multiplayer onion > TEG


TEG or “Tenes Empanadas Graciela” is a turn-based strategy video game which is played through a server / client system.

Whonix 14 is what this guide is about regarding when you host a TEG server. If you are only a player it shouldn’t matter much what Whonix version you run, though Whonix 13 is no longer supported so try to run version 14 if you can.
You can play the game even if you aren’t running Whonix 14, but this guide will focus mostly on that and specifically running Whonix 14 on VirtualBox.


If you are on Whonix 14 you first need to install teg so type this in a terminal:

sudo apt-get install teg (if it asks for a password type “changeme” if you haven’t changed it already and hit enter)

After it’s installed open up the game from the system menu “K” => Applications => Games => Tactics & Strategy => Tenes Empanadas Graciela client or type this in a terminal window:

When it starts it should open a “Connect to server” window. Otherwise open it from the menu “Game” => “Connect” or press “Connect”.

If it already says “2000” in the Server port field leave it as is.
Where it says “Server name” add the onion address, ie. w7jnpxhu3re5qarr.onion
Then choose a “Name” in that field for your playername and you’re good to go, press OK if you want to join the server.

In case you are the shy type hit the checkbox “Dont play, just observe” and then hit the OK button. This concludes this guide…if you want to host a teg server continue reading the guide by following the instructions below.


The initial setup is based on instructions from the Whonix Wiki called “Onion Services

Go to the VirtualBox Whonix Gateway 14.x >>

and open up a terminal and type
sudo kwrite /usr/local/etc/torrc.d/50_user.conf (after which you type your password which if not changed from the original is “changeme”)
and modify that file so it looks
like this:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 2000

DisableNetwork 0

Save and close the file. For the changes to take effect open a terminal and type this command:
sudo service tor@default reload (enter the password mentioned previously if it asks for it)

To check if everything is ok type this command in a terminal:
sudo service tor@default status (enter the password if it asks for it)

If it says “Active: active (running) since” where “active (running)” should be in green, that means everything is just fine. If something went wrong please troubleshoot

Now it’s time to find out which .onion address you can share with your friends so open up a terminal and type the command:
sudo cat /var/lib/tor/hidden_service/hostname (might ask for password)

The output of that command should be an .onion address with alphanumeric characters like this example that you can share with your friends so they can play on your server:

Everything you did here was in Whonix Gateway 14. Now it is time to go to Whonix Workstation 14 to edit the firewall!

Go to the VirtualBox Whonix Workstation 14.x >>

Open a terminal and type this command:
sudo kwrite /etc/whonix_firewall.d/50_user.conf (enter the password if it asks for one)

then enter this:
EXTERNAL_OPEN_PORTS+=" 2000 " and save.
in case you already have a webserver on port 80 and you also want to have this
game server then just change it to

Now time to reload the firewall so type this command for that:
sudo whonix_firewall (enter the password if it asks for it)

Ok…now we are ready to begin starting the actual game server software because most of the previous section was related to setting up your whonix gateway so let’s begin!

Still in the Whonix Workstation 14.x open a console and type:

The server is running now and you can share the .onion address that you got earlier.
In this example it is w7jnpxhu3re5qarr.onion but for you it will(most probably) be different. If you do these instructions too quickly the link that was generated for you might not work…in such a case you will have to be more patient and wait until your onion link has been copied enough times across the Tor network. Patience is a good attribute :wink: when dealing with Tor.

“Some DDOS protection” guide

Very basic protection against DDOS attacks done versus your server so follow this guide if you want to abandon the ‘single point of failure’ that is your only .onion address that all your players know(as of the previous “normal guide”). This section is to protect you against at least 1 bad player who wants to ddos your game server(regardless of reason). Let’s get to how this extra protection is gonna be set in motion:

Go to the VirtualBox Whonix Gateway 14.x >>

and open up a terminal and type
sudo kwrite /usr/local/etc/torrc.d/50_user.conf (after which you type your password which if not changed from the original is “changeme”)
and modify that file so it looks
like this:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 2000

#1234567890123400 ends with 00 because this I plan to be the 'public address'
#In the event the server gets a ddos attack the public address should be disabled
#and if not done already give individual players that you trust
#the addresses that are generated from the numbers ending with 01,02 etc.
#max amount of addresses is until 1234567890123415 is reached because that amount+00
#means 16 different .onion addresses which is the current max 
#on this specific anti ddos design
HiddenServiceAuthorizeClient stealth 1234567890123400,1234567890123401,1234567890123402,1234567890123403,1234567890123404,1234567890123405,1234567890123406,1234567890123407,1234567890123408,1234567890123409,1234567890123410,1234567890123411,1234567890123412,1234567890123413,1234567890123414,1234567890123415

#The above long line is a total of 16 numbers. If you add another number 
#Tor will refuse to reload so stick with 16.

