Running a Lightning node at home is the heartbeat of the decentralized network, but exposing your physical Home IP address to the internet introduces significant DDoS and privacy risks. Tor gives you anonymity, but costs you the lightning-fast gossip and settlement speeds of Clearnet.
Enter Hybrid Routing with Tunnel⚡Sats.Enter Hybrid Routing with Tunnel⚡Sats.
We are beyond excited to announce the launch of Tunnel⚡Sats v3.1.0, built seamlessly for the new immutable umbrelOS architecture. Setup takes seconds, and the app programmatically intercepts and tunnels only your LND or Core Lightning traffic through our global, high-performance WireGuard exit nodes. It's the ultimate privacy shield without compromising your entire Umbrel's network traffic.
Why Hybrid Routing MattersWhy Hybrid Routing Matters
With TunnelSats, you maintain the anonymity of Tor while peering and routing payments with the absolute speed of Clearnet. It just works.
- Zero Exposure: Your home IP is hidden behind our global VPN servers.
- Targeted Tunneling: We strictly route LND/CLN. Your other self-hosted apps stay untouched.
- NWC Renewals: Link your subscription on our dashboard using Nostr Wallet Connect, and your node pays for its own VPN.
🚀 Install the Community App Today🚀 Install the Community App Today
We are working diligently to be approved for the official Umbrel App Store under the Bitcoin category. But you don't have to wait.
Install it manually from our Community App repo right now:
👉 https://github.com/Tunnelsats/ts-umbrel-app
We’re keen to hear your feedback! If things aren't going as planned or you want to request a feature, drop us an issue on our GitHub Repo or reply to this note.
🔌 Built By The Community, For The Community🔌 Built By The Community, For The Community
Our Umbrel App is entirely open-source. What makes the Lightning Network so incredibly resilient is the community of builders, reviewers, and node runners behind it. We want to keep that ethos alive!
We invite everyone to review our code, battle-test our implementations, and contribute to the project. Whether you are finding edge cases, improving the UI, or extending the bash tooling, your feedback makes the entire ecosystem stronger.
Want to get your hands dirty and help us build? Check out our developer documentation and get started today:
👉 Read our DEVELOPING.md on GitHub
Keep stacking, keep routing, stay private. ⚡
Website: tunnelsats.com
API Docs: api.tunnelsats.com
System Status: status.tunnelsats.com
Yay!!! Haha no more manual installs?
Yay indeed!!
You can continue the manual process, in case you gonna miss it.
But as soon umbrel launches v1.6, manual installs only survive until the next reboot. So the App was a bit of a necessity, too.
The hybrid routing angle is the right call technically, but there's a subtlety most node runners miss about why this matters beyond just speed.
WireGuard's 1-RTT handshake completes in roughly 1ms on a clean connection. Tor circuit establishment takes 3 round trips across 3 hops, so you're looking at 300-800ms just to set up the tunnel before any Lightning traffic flows. For HTLC forwarding, that latency difference isn't just about user experience. It's about routing fees.
When your node takes 2+ seconds to respond to an HTLC, pathfinding algorithms start routing around you. Your channels stay open but your forwarding volume drops because senders' implementations (LND, CLN, eclair) all have timeout thresholds where they penalize slow nodes in their mission control scoring. Tor-only nodes effectively get de-prioritized in the network graph without anyone explicitly blacklisting them.
The other piece worth flagging: Tor exit nodes are a known correlation attack surface. If an adversary controls both the entry guard and the exit relay your circuit passes through, they can correlate timing patterns on HTLC settlements to deanonymize your node's real IP anyway. WireGuard through a single trusted VPN endpoint actually has a smaller trust surface than Tor in that specific threat model, because you're trusting one party (TunnelSats) instead of trusting that none of the 3 relay operators are colluding.
Does the v3.1.0 update handle the case where the WireGuard tunnel drops mid-HTLC? Specifically, does it fail closed (reject the HTLC) or fail open (fall back to clearnet and potentially leak the home IP)?