OnionBalance help

I am trying to setup onionbalance. I have a small vps (none whonix the ob frontend) and two dedicated servers each running KVM with whonix

Hidden service version 3 on both dedicated servers

I configured my vps (not whonix) to use as the front server and created my main onionbalance key, then i moved onto my whonix dedicated servers i needed to upgrade tor to the latest version which i did via the whonix wiki everything went great and my gateway now displays tor running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8. this information displays after i run the tor - v command.

Using the onionbalance guide located here h**ps://onionbalance.readthedocs.io/en/latest/v3/tutorial-v3.html#step-3-configuring-the-backend-instances

I modified my torrc file.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80
HiddenServiceVersion 3
HiddenServiceOnionBalanceInstance 1

Then i reloaded tor and it fails to reload, the error displayed is:

sudo systemctl --no-pager status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor@default.service.d
└─30_clean-torrc-d-on-reload.conf, 40_obfs4proxy-workaround.conf, 50_controlsocket-workaround.conf
Active: reloading (reload) (Result: exit-code) since Sat 2020-07-18 19:01:59 UTC; 13s left
Process: 757 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
Process: 760 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
Process: 833 ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 (code=exited, status=1/FAILURE)
Process: 843 ExecStartPost=/bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 2285 ExecReload=/bin/sh -c /usr/lib/anon-gw-anonymizer-config/torrc-d-cleaner && /bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 833 (code=exited, status=1/FAILURE)
Tasks: 0 (limit: 1447)
Memory: 17.7M
CGroup: /system.slice/system-tor.slice/tor@default.service

Jul 18 19:01:59 host tor[833]: Jul 18 19:01:59.001 [notice] Opened HTTP tu…:9227
Jul 18 19:01:59 host tor[833]: Jul 18 19:01:59.001 [notice] Opening HTTP t…:9228
Jul 18 19:01:59 host tor[833]: Jul 18 19:01:59.001 [notice] Opened HTTP tu…:9228
Jul 18 19:01:59 host tor[833]: Jul 18 19:01:59.001 [notice] Opening HTTP t…:9229
Jul 18 19:01:59 host tor[833]: Jul 18 19:01:59.001 [notice] Opened HTTP tu…:9229
Jul 18 19:01:59 host systemd[1]: Started Anonymizing overlay network for TCP.
Jul 18 19:01:30 host systemd[1]: Reloading Anonymizing overlay network for TCP.
Jul 18 19:01:30 host sh[2285]: /usr/lib/anon-gw-anonymizer-config/torrc-d-…cess.
Jul 18 19:01:30 host systemd[1]: tor@default.service: Can’t open PID file …ctory
Jul 18 19:01:30 host systemd[1]: tor@default.service: Main process exited,…ILURE
Hint: Some lines were ellipsized, use -l to show in full.

  • true 0
  • true ‘Feel free to close this window.’
  • sleep 86400

The version of tor i upgraded to supports onionbalance. Does anyone know why this error is happening and what can i do to resolve it?

If you followed all steps from onionbalance manuals but you are running into Tor bugs then it is likely a problem there. You will have better a chance at fixing this by reporting it upstream.

1 Like

Log output doesn’t shown actual issue. It’s truncated. Without seeing any error message, can’t be debugged.

See these:

Hi looking to setup onion balance for my v3 hidden service. I have 3 servers each one has whonix installed, do I need to install onion balance on one of the gateways?

Do I install my forum software on one of the severs my OB gateway points too? Do I have to install anything on the second server or does it remain a static server only?

and have it point to the two other servers?

Unspecific to KVM.

All documentation we have on the Onion Services - Whonix for now is:

OnionBalance [archive] can help to prevent de-anonymization of an onion service by protecting it from becoming unavailable through denial of service attacks (DDOS). OnionBalance is mentioned in the security readme [archive] by vanguards author and Tor developer Mike Perry where he discusses attacks against onion services and defenses. OnionBalance [archive] is now available for onion v3 services [18], see: Cooking with Onions: Reclaiming the Onionbalance [archive].

Vanguards protect against guard discovery and related traffic analysis attacks and is installed by default in Whonix ™. [19] See Vanguards for further information.

High Traffic Onion Service Scalability Performance

Although mostly focused on non-anonymous onion services, the tor-dev mailing list discussion onionbalance useful on same server / for high-spec non-location hidden servers? [archive] contains interesting information on scalability and performance of high traffic onion services. The tor-dev mailing list [archive] (sign-up [archive]) is considered a useful resource for technical information since they are receptive to genuine inquiries.

Not even using onionbalance for whonix.org yet.

Mostly undocumented.

Should that change, the wiki page Onion Services - Whonix will be updated.


I would guess so.

Forum / server software ought to run inside Whonix-Workstation.

It’s difficult enough to load balance anything. More difficult for dynamic content such as forums. It’s highly web application specific - unrelated to Whonix. How do you even load balance discourse or phpBB on clearnet… Without knowing this even in theory, I wouldn’t attempt to introduce another layer of complexity, namely Tor onion services.