#not sure if we really need "DisableNetwork 0" but let's leave it as is. I didn't have it before but I re-added it just in case it is needed.
DisableNetwork 0

Save and close the file. For the changes to take effect open a terminal and type this command:
sudo service tor@default reload (enter the password mentioned previously if it asks for it)
or open the K menu, search for reload and click on “Reload Tor”(this is basically sudo service tor@default reload + sudo service tor@default status in one go)

Now it’s time to find out which .onion addresses you can share with your friends so open up a terminal and type the command:
sudo cat /var/lib/tor/hidden_service/hostname (might ask for password)

Since I’m going to regenerate all my .onion addresses by making new ones I’m posting what this might actually look like when you try it yourself. Your ‘player invites’ will look something like this:

aokofajrpe4g2zrf.onion QlQlXlPdXyTUf6WIOf1tfR # client: 1234567890123400
3wsajgpzqxytcsjo.onion Whi+D0Y/352YqMK3uTJNWx # client: 1234567890123401
umaenixqbqevdk5a.onion TE1Biv1JFjveN/mQqWOmSh # client: 1234567890123402
gwumcsrrfkc3kne5.onion VYzN3LVk9DVhbp3TRQuDXB # client: 1234567890123403
vuhiosfqgegorbkh.onion P5ns2xtCC+VJAVeW3FrC+x # client: 1234567890123404
jye4cftpe6xq2eka.onion vnCPwf6RWWMkv9iCKDZHlh # client: 1234567890123405
gvzl37orywkzxtr7.onion H+izJm1pwnt+FMdJnL2MWh # client: 1234567890123406
hdtjcfdpcnnnxws3.onion H6XIO5+ts0mz2AtBcbEJOx # client: 1234567890123407
gdgj2p5k7jqgv3k7.onion RvnG94Blww6jDLSpQSZW1B # client: 1234567890123408
6np4ynkdqg7e2cmx.onion X1st9nX4486nwJ9LmbJDNx # client: 1234567890123409
ywabarc6ziuwdhbl.onion ym9me7GXGUctLJwTgyWhgh # client: 1234567890123410
agyinmgx7qeodrx2.onion 6YUDbaghoXr0LWSoso7MeR # client: 1234567890123411
6xsjhpgrmf2rbnka.onion JP7giIIzLmhhn2r3EcbWWB # client: 1234567890123412
5fixfx3mvvj5cu7u.onion wmxp4ZoPmFb31WoCS2d/8B # client: 1234567890123413
rczg4s5reivwhd7p.onion pl/3phzLLB4hHsknnfOOxB # client: 1234567890123414
yl6ulm2lzvtsvdfx.onion G0v/YtNeaCgBuvFw6QfTTR # client: 1234567890123415

I posted the above because I’ve already changed the client numbers for all my 16 addresses already to begin with and reloading Tor after changing something in your client numbers makes Tor regenerating a new address for each of those 16 possible clients/‘groups of players’ where you changed an id. Right now I don’t have the above addresses so I took the step to post how it actually looked like when I followed the guide myself and that’s what you see above. Also when Tor generates new addresses it also generates the ‘gibberish’ that you see right next to each .onion address, let’s take the .onion address yl6ulm2lzvtsvdfx.onion as an example. To the right of that address there is this number “G0v/YtNeaCgBuvFw6QfTTR” which is going to be explained later in this guide.

The guide will be expanded on later but for now cheers and don’t forget that if you’re interested in the guide you can subscribe to the thread or like the post. Thanks


This guide wouldn’t be possible without Tor Onion Services - EASY guide


If this is a libre game please feel free to add your guide to this page on our wiki:


According to wikidata page for teg the game is an instance of free or open-source video game (Q21125433) and the license is GPLv2 as claimed on aforementioned item page for teg

Onion Service Authentication


My next plan is to learn this technology to use as a ddos protection against potential future ddos attacks(by irritated players, although I hope the games I host won’t make players irritated), probably starting with a game I’m interested in hosting(teg or another game I find more interesting). My aim is to write a full fledged guide from start to finish for a specific game. Then when that guide is finished(or in the works) I could link to it from Onion Services Guides

I’ve decided against moving it to the wiki as of yet. You are free to though. I need to put in serious work before linking from the wiki I think…and I also need to make a basic popularity test to see how many actually are going to use the service, so I think it’s wise to use the tactic ‘wait and see’


Interesting! That takes gameplay moderation to a whole new level :slight_smile:

Ready when you are. No rush.


Ok, I’m gonna add it, but in such a case it will be the longest guide on the entire page. I was thinking about adding a == Multiplayer Games == which is kinda contradictory since I’m only adding one game at the moment. I’m hoping though to add more multiplayer games in the future. If I set a deadline myself for when I’ll not only finish this guide but also add another game, I’d say I’ll be finished before this year ends.(in which case a == Multiplayer Games == section could make more sense than what I propose currently)


Makes sense. Sure go ahead and create a separate section. See if you want to make it collapsible too for better space efficiency.


