Oddbean new post about | logout
 I'm trying to understand Wireguard. Would I be setting it up on my node at home, then adding a connection to an IP I don't care about (like a VPS I pay for), and then the IP of the VPS I'm using would appear to be my node's IP? Or is there some magical thing happening where Wireguard, running on my node at home without any other servers, can someone obscure my home IP? 
 it is super easy to set up, you can literally be up and running in like 10 minutes. just install wireguard on your server, wireguard tools on your client, create the config files on both, and then put your client public key on server, start the tunnel and you're in business
 
 You just need a VPN into your local network. Then you can access your node like you are on your local network. You can run OpenVPN or WireGuard on any machine inside your network. Then, when you connect to that remotely, you will be "inside" your network. 
 Ok I think I see. So I would still need a VPN provider (I have one I pay for) and Wireguard is a superior client that can connect to that VPN provider. I was thinking there was some kind of magical tech that didn't involve any third party. 
 No, you dont need a "provider". You will be the provider 
 Oh my god. This sounds like magic and I'm simply not grokking. How would a peer node know how to find the service I'm providing? 
 My setup is entirely free.

WireGuard is a VPN protocol. You run the open source server somewhere on the network you want to get into and the client(s) on the devices you want to connect in using. You can do quite creative things with the config(s), but they pretty much mirror each other.

My IP is dynamic and I catch it using DuckDNS. 
 I understand this part: it is a VPN protocol and would run on same server as my nodes. The thing I don't understand is how any other Lightning peers would connect to me, unless they are also running a Watchguard client and I whitelist them. 
 But even then, a VPN endpoint needs an IP address. So instead of having my node IP showing, I'd have my Watchguard IP showing. (Which is also my home). 
 Your node won't be going through the VPN.. all the VPN will be doing is giving you access into your network from the outside.. your node will be connected however you would normally do it through clearnet, hybrid, tor, or i2p. 
 This was my point. If your LN node is already on public clearnet there’s no reason to not just use lightning itself to connect to your node. It’s basically the wireguard protocol anyways (noise). If it’s a tor-only node then yeah wireguard might make more sense since tor is shit. 
 Ok. I see the disconnect here. I'm currently running my nodes over Tor. It is shit. I'm considering going over clearnet for the nodes but not sure if I'm ready to share my home IP address. I believe all the suggestions were about how I could contact/admin my own node. I'm looking for options on how to change my node itself to no longer use Tor. 
It seems like clearnet is maybe the only option, or I could maybe build a ssh-style on a VPS IP address or whatnot. 
 Just use a Cloudflare tunnel if you don't want your IP public 
 Why not both? it makes more sense to only use the lightning network itself with onion messages without using the node clearnet ip & port. in the case of "direct" connection - isn't limit incoming clearnet node traffic only from the wiregaurd tunnel a better practice? 
 *limiting 
 A VPN coming into your local network has nothing to do with all the other devices connected to your internal network. Its just a way into your network