A Linux node can be used to set up as a MYST VPN node machine, in a home server, or in a data center.

Supported OS: Debian, Ubuntu, and Raspbian. Does NOT seem to work on KALI.

Install!

Option 1:

To install the MYST node type such commands into the terminal:

sudo apt install software-properties-common
sudo add-apt-repository ppa:mysteriumnetwork/node 
sudo apt-get update
sudo apt install myst

It has been noted sometimes the add-apt-repository command is not found. Click here for a quick fix for that!

Option 2:

We also provide an installation script written in bash which can be downloaded and executed using this command:

PG error “NO_PUBKEYhttps://zpenterprises.co/fix-gpg-public-key-error-no_pubkey-eccb6a56b22c536d/“?

You will probably run into this issue when installing the Mysterium Node:]

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ECCB6A56B22C536D

Check here how to fix the issues.

Latest non stable release

The latest non-stable releases include bug fixes and improvements that have not yet been pushed for the whole user base and are not guaranteed to work. You should run these releases at your own risk and should also consider backing up your .mysterium folder beforehand just in case.

To get them to check out our launchpad or GitHub releases.

Complete installation

Once the service is installed and running to finish the node installation continue to the NodeUI, where you’ll be able to set payout address, manage service settings and check node stats and connections. Instructions on how to find and use it can be found: here.

Also, make sure to claim your node in MMN to receive bounties. It can be found here. To receive your key, you’ll have to create an account when following the NodeUI onboarding process or add it later in the node settings.

If you can’t access NodeUI or the service is not working as expected, follow the below instructions on how to check service health, diagnose issues or add extra configuration.

Service health

Check service health

Post-installation service check:

sudo systemctl status mysterium-node.service

If everything is working you should see similar output to this:

mysterium@pop-os:~$ sudo systemctl status mysterium-node.service
● mysterium-node.service - Server for Mysterium - decentralised VPN Network
     Loaded: loaded (/lib/systemd/system/mysterium-node.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-01-04 00:00:00 GMT;
       Docs: https://mysterium.network/
   Main PID: 1920 (myst)
      Tasks: 30 (limit: 19009)
     Memory: 73.0M

View Node logs

Run the following command to diagnose issues:

sudo journalctl -u mysterium-node.service

To view the real-time daemon logs:

sudo journalctl -fu mysterium-node.service4

Save logs to a file

If your node is unable to report an issue through the built-in Node UI or TequilAPI, you may need to save the logs to a file and send them to us via [email protected].

sudo journalctl -u mysterium-node.service > node.logs

Advanced configuration (optional)

Get current config

When your node is running you can print the config that it has currently loaded by executing:

myst config show

This config can be altered in several ways, which we’ll cover below.

Editing the config file

On initial start-up, the node will create a config file that can be edited. The config is located in: /etc/mysterium-node/config.toml.

Any text editor can be used to edit this file. As it’s a .toml file formatting and indentation are very important. For further reading follow the official toml guide.

Altering startup options

Editing start-up options instead of the config.toml file have one crucial benefit: start-up service options overwrite any default or config.toml edited config values and become a single source of truth that cannot be changed at runtime.

A node typically runs as a systemd service, you can find the .service file by inspecting the service, which you can do by running:

systemctl status mysterium-node.service | grep Loaded

The output of this command will be something similar to:

Loaded: loaded (/lib/systemd/system/mysterium-node.service; enabled; vendor preset: enabled)

The file location we can see in parentheses is our .service file location. If you now inspect that file using 

cat /lib/systemd/system/mysterium-node.service 

you will find a line similar to this:

ExecStart=/usr/bin/myst $CONF_DIR $SCRIPT_DIR $DATA_DIR $RUN_DIR $DAEMON_OPTS service --agreed-terms-and-conditions $SERVICE_OPTS

This is the line that gets executed when we start up the Node service. Here we’re mainly interested in variables that are passed to this command (variables are the strings that start with $ sign for example $CONF_DIR). These variables are defined in a file which is located in: 

/etc/default/mysterium-node

To edit the node configuration and launch options we want to edit the variable $SERVICE_OPTS adding additional flags to it, which will get passed to our node once it’s started. For example, if we wanted to change our openVPN and wireguard default ports we would replace it with this:

SERVICE_OPTS="--openvpn.port 4443 --wireguard.listen.ports 52820:53075 openvpn,wireguard"

Note that $SERVICE_OPTS the variable should always finish with openvpn,wireguard so any configuration you want to add must go before that.

