Guide: Watchtower setup on myNode

Place for guides, manuals and other tips.
Post Reply
User avatar
Wiredancer
Jr. Member
Posts: 81
Joined: 28 Aug 2021, 05:01
Location: New Zealand
URL: https://lntxbot.com/@wiredancer
Contact:

Guide: Watchtower setup on myNode

Post by Wiredancer »

A watchtower monitors the bitcoin blockchain for any transaction attempting to steal from it`s client by closing a channel with a previous, invalid state. If a breach is found the watchtower (server) immediately broadcasts a punisher transaction moving all funds in the channel to the on-chain wallet of it`s client.

If there are two nodes in your control from lnd v0.7.0 you can set them up to look out for each other. Best to be done with nodes in two separate physical location so any unexpected loss of contact can be covered for.

You need to have two nodes in order to benefit from Watchtower use. One node Watchtower (server) and second node being watched (client). Two nodes can both be setup as watchtower and client and watch each other. Also note that watchtower is mainly useful if your node is going to be offline for longer period, that is when someone could try to use the invalid state of channel. If your node is online, its watching itself!

To turn on Watchtower (server) move the slider in your Lightning Wallet section.
Image

After reboot you will see your watchtower URI in the Lightning wallet section. This link you give to the CLIENT who is to benefit from your Watchtowers protection.

Open port 9911 which is used for Watchtower communication.

Code: Select all

sudo ufw allow 9911 comment "watchtower"
In your lnd.conf you should now have watchtower section as follows:

Code: Select all

[Watchtower]
watchtower.active=1
If you also want your node to be client and receive protection from other node add the following line to your lnd.conf in the watchtower section.

Code: Select all

wtclient.active=1
This will trigger another reboot, but after your node is back online is is both active watchtower and client ready to connect to another tower for protection. To connect you will need URI of the other watchtower which is going to monitor you and add it in the terminal. SSH to your node and type following (tor address is fine).

Code: Select all

lncli wtclient add <watchtower-pubkey>@<host>:9911
You can check the client status:

Code: Select all

lncli wtclient towers
If you see this your tower successfully connected (please note sometimes it may take a bit of time):

Code: Select all

"active_session_candidate": true,
Optional: You can increase log level to see more detailed information about the watchtower:

Code: Select all

lncli debuglevel --level=WTWR=debug,WTCL=debug
Optional: To continuously monitor status of your TOWER CLIENT (WTCL) connection:

Code: Select all

sudo tail -f -n 10000 /var/log/lnd.log | grep WTCL
or

Code: Select all

sudo tail -f -n 10000 /var/log/lnd.log.1 | grep WTCL
Optional: To continuously monitor status of your WATCHTOWER SERVER (WTWR):

Code: Select all

sudo tail -f -n 10000 /var/log/lnd.log | grep WTWR
or

Code: Select all

sudo tail -f -n 10000 /var/log/lnd.log.1 | grep WTWR
Watchtower server is able to monitor multiple client nodes, but it is advised against sharing your tower URI publicly to avoid possible flood / ddos attacks.

Optional: You can run following commands to see all options.

Code: Select all

lncli wtclient --help
or

Code: Select all

lncli tower --help
Congratulation!

Guide has been originally posted here: https://www.lightningnode.info/advanced ... watchtower
Tested on Raspi4 32/64bit 8GB RAMM, myNode 0.2.41

Happy routing!
Did you find my post helpful?
Why not send me few sats?
:arrow: Get LN QR code.
Happy routing!
Post Reply