Introducing Tunnel⚡️Sats
Why should I use this service? 🚀
Providing Lightning ⚡ Services is about privacy, reliability, connectivity, speed and liquidity. Relying your node connectivity to a single service Tor is a risk regarding connectivity and network stability, as anyone running a lightning node can testify. With Hybrid1 connectivity, you offer your payment and routing services to be faster, more reliable, and yet, there is a privacy concern when you do it with your home-IP: you both expose your rough location of your node, potentially your home and your node’s system to attacks from the internet. With our solution Tunnel⚡Sats, you get the best of both worlds. Your node and home IP stays hidden, behind Tor and our VPS public IP address, which will be your node’s face to the public internet, is shared with other peers. You may see higher reliability causing not only higher uptime, fewer offline peer nodes but also greater routing numbers. This isn’t a promise, but an eventually expected outcome.
You also provide better user experience for customers actually using lightning as a payment system, which you could argue is the largest benefit.
Why choose Tunnel⚡Sats over other VPN providers? 🚨
Running a lightning nodes behind a VPN requires a range of features public VPN providers usually do not offer. Tunnel⚡Sats is specially designed for the lightning node use case in mind. So we pack up everything that’s needed:
-
anonymous payment method via Lightning (we don’t know the sender of the payment)
-
static VPN IP: no more disconnects due to changing VPN IPs and no hassle setting up Dynamic DNS
-
static forwarded ports: assign VPN’s port to your node config and you are good to go
-
secure VPN tunnels: we provide quantum-safe VPN tunnels using pre-shared keys
-
split-tunneling: we exclude everything else besides lightning p2p traffic from the VPN network. Contrary to “Tor over VPN”, this enables redundancy of connectivity over Tor for your node meaning: If Tor goes down, VPN still plays nice and vice versa (which should never happen).
What services are used? 🛠
We use premium VPS Services with tight SLAs and proven, recorded high uptime (99,99%). We also setup servers across different service providers to allow for switching in case something out of our control happens. We also setup tight monitoring systems for our VMs, with alert mechanisms and coverage by 3 people in operations. That said, we’re early in our offering and happily provide regular uptime metrics when we enter beta phase, to provide more objective reliability data here.
As payment backend we use LNBits for lightning payments, to send WireGuard config files via email we use our own mailserver and to provide this frontend React and WebSockets are being imported. As for the VPN endpoints, we make use of our own rented virtual servers from Digital Ocean (EU) and (US) with WireGuard Manager and API managing the WireGuard setup and accounts safely.
Which setups are supported? ✋
At present we successfully tested the following setups:
-
RaspiBlitz (LND / CLN) v1.8.0
-
Umbrel-OS (LND)
-
Umbrel-OS (CLN not yet recommended or be tech-savvy)
-
myNode (LND) v0.2.x
-
RaspiBolt (LND / CLN) (please see preconditions if your system or architecture differs from RaspiBolt guide)
For other setups please get back to us on Telegram to discuss if it’s viable to go with TunnelSats.
How does it actually look like, how am I connected?
See the current network setup in a comparison between your Tor only setup vs the new setup as a flowchart
More questions - or want to try it out? 🔗
Happy Routing, and feel free to reach out to us with Product ideas, questions or how to contribute for a better, faster, secure financial infrastructure for the future.