My lightning node is a node that is running locally on my server hardware in my house down under, far from the New Jersey Digitalocean datacenter, which is what will come up if you look up the ip of the node. This is done via an OpenVPN tunnel from your local machine to a VPS. I am doing this by renting a VPS from Digitalocean for $20 a month (2 vCPUs, 2GB RAM) running Ubuntu 18.04. You can do this just as easily on a $5 a month VPS with 1 vCPU and 1GB RAM or even a $2.50 a month VPS from Vultr with 512MB RAM. I needed the extra power because I have many web services running there as well.
This setup allows me to have a highly available lightning node, not affected by my home IP address changing. If you are using a mobile connection or have a CGNAT, you wont be able to port forward for your lightning node. You can also use this to make a portable lightning node, which can get you a full lightning node wherever you have power and internet, without having to mess with network settings. If you don't want others to know your home IP, this is a good option for privacy.
Setup a local lightning node, preferably on a linux machine. I followed the Raspibolt tutorial (with some tweaks) on a 2 vCPU and 8GB RAM VM running Ubuntu 16.04.
Get a VPS with a static IP address. Digitalocean and Vultr VPSs already are. This VPS wont need much power, so get the cheapest one you can.
Secure the VPS. I used this tutorial. Essentially, setup a non root user, use ssh keys, and setup ufw. Also make sure to allow port 9735 through ufw for lightning. I also additionally made adjustments to the ssh config and installed fail2ban.
Setup an OpenVPN server on the VPS. I used this tutorial.
Install on OpenVPN client on the local linux machine and connect to the server. The tutorial from step 4 shows how to this. Keep this connected for step 6.
SSH into the VPS and figure out the OpenVPN IP address of the client. It should be 10.8.0.x. To figure out the x, setup a simple python web server or something on the local machine on port 8000 or something and open the port on ufw in the local machine. Keep the OpenVPN connection, and use a new ssh session when accessing your local machine. Don't kill the OpenVPN connection, as it may complicate things when finding the ip.
echo hello >> index.html
sudo ufw allow 8000
python -m SimpleHTTPServer 8000
SSH back into the VPS. Run the curl command below, and try all the numbers between 2-10 for x. When you get hello as your output, then you found the right IP. I found mine at 6. You may have to try higher numbers, but this is unlikely. You can kill your python webserver on your local machine once you find it.
Once you have the IP, you want to make this static, so it doesn't change when you reconnect. This is done on the VPS side, so ssh back into the VPS. This tutorial worked for me. Just make sure to change values like the CommonName and and the IP to match yours (client1 and 10.8.0.x). If it doesn't work search "make openvpn ip static" and look around.
SSH into your local machine, and make the OpenVPN connection persistent. You can kill the OpenVPN connection now. Doing this and this worked for me. If it doesn't work search "openvpn keepalive" or "openvpn auto connect linux" or "make openvpn connection persistent linux".
Restart your local machine, and make sure it connects on boot. Do the python webserver test again, and make sure the same ip is shown on the VPS, and it is still accessible.
SSH back into the VPS. Now, you have to port forward with iptables. you have to add the 2 lines below starting with -A PREROUTING in the same place in your /etc/ufw/before.rules file. Here is what mine looks like. Change the x to your OpenVPN IP. Do sudo ufw disable and sudo ufw enable to restart ufw to update your changes.
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp –dport 9735 -j DNAT –to-destination 10.8.0.x:9735
-A PREROUTING -i eth0 -p udp -m udp –dport 9735 -j DNAT –to-destination 10.8.0.x:9735
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
SSH into your local machine. Change your lnd.conf to match with this setup, like changing the externalip. Here is what my config looks like, a slight tweak from the Raspibolt one:
Do a sudo service lnd restart to restart lnd and apply the changes. Remember to do a lncli unlock after any restarts. Your lnd node should now have a public static ip. Look it up a few hours after you do this on 1ml, your ip should be the one of your VPS now.
I am monitoring this for free with uptimerobot. It will notify you if it has gone down. So far mine has been running for 3 days and hasn't gone down.