Enable and use REST with lnd - LAN

[rocky3xr]

I'm on testnet and I want to check if REST works, following your steps in the bonus Enable and use REST with lnd - LAN

Restart lnd and Unlock Wallet

admin ~  ฿  sudo systemctl restart lnd
admin ~  ฿  lncli unlock

Test

Replace CHANGE_ME with your.LAN.ip.address

admin ~  ฿ lncli getinfo
{"identity_pubkey":"022e...1ecdb56c5941020d4",....,"best_header_timestamp":"1524352102"}

admin ~  ฿ sudo curl --insecure  --header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000  /home/admin/.lnd/admin.macaroon)"   https://CHANGE_ME:8080/v1/getinfo
{"identity_pubkey":"022e...1ecdb56c5941020d4",....,"best_header_timestamp":"1524352102"}

When I'm goint to test this, I get this.

admin ~ ฿ lncli getinfo
{
    "identity_pubkey": "028f3c4810309135558b8bb6adbb05615c36aa5fa93e0b48ab9c077f8317aa7dec",
    "alias": "028f3c4810309135558b",
    "num_pending_channels": 0,
    "num_active_channels": 4,
    "num_peers": 3,
    "block_height": 1356185,
    "block_hash": "0000000000000016f5497fe89a675befc4c1005c92696560e34d023449dc2adc",
    "synced_to_chain": true,
    "testnet": true,
    "chains": [
        "bitcoin"
    ],
    "uris": [
        "028f3c4810309135558b8bb6adbb05615c36aa5fa93e0b48ab9c077f8317aa7dec@79.156.70.65:9735"
    ],
    "best_header_timestamp": "1532961559",
    "version": "0.4.2-beta commit=7cf5ebe2650b6798182e10be198c7ffc1f1d6e19"
}
admin ~ ฿ sudo curl --insecure  --header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000  /home/admin/.lnd/admin.macaroon)"   https://192.168.1.2:8080/v1/getinfo
curl: (7) Failed to connect to 192.168.1.2 port 8080: Connection refused

The fact is that I have my 8080 UTC/UDP ports opened for 192.168.1.2 I don't find the issue

[whiteyhat]

hey @robclark56 This a good issue. Because I am having the same problem as @rocky3xr !

[robclark56]

Maybe I forgot to add a the step to add a firewall rule???

Please post the result of this: admin ~ ฿ sudo su root@RaspiBolt:/home/admin# sudo ufw status

[rocky3xr]

Hello @robclark56 thanks for your reply, We are finishing the website satoshis.games and we just need the .PHP for the payment of the games to enter in the competition.

root@RaspiBolt:/home/admin# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       192.168.1.0/24             # allow SSH from local LAN
50002                      ALLOW       192.168.1.0/24             # allow Electrum from local LAN
9735                       ALLOW       Anywhere                   # allow Lightning
8333                       ALLOW       Anywhere                   # allow Bitcoin mainnet
18333                      ALLOW       Anywhere                   # allow Bitcoin testnet
8080                       ALLOW       Anywhere                   # allow REST from WAN
10009                      ALLOW       192.168.0.0/24             # allow lnd rpc from Local LAN
10009                      ALLOW       Anywhere                   # allow rpc host REST
9735 (v6)                  ALLOW       Anywhere (v6)              # allow Lightning
8333 (v6)                  ALLOW       Anywhere (v6)              # allow Bitcoin mainnet
18333 (v6)                 ALLOW       Anywhere (v6)              # allow Bitcoin testnet
8080 (v6)                  ALLOW       Anywhere (v6)              # allow REST from WAN
10009 (v6)                 ALLOW       Anywhere (v6)              # allow rpc host REST

This is my admin ~ ฿ sudo nano /home/bitcoin/.lnd/lnd.conf

# RaspiBolt LND Mainnet: lnd configuration
# /home/bitcoin/.lnd/lnd.conf

[Application Options]
ebuglevel=info
debughtlc=true
maxpendingchannels=5
alias=RaspiBolt [LND]
color=#68F442

[Bitcoin]
bitcoin.active=1

# enable either testnet or mainnet
bitcoin.testnet=1
#bitcoin.mainnet=1

bitcoin.node=bitcoind

[autopilot]
autopilot.active=1
autopilot.maxchannels=5
autopilot.allocation=0.6

[Application Options]
rpclisten=localhost:10009
rpclisten=192.168.1.2:10009
restlisten=192.168.1.2:8080

Beside this my Router ports are opened However, If I go to check my ports availability, I get this :S

I'm getting crazy because it doesn't make sense at all

[robclark56]

1) I see one typo ... but it will have no effect on this problem [Application Options] ebuglevel=info <---- should be debuglevel

2) I had a problem using 8080 as my router was configured to use 8080 as its external management port. - so was 'stealing' any traffic coming in to 8080. (But that should NOT affect testing on the LAN). So I had to use port 8081 for testnet and 8082 for mainnet Here is my testnet lnd.conf

NOTE: I have two restlisten entries !!!