To get the full list of configuration options execute: 

myst --help

Loading the new config

In most cases a simple service reloads should be enough. You can do that by running:

sudo systemctl restart mysterium-node.service

After running the restart the command makes sure to check the service health and currently running-config using previously mentioned commands.

If the node is refusing to restart and load the changes you’ve made, you can try to restart systemd daemon itself by running systemctl daemon-reexec

Once the installation is complete, check your service status:

 sudo systemctl status mysterium-node service

Once finished, click the CLAIM button below to continue.

MISC support related issues:

I was running into an issue with the following error on some random machine:

Err:1 http://deb.debian.org/debian unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
E: The repository 'http://deb.debian.org/debian unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9

Now, re-try:

 sudo apt-get update && sudo apt install myst

I added some extra repositories with the Software Sources program. But when I reload the package database, I get an error like the following:

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 8BAF9A6F (or any other key)

Execute the following commands in terminal

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>

where <PUBKEY> is your missing public key for the repository, e.g. 8BAF9A6F.

Then update

sudo apt-get update

ALTERNATE METHOD:

sudo gpg --keyserver pgpkeys.mit.edu --recv-key  <PUBKEY>
sudo gpg -a --export <PUBKEY> | sudo apt-key add -
sudo apt-get update

Note that when you import a key like this using apt-key you are telling the system that you trust the key you’re importing to sign the software your system will be using. Do not do this unless you’re sure the key is really the key of the package distributor.

Related:

A Linux node can be set up as a MYST VPN node machine, in a home server, or in a data center.

Supported OS: Debian, Ubuntu, and Raspbian. It does NOT seem to work on KALI.

Install!

Option 1:

To install the MYST node, type such commands into the terminal:

sudo apt install software-properties-common
sudo add-apt-repository ppa:mysteriumnetwork/node 
sudo apt-get update
sudo apt install myst

It has been noted sometimes, the add-apt-repository command is not found. Click here for a quick fix for that!

Option 2:

We also provide an installation script written in bash which can be downloaded and executed using this command:

sudo apt-get install curl
sudo -E bash -c "$(curl -s https://raw.githubusercontent.com/mysteriumnetwork/node/master/install.sh)"

In addition to downloading and installing our Node, this command will also install additional required dependencies like WireGuard if you don’t have it already.

Once the installation is complete, check your service status.

PG error “NO_PUBKEY”?

You will probably run into this issue when installing the Mysterium Node:]

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ECCB6A56B22C536D

Check here how to fix the problems.

Latest non-stable release

The latest non-stable releases include bug fixes and improvements that have not yet been pushed for the whole user base and are not guaranteed to work. You should run these releases at your own risk and should also consider backing up your .mysterium folder beforehand, just in case.

To get them to check out our launchpad or GitHub releases.

Complete installation

Once the service is installed and running to finish the node installation continue to the NodeUI, where you’ll be able to set payout address, manage service settings and check node stats and connections. Instructions on how to find and use it can be found: here.

Also, make sure to claim your node in MMN to receive bounties. It can be found here. You’ll have to create an account when following the NodeUI onboarding process or add it later in the node settings to receive your key.

If you can’t access NodeUI or the service is not working as expected, follow the below instructions on checking service health, diagnosing issues, or adding extra configuration.

