Bonus guide: Zap Desktop

The desktop app Zap is a cross-platform Lightning Network wallet focused on user experience and ease of use.

Difficulty: Easy

Status: Tested v3


Table of contents

  1. Preparations
    1. Update LND TLS certificate
    2. Firewall
    3. Install lndconnect
  2. Zap
    1. Installation
    2. Connection
    3. Security
  3. Update
  4. Uninstall


Update LND TLS certificate

We enable access to LND through Remote Procedure Calls (RPC), allowing the Zap Desktop application to communicate with LND directly. This access is restricted to devices on the local network.

  • With user “admin”, open the LND configuration file

    $ sudo nano ~/.lnd/lnd.conf
  • Add the following lines to the section [Application Options]. The netmask /16 restricts access to all computers with an IP address of 192.168.. (i.e., the local network).

    # Add local network IP address to LND's TLS certificate
  • Backup and delete the existing tls.cert and tls.key files and restart LND to recreate them.

    $ sudo mv ~/.lnd/tls.cert ~/.lnd/tls.cert.bak
    $ sudo mv ~/.lnd/tls.key ~/.lnd/tls.key.bak
    $ sudo systemctl restart lnd


  • Configure the UFW firewall to allow incoming requests from the local network only

    $ sudo ufw allow from to any port 10009 comment 'allow LND grpc from local LAN'
    $ sudo ufw status

Install lndconnect

We will connect Zap to the RaspiBolt using a connection string that includes the connection and authentication information. lndconnect, created by Zap, is a utility that generates a QR Code or URI to connect applications to LND instances.

  • Still with the “admin” user, download the binary and install it

    $ cd /tmp
    $ wget
    $ tar -xvf lndconnect-linux-arm64-v0.2.0.tar.gz
    $ sudo install -m 0755 -o root -g root -t /usr/local/bin lndconnect-linux-arm64-v0.2.0/lndconnect
    $ cd
  • Generate the connection string (the -i option include the local IP; the -j option generates a string rather than the default QR code)

    $ lndconnect -i -j
    > lndconnect://


Now that we configured the node, we can install Zap on the local computer and connect it to our node.


Download and install Zap for your operating system following this guide from Zap. Before installing Zap, you can verify the release following this guide.


  • Launch Zap
  • Choose the Connect to your node option
  • Paste the connection string generated above (starting with with lndconnect://...)
  • Add a wallet name (e.g., “MyRaspiBoltNode”)
  • Click “Next”. In the new window, check that the displayed IP belongs to your node, then click “Next”.


  • Go to “File” > “Preferences” > “Security” and enable the application password

You’re set! You can now use Zap on your computer to send and receive LN payments, open and close channels, and monitor your node.


Zap download and install updates automatically by default. If you want to disable the auto-update and update Zap manually:

  • Go to “File” > “Preferences” > “General”
  • Click on the autoupdate slider
  • Click “Save”


If you stop using Zap, it is safer to restrict access to LND gRPC. But make sure that no other program requires access to it (e.g., if you’ve installed Lightning Terminal with a remote connection to LND)

  • Open the LND configuration file and comment out the following two lines:

    $ sudo nano ~/.lnd/lnd.conf
  • Backup and delete the existing tls.cert and tls.key files and restart LND to recreate them.

    $ sudo mv ~/.lnd/tls.cert ~/.lnd/tls.cert.bak
    $ sudo mv ~/.lnd/tls.key ~/.lnd/tls.key.bak
    $ sudo systemctl restart lnd
  • Display the firewall status and note the number of LND grpc rule (e.g. below, X)

    $ sudo ufw status numbered
    > [...]
    > [ X] 10009                      ALLOW IN             # allow LND grpc from local LAN
    > [...]
  • Delete the rule. When prompted, check that you are deleting the desired rule and confirm.

    $ sudo ufw delete X

« Back: + Lightning