: did you replace vpn host name and port as displayed by the setupv2.sh script?

A doubled entry of listen parameter can indeed cause trouble, so it's better to leave this one out for Umbrel.

Umbrel 1.0 has NOT been tested in any way yet.

[thisrod29]

Just to make sure: did you replace vpn host name and port as displayed by the setupv2.sh script? Yes

A doubled entry of listen parameter can indeed cause trouble, so it's better to leave this one out for Umbrel. Perfect! That's why I supressed all of duplicated parameters fromlnd.conf``

Umbrel 1.0 has NOT been tested in any way yet. Ok

[thisrod29]

I remembered now that I had installed peerswap earlier. When the problems started I disabled the service and uninstalled Elements Core.

As I'm out of options I re-enabled the service and re-installed Elements Core, but for now nothing has changed.

Can this cause this problem?

[blckbx]

Is the lnd error message gone now or does it still complain about invalid configuration?

[thisrod29]

Same massage:

failed to load config: ValidateConfig: either bitcoin.active or litecoin.active must be set to 1 (true)

[blckbx]

bitcoin.active is set by export.sh via command line. I don't quite understand why lnd still asks for it. Did you restart lnd container?

[thisrod29]

The lnd container restarts every 60s, but for all tests i've did I set down the umbrel node and start it again. Sometimes I reboot the machine.

[thisrod29]

I'm closing this ticket, becase it's not a TunnelSats issue. I've opened another issue on Umbrel

https://github.com/getumbrel/umbrel/issues/1752