# RaspiBolt LND Testnet: lnd configuration
# /home/bitcoin/.lnd/testnet/lnd.conf

[Application Options]
debuglevel=info
debughtlc=true
maxpendingchannels=5
alias=xxxxxxxxxx
color=#68F442

datadir=/home/bitcoin/.lnd/testnet/data
logdir=/home/bitcoin/.lnd/testnet/logs
listen=0.0.0.0:19735
rpclisten=localhost:11009
restlisten=localhost:8081
tlsextradomain=my.fqdn
restlisten=10.1.1.141:8081
rpclisten=10.1.1.141:11009

[Bitcoin]
bitcoin.active=1

# enable either testnet or mainnet
bitcoin.testnet=1
#bitcoin.mainnet=1
bitcoin.node=bitcoind

[Bitcoind]
bitcoind.zmqpath=tcp://127.0.0.1:28332
bitcoind.rpcuser=xxxxxxxxx
bitcoind.rpcpass=xxxxxxxxxxxx

[autopilot]
autopilot.active=1
autopilot.maxchannels=20
autopilot.allocation=0.6

Here is my Raspi Firewall for port 8081 No doubt some redundancy in here as I have added LAN then WAN access root@RaspiBolt:/home/admin# sudo ufw status | grep 8081

8081                       ALLOW       Anywhere                   # allow REST from all WAN Host (testnet)
8081                       ALLOW       10.1.1.0/24                # allow REST from LAN
8081 (v6)                  ALLOW       Anywhere (v6)              # allow REST from all WAN Host (testnet)

I think (?) this might be what you might have to add in lnd.conf??? restlisten=localhost:8080

[rocky3xr]

Hey,

1. I see you still have the same typo [Application Options] ebuglevel=info <---- should be debuglevel

2. I have the same issue with my IPS about 8080 port... However I thougt that, How is this affecting my problem if I'm in LAN? xD

I modified the lnd.conf and now it looks like this,

# RaspiBolt LND Mainnet: lnd configuration
 /home/bitcoin/.lnd/lnd.conf

[Application Options]
ebuglevel=info
debughtlc=true
maxpendingchannels=5
alias=RaspiBolt [LND]
color=#68F442

datadir=/home/bitcoin/.lnd/testnet/data
logdir=/home/bitcoin/.lnd/testnet/logs
listen=0.0.0.0:9735
rpclisten=localhost:11009
restlisten=localhost:8081
#tlsextradomain=my.fqdn
restlisten=192.168.1.2:8081
rpclisten=192.168.1.2:11009

[Bitcoin]
bitcoin.active=1

# enable either testnet or mainnet
bitcoin.testnet=1
#bitcoin.mainnet=1
bitcoin.node=bitcoind

[Bitcoind]
rpcuser=xxxxxxx
rpcpassword=xxxxxxxx
zmqpubrawblock=tcp://127.0.0.1:29000
zmqpubrawtx=tcp://127.0.0.1:29000

[autopilot]
autopilot.active=1
autopilot.maxchannels=20
autopilot.allocation=0.6

# use tlsextradomain ONLY if you have a static public FQDN
#tlsextradomain=xxxxxxxx.ddns.net

I wrote listen=0.0.0.0:9735 instead of 19735 because I have my LND there

I'm still not able to test the REST with lnd-LAN

[rocky3xr]

I succeed with LAN this is my lnd.conf

# RaspiBolt LND Mainnet: lnd configuration
# /home/bitcoin/.lnd/lnd.conf

[Application Options]
debuglevel=info
debughtlc=true
maxpendingchannels=5
alias=YOUR_NAME [LND]
color=#68F442

[Bitcoin]
bitcoin.active=1

# enable either testnet or mainnet
bitcoin.testnet=1
#bitcoin.mainnet=1

bitcoin.node=bitcoind

[Application Options]
rpclisten=localhost:10009
rpclisten=192.168.1.2:10009
restlisten=192.168.1.2:8081
restlisten=localhost:8081

[autopilot]
autopilot.active=1
autopilot.maxchannels=5
autopilot.allocation=0.6

I just needed to add restlisten=localhost:8081 to my previous conf

Now it's time to go with WAN. Let's see if I don't get crazy before I succeed xD

[robclark56]

Thanks for helping find the issue.

I will update the documentantion to add: restlisten=localhost:8080

[whiteyhat]

Thanks!