I guess a realistic path forward might be 1 centralized web server for the webapps(s) (forum) and then onionbalance only to work around the onion connection layer bottleneck.

Please see the docs below for more accurate info. I think you are running 3 instances of your website all sharing the single onion but onion balance balances the load between all three equally.

Likely on three different machines or else there isn’t a point to this setup. The idea is to make resources available for your onion to use by backing it up with many machines.


Wondering how onionbalance could be combined with Whonix.



Onionbalance implements round-robin like load balancing on top of Tor onion services. A typical Onionbalance deployment will incorporate one frontend servers and multiple backend instances.

I’d if this gets supported, the incrementally. First iterations could be:

  • multiple Tor onion instances
  • 1 backend server

For non-anonymous use cases (for example: whonix.org alternative onion) it isn’t required to run Whonix. Therefore running multiple Tor instances inside the same Whonix-Gateway with onionbalance, while easier, seems a bit pointless. That Whonix-Gateway would generate unusually much Tor traffic. Hence, less anonymous. The only situation where this could make sense would be on an anonymously purchased VPS where anonymity is not that important.


Otherwise for retaining good anonymity it would be required to run multiple Whonix-Gateway in physically different locations. This is to avoid that one Whonix-Gateway instance would be producing too much Tor traffic.

That however breaks how Whonix is operating for now:
One machine (Whonix-Workstation) connected to another machine (Whonix-Gateway) over an isolated, internal, (virtual) LAN connection. Unencrpyted. Related:

A prerequisite for onionbalance with Whonix is most likely the (optional) implementation of encrypted and authenticated connections between Whonix-Gateway and Whonix-Workstation. Otherwise onionbalance instances on physically separate machines couldn’t securely connect to the backend Whonix-Workstation (web or any) server.
(Unless - perhaps using onions with TLS which would reduce this to TLS level connection security and adding a dependency on TLS CAs.)


Whonix-Gateway onionbalance Instance Nr. 3 → Internet, clearnet, unencrypted → Whonix-Workstation backend (web or any) server

Probably not what we want. We probably want at least:

Whonix-Gateway onionbalance Instance Nr. 3 → Internet, clearnet, encrypted → Whonix-Workstation backend (web or any) server

Or should this even be torified?

Whonix-Gateway onionbalance Instance Nr. 3 → Internet, torified, encrypted → Whonix-Workstation backend (web or any) server

It’s not a bowl of cherries. Meaning, of course everyone would like to see the perfect implementation. If all traits (torified, encrypted, fast enough) could be implemented then these should be implemented. But in practice for this setup it might be either torified or fast enough. Both at the same time might be impossible.

Maybe I am missing something about onionbalance.

Outside of Whonix… Unrelated to Whonix… How does onionbalance solve this?

VPS onoinbalance Instance Nr. 2 → Internet → backend server

How would this be encrypted/authenticated? This is left to the system administrator?

Also as per onionbalance default not torified?

1 Like

Hello everyone,

This is a very interesting topic.

What would be the risks to set up onionbalance as a frontend server on a hardened dedicated server (set up anonymously) independent of Whonix?

The onionbalance transition to the backend servers (each a complete Whonix instance) remains in the Tor network from my understanding as onionbalance frontend server hands over the introduction point of a backend server as answer to the clients request over Tor. Can anyone confirm this?

However, as the frontend onionbalance server is not torified by default, isn’t it correct that this is only an issue when updating the server/initiating outgoing connections?

And another view: What are the risks of running a whonix instance as a dedicated frontend server (onionbalance necessarily on the gateway, the workstation is idle) and the dedicated backend servers are also full whonix instances?

To be honest I did not fully understood the argument of traffic, might someone please explain it? What is the real problem if all servers are located in the same data center? Of course, you could also distribute them geographically.

Reference: Whonix Onion Service Load Balancing Guide

Thank you.

Then you don’t have the security features provides by Whonix.


No. Same as above.

Hm. Maybe.
Maybe I got this wrong.

Yeah. That might work.

Because the volume of Tor traffic generated by a single server / location / customer stands out by far, therefore making the onion service’s server location easier to detect.

On a second thought it is probably possible to combine OnionBalance with Whonix. I’ve managed to wrap my head around the upstream OnionBalance documentation.

Please see, try, test, leave feedback, edit if needed:

It is still untested at time of writing. Should that change, the notice will be removed from the wiki and a new post will be made here.

Thank you very much. I appreciate your input and the instructions.

By the way could you find out or clarify if this is the case for OnionBalance without Whonix?

I have just read it. In this section Whonix-Workstation is not mentioned. Am I right that on the frontent Whonix instance a Whonix-Workstation is not needed and can be left out?

  • What I can do: take upstream generic documentation and port it to Debian based Whonix.
  • What I cannot do: provide support for general OnionBalance questions which aren’t related to Debian/Whonix.

I recommend redirecting such questions to upstream as per:

Indeed. Frontend Whonix doesn’t need Whonix-Workstation. Will add a note now to point that out.