Service health

Check service health

Post-installation service check:

sudo systemctl status mysterium-node.service

If everything is working, you should see similar output to this:

mysterium@pop-os:~$ sudo systemctl status mysterium-node.service
● mysterium-node.service - Server for Mysterium - decentralised VPN Network
     Loaded: loaded (/lib/systemd/system/mysterium-node.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2021-01-04 00:00:00 GMT;
       Docs: https://mysterium.network/
   Main PID: 1920 (myst)
      Tasks: 30 (limit: 19009)
     Memory: 73.0M

View Node logs

Run the following command to diagnose issues:

sudo journalctl -u mysterium-node.service

To view the real-time daemon logs:

sudo journalctl -fu mysterium-node.service4

Save logs to a file

If your node cannot report an issue through the built-in Node UI or TequilAPI, you may need to save the logs to a file and send them to us via [email protected].

sudo journalctl -u mysterium-node.service > node.logs

Advanced configuration (optional)

Get current config

When your node is running, you can print the config that it has currently loaded by executing:

myst config show

This config can be altered in several ways, which we’ll cover below.

Editing the config file

On initial start-up, the node will create a config file that can be edited. The config is located in: /etc/mysterium-node/config.toml.

Any text editor can be used to edit this file. As it’s a .toml file, formatting and indentation are very important. For further reading, follow the official toml guide.

Altering startup options

Editing start-up options instead of the config.toml file have one crucial benefit: start-up service options overwrite any default or config.toml edited config values and became a single truth source that cannot be changed at runtime.

A node typically runs as a systemd service, and you can find the .service file by inspecting the service, which you can do by running:

systemctl status mysterium-node.service | grep Loaded

The output of this command will be something similar to:

Loaded: loaded (/lib/systemd/system/mysterium-node.service; enabled; vendor preset: enabled)

The file location we can see in parentheses is our .service file location. If you now inspect that file using 

cat /lib/systemd/system/mysterium-node.service 

you will find a line similar to this:

ExecStart=/usr/bin/myst $CONF_DIR $SCRIPT_DIR $DATA_DIR $RUN_DIR $DAEMON_OPTS service --agreed-terms-and-conditions $SERVICE_OPTS

This is the line that gets executed when we start up the Node service. Here we’re mainly interested in variables that are passed to this command (variables are the strings that start with the $ sign, for example $CONF_DIR). These variables are defined in a file which is located in: 

/etc/default/mysterium-node

To edit the node configuration and launch options we want to edit the variable $SERVICE_OPTS adding additional flags to it, which will get passed to our node once it’s started. For example, if we wanted to change our openVPN and wireguard default ports we would replace it with this:

SERVICE_OPTS="--openvpn.port 4443 --wireguard.listen.ports 52820:53075 openvpn,wireguard"

Note that $SERVICE_OPTS the variable should always finish with openvpn,wireguard so any configuration you want to add must go before that.

To get the complete list of configuration options, execute: 

myst --help

Loading the new config

In most cases, a simple service reloads should be enough. You can do that by running:

sudo systemctl restart mysterium-node.service

After running the restart the command makes sure to check the service health and currently running-config using previously mentioned commands.

If the node is refusing to restart and load the changes you’ve made, you can try to restart systemd daemon itself by running systemctl daemon-reexec

Once the installation is complete, check your service status:

 sudo systemctl status mysterium-node service

Once finished, click the CLAIM button below to continue.

MISC support related issues:

I was running into an issue with the following error on some random machine:

Err:1 http://deb.debian.org/debian unstable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
E: The repository 'http://deb.debian.org/debian unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9

Now, re-try:

 sudo apt-get update && sudo apt install myst

I added some extra repositories with the Software Sources program. But when I reload the package database, I get an error like the following:

W: GPG error: http://ppa.launchpad.net trusty InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 8BAF9A6F (or any other key)

Execute the following commands in terminal

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>

where <PUBKEY> is your missing public key for the repository, e.g. 8BAF9A6F.

Then update

sudo apt-get update

ALTERNATE METHOD:

sudo gpg --keyserver pgpkeys.mit.edu --recv-key  <PUBKEY>
sudo gpg -a --export <PUBKEY> | sudo apt-key add -
sudo apt-get update

Note that when you import a key like this using apt-key you are telling the system that you trust the key you’re importing to sign the software your system will be using. Do not do this unless you’re sure the key is really the key of the package distributor.

Related: