If I understand correctly, tailscale or any self hosted wireguard VPN allows for users to obfuscate their private IP with a fixed static public vpn ip.
Can lightning nodes be successfully run behind tailscale or a private VPN rather than tor? Goal would be elimination of the unreliable tor with the privacy of a static vpn.
If so are there any easy instructions that would walk users through the migration of a tor node to a tor + vpn clearnet node?
this is along the lines of what i am thinking: wireguard server on linode instance. wireguard client on home node. All traffic is routed to linode instance and public IP of node is the linode wireguard server. if wireguard goes down then only tor traffic is permitted
reply
Minor nit: wireguard is p2p, so all instances are peers (no client/server), but you clearly have a grasp of the overall concept
Here’s a guide that may help (ignore the multiple node pieces of that doesn’t apply to you):
reply
117 sats \ 0 replies \ @gd 9 Nov 2022
Yes, I believe this is totally possible and would decrease latency in pathfinding!
reply
Umbrel has a Tailscale app. Install it and "create an account" by linking a GitHub/Google account. You can make a burner account just for authentication with Tailscale.
After this, you have created a VPN with only your umbrel on the network.
You can install Tailscale on a cheap VPS running linux.
You should now have a VPN with two devices (umbrel and server). You can create a subdomain pay.example.com and point it to the server's public IP. Then on the server, create a reverse proxy (using caddy, nginx, apache, etc) that forwards the subdomain traffic to the Umbrel's Tailscale IP. You'll need to proxy through all the ports LND needs. Might also need to modify lnd.conf with the server's IP so LND can announce itself using the public server address. Could also proxy ports for different apps on your umbrel. If you wanted to serve mempool app publicly for example.
With this setup, your node will broadcast only the IP of the server (not your actual node's IP). Tailscale's coordination servers technically know the IP of your node, but all traffic flowing through Tailscale servers is encrypted so they have no way to know that your devices are doing anything related to Bitcoin. You can bypass Tailscale servers by self-hosting a Headscale coordination server, or by setting up wiregaurd tunnels manually.
reply
If I understand correctly, the main issue with any VPN is where is going to run, you need a VPS and this VPS need to be pay without any KYC, email and pay with crypto.
PD: Any recomendation for a VPS without KYC and paid with sats?
reply
your ip is exposed to the vps and your ip is linked to your identity so there probably isn't that much need to be "KYC free" from a payment perspective on your vps.
in fact you link your bitcoin to your ip by paying with bitcoin for a vps that is directly linked to your IP. much rather link my credit card to my home IP since my home ip is already linked to me.
reply
You can't get a public IP address with Tailscale, it's a private network. Don't know about wireguard.
reply
Tailscale is an identity management solution for wireguard. Here’s a good overview of it and many alternatives:
reply