From LinuxReviews
Jump to navigationJump to search
Developer(s)GNUnet e.V.
Initial releaseNovember 5, 2001; 20 years ago (2001-11-05)
Stable release
0.14.1 / April 4, 2021; 8 months ago (2021-04-04)
Written inC
Operating systemGNU/Linux / *BSD
TypeOverlay Network
LicenseGNU General Public License Version 3 /handbook/gnunet.html

GNUnet is a mostly secure overlay network with some degree of anonymity. It can be used to run a variety of applications on top of the regular Internet protocol stack including file sharing, real-time chat, alternative DNS, payment systems, social networks and potentially a whole range of applications.

GNUnet has been in development since 2001 yet it has not come very far in terms of practical features or usability. The end-user GTK applications look and behave like they were made by some high-school student during a lunch-break in the mid 1990s. They are buggy, and not at all user-friendly.


GNUnet changed protocol with the release of GNUNet 0.13.0 in July 2020. The new protocol can allows all kinds of networks on top of GNUNet including networks based on TCP, UDP, HTTP and HTTPS.

Information on net network is stored by peers as general objects . Object location data is stored and distributed using distributed hash tables (DHT).

The GNU Name System

GNUnet 0.13 introduced a new concept called the GNU Name System (GNS). The technical specification, complete with ASCII drawings, is available at

The GNU Name System uses a specially tailored ECDSA public/privacy key system using curve25519 curves for security. Security researcher Soatok had this to say about that decision in the "Dhole Moments" blog:

"The GNU Name System developers didn’t need to roll their own design, they could have used one that’s already seen real-world deployment instead. Why take on unnecessary risk?

Furthermore, trying to push through an implementation of ECDSA over edwards25519 isn’t just unnecessary and weird, it’s also probably dangerous "

GNU: A Heuristic for Bad Cryptography
Published July 8th, 2020

Names within the GNU Name System are assigned by an "industry expert" organization called GNUnet Assigned Numbers Authority (GANA)[1]. It is unclear what kind of policies or guidelines these "experts" use to assign GNS names.



GNUNet consists of two packages:

  • GNUNet, which has all you need to connect to the network and interact with it using terminal commands
  • GNUNet-GTK, which contains graphical GTK-programs for interacting with the GNUNet program. These are, as of GNUNet-GTK 0.13.1:
    • Conversations (gnunet-conversation-gtk)
    • File Sharing (gnunet-fs-gtk)
    • Namestore (gnunet-namestore-gtk)
    • Peerinfo (gnunet-peerinfo-gtk)
    • A setup tool (gnunet-setup)
    • Statistics (gnunet-statistics-gtk)

Features and Usability

A few GNUnet GTK programs: gnunet-statistics-gtk, gnunet-fs-gtk and gnunet-peerinfo-gtk.

GNUNet GTK version 0.13.1 looks, at best, like early alpha-software even though GNUnet is a 18 year old software project. The various programs that come with it hard not very strait forward, easy to use or stable.

Installation is a big hurdle since GNU/Linux distributions don't carry GNUNet packages. You will have to download, compile and install GNUNet and GNUNet-GTK yourself. Doing so is not that hard if you are a wizard used to compiling programs with ./configure && make but it does mean that the software is out of reach for everyone who have no idea what ./configure && make means.

All the GNUnet GTK programs start maximized every time even if you un-maximized them or resize them and close them. The only way around this is to start them in a wrapper script that launches wmctrl after the programs are launched.

GNUnet File Sharing

The GNUnet file sharing application searching for PDF files.

The GNUnet File Sharing program (gnunet-fs-gtk) can be used to search for files on the network and you will be able to find, and download, a few Linux-related books. And that's about it. It can be used, but there isn't much there.

Publishing to the network works fine most of the time. That's done using the File sharing ▸ Publish menu item. The file picker used for selecting files to be published is a broken variant of the GTK file picker. Typing into the file picker to choose a file in a directory you are in results in the file picker becoming completely blank. It is possible to use it as long as you navigate it with a mouse and stay away from the keyboard when you're picking files. Files added will sometimes get stuck and be shown in red forever. GNUnet File Sharing won't retry, and there is of course no way of making it retry. The only thing you can do is right-click stuck files and remove them one by one and re-add them.

Sharing files bigger than a few hundred megabytes tend to make the GUI freeze for several minutes. It will eventually come back.

The list of published files can't be sorted by name or size or anything else. Their order is randomly changed when you re-start the application.

There is a search feature and it does work. Not much shows up. Either there are very few files on the network, which would make sense since GNUnet is a rather obscure network only available to GNU/Linux users, or the search feature is broken. It's probably just few files available on the network. The first columns in the search result view will expand to the file with the longest file-name and the columns in the results view can not be resized. That makes it rather hard to see size and availability. Files can be acquired by double-clicking on them or right-clicking and selecting Download or Download As...

There is no way to change default download folder or any other settings for that matter, there is no Preferences or Settings.

Both files and folders can be shared using the GNUnet File Sharing tool. Folders will show up among the regular search results. Clicking on a folder results in the entire folder being downloaded. There is, of course, no way to look inside a folder or pick the file(s) you are interested in a folder, you have to download the whole thing to find out what it may or may not contain.

GNUnet File Sharing will always show a small red symbol in the lower left corner indicating that "Your peer is currently not connected". That red symbol can be ignored, it's always there regardless of the peer being connected or not.

None of the GNUnet GTK applications, including GNUnet File Sharing, support system tray icons.

GNUnet conversations

Would you be my friend.jpg

GNUnet conversations (gnunet-conversation-gtk) is a interesting-looking voice chat program. And that seems to be all it is, a interesting-looking GUI to look at.

The conversations program, as of 0.13.1, does nothing but display a message called "No ego selected, phone is down". There is no configuration options and there is no indication of what one may want to do to get the "phone" up (assuming you can use a headset on a regular computer as a "phone"). Perhaps it can be configured and used somehow. It could also be that this program is unfinished and not usable even if you spend hours trying to figure out how you're supposed to configure it. Good luck.

You should probably skip the GNUnet "conversations" program unless you are a developer interested in adding to or improving the code.

GNUnet GTK Statistics and GNUnet GTK Peerinfo

The Statistics and Peerinfo programs are purely informative programs. The statistics program shows a some graphs indicating how many network