You don’t have to. Just add a bit of firewalling, use IPv6 exclusively, and give every user a strict IPv6‑only VPN tunnel dedicated to the Bitcoin/Lightning protocol. Maybe a bit more – you could use WireGuard, but roll it out with a Tailscale‑style configuration.

sure, not too much pain if you are good with routing tables and firewalls. I consulted gpt the last time I did it. opening ports for connections from the outside world takes balls and patience.

private channels are just the ones not announced via gossip. so the sender does not know how to reach your node and you need routing hints in your invoices.

SwapMarket

bitcoin

is there a VPN‑style service that lets me expose my Lightning node on Clearnet?

kidcamaleon

VPN WireGuard SSH tunnels are not a pain... and I think the question wasn't quite understood. VPN always provides outbound connectivity; we need inbound in this case. I'm looking for a solution, and if it works, it's all out of pure curiosity… my mind also needs to train a bit on private and public channels.