Do you know the wikicode to make a section collapsible?


Maybe the guide should be transcluded on the page because the guide I’m building on takes up a large amount of wiki space, which could prevent people from editing the other parts in the future due to having to deal with a large ‘blob’ of information…


Sure. Just go ahead and copy the wikicode from this section:


Would you like to become maintainer of https://www.whonix.org/wiki/Onion_Services_Guides and/or like to review https://www.whonix.org/w/index.php?title=Onion_Services_Guides&oldid=39827&diff=cur? @HulaHoop





Accepted for now. Could you please update it to use Onion v3? v2 will be deprecated in less than 2 years and render this guide obsolete. With v3 you don’t need to use client authorization as an onion is inaccessible unless its address is known by a third party unlike the old protocol.

Also for style guidelines, please use < pre> and < pre/> to highlight commands for users (No spaces).

IMO we should not endorse closed source games or any kind of proprietary software if possible (a notable exception is firmware however we don’t have much choice). I know TEG isn’t, but there is a note saying closed games are OK too.

@Patrick any opinion on this?


Will I use information from this section to learn how to do that?(though it might be outdated, cause Tor refused to re-start after

HiddenServiceVersion 3
got enabled)

On Whonix Workstation
Go to “See the following example. Adjust it for your purposes and add it.” and copy the information from the example into /usr/local/etc/torrc.d/50_user.conf (you can backup your old 50_user.conf) and try to restart Tor. For me it did not work. Does it work for you?

Actually it would be super cool to learn how to make multiple Onion v3 addresses for my game servers like I managed to do with my Onion v2 ones in stealth authentication mode. I could have up to 16 different addresses there. Can I have up to 16 addresses in Onion v3 too or maybe even more?(how does it work in practice? Anybody tried on low end hardware how many addresses can be handled before the system starts encountering bottlenecks?)


2 years for the team, you and me to figure out how to make game servers being able to utilize Onion v3. I’m positive we’ll eventually make it work, but I know Onion v2. Maybe I should buy some Monero so I could give you a tip after you are done teaching me this. As far as I know monero is as close as we can get to something like zcash and that works, am I right?


This needs a separate discussion. One where it is clear what is being discussed. It’s not about inclusion / non-inclusion of non-free software in Whonix, it’s about a ban on Whonix wiki to not document non-free software. For the latter, I am not yet convinced and would like to see arguments.




No you would refer to this section instead. Authorizing clients is not needed. Make sure you disable the whonix workstation firewall or change its rules to accommodate your port numbers.


It should be the same process except you are adding one more line to define onion version.

The 16 services are a limitation of the client cookie implementation. Since you are not using that with v3 you have no such limitations. You can run as many as your VM resources can handle.

Monero is architected from the ground up to counter surveillance. There were soome quirks discovered but those tend to be quickly handled.

I appreciate your generosity, but please forward any such funds to Patrick. He is more worthy.


I found some bad news: teg does not seem to support .onion v3 address length, neither in gui nor terminal. In the gui it refuses to connect using the last 6 alphanumeric symbols + the last 6 “.onion”.

My attempts in the terminal I based on man tegclient and it just opened up tegclient with my efforts proving fruitless, ignoring my options and behaving as if I had just started the game with tegclient. Well… looks like I have to add other games that support v3 .onion addresses. One day I hope to write a proper bug report upstream but for now that has to wait.

If anybody manages to connect to such an address without extra complications please let me know

Ok, I made it work. I was worried for a while I wouldn’t make it but thanks to the wiki guide + Set up next-gen (v3) onions(torproject dot org) and some own experimenting I managed to do that. This is how it could look like.(in


located in Whonix Gateway)

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80
HiddenServiceVersion 3

HiddenServiceDir /var/lib/tor/player1/
HiddenServicePort 2001
HiddenServiceVersion 3

HiddenServiceDir /var/lib/tor/player2/
HiddenServicePort 2002
HiddenServiceVersion 3

To see which addresses you give each player/group of players you just do(also in Whonix Gateway!)

sudo cat /var/lib/tor/player1/hostname(.onion for player 1)
sudo cat /var/lib/tor/player2/hostname(.onion for player 2)

In this example player/group 1 connects with their .onion on port 2001. Once they connect they are redirected to the gameserver port 2000.

Player/group 2 connects with their specific .onion which is different from player/group 1’s .onion but with the port 2002 which is redirected to the server port 2000. That means both players can use a different .onion and can meet in the multiplayer game experience.

What follows is that I now know how to upgrade the guide to v3 .onion multiplayer! Yay! Thanks everybody for your encouragement, I couldn’t do it without a little bit of experimenting. Next gen Tor Gaming on the way!