Guide - ZeroTier on RaspiBlitz
ZeroTier
ZeroTier connects your online devices together using end to end encryption. It can be used to connect your phone running a bitcoin wallet to your RaspiBlitz bitcoin node.
You will make a my.zerotier.com account, install ZeroTier on your RaspiBlitz and Phone, authorise the devices and connect your wallet.
ZeroTier Account
Use simplelogin to create a new email address, make a new GitHub account with this email, set up 2FA and use it to sign up to ZeroTier.
View your network management page https://my.zerotier.com/network and copy your ZeroTier Network ID
ZeroTier Service on RaspiBlitz
SSH into your RaspiBlitz node and in node settings / options enable ZeroTier and follow the setup. You will be prompted to enter your ZeroTier Network ID.
ZeroTier on Mobile
You can only run one system managed VPN at a time, so check that there is no other VPN running on your phone. If you are using the CalyxOS Android operating system you can create a work profile to isolate your bitcoin wallets in a separate profile which has ZeroTier installed.
Download the ZeroTier app from your app store and follow the setup. You are prompted to enter your ZeroTier Network ID. In settings enable Use Cellular Data. Toggle the VPN on (1) and wait until the status indicator at the bottom of the screen reads ONLINE (2).
Device Authorisation
In your ZeroTier admin panel (my.zerotier.com/network/) click the check boxes to authorise these devices into your private ZeroTier network.
Your devices will be automatically assigned Managed IPs.
Connecting to Zeus
In the RaspiBlitz menu select the CONNECT option then select MOBILE then ZEUS_CLREST.
Wait until the QR code is shown then press enter to show the second QR code (the string to connect over LAN).
In Zeus Node configuration
- Change LND to c-ligtning-REST
- Press the SCAN C-LIGHTNING-REST QR button and scan the QR code shown in your RaspiBlitz terminal.
- Name your configuration RaspiBlitz ZeroTier
- Change the Host to the ZeroTier RaspiBlitz managed IP address (see commend in green box above). It should start with https://
Press save node config.
Complete
Your Zeus wallet is now connected to your RaspiBliz
Privacy
The ZeroTier server (my.zerotier.com) knows your IP addresses but the packets are end to end encrypted. The private keys to decrypt the packets never leave your devices.
Alternative Methods
There are other ways to connect your mobile wallet to your home node.
Tor
Tor can connect your bitcoin wallet to your node, even if they are on different networks, using an onion service. There is no signup requirement and no central party coordinating the connections. When it works, it is hard to beat. Unfortunately tor is vulnerable to denial of service attacks which have reduced network reliability. This can cause long delays when loading a bitcoin wallet to make a payment or check a balance. It is useful to have an alternate connection option ready to use if tor is unavailable.
Manual Configuration
A technical person could set a static IP address, configure their network firewall and open public-facing ports. For a non technical person this can be hard, and opens your home network to attack from the outside.
Lightning Node Connect
A new system called Lightning Node Connect is under development which simplifies the connection between a node and a web or mobile application. It will be for LND users only and will also require LITD/Lightning terminal.
Tailscale
Similar in practice to Zerotier, easy to install on an Umbrel. Guide
Thank you to Selfbankt, BitcoinQnA and Evan Kaloudis for their feedback and suggestions.
Thank you for reading. If you enjoyed this post please share it.
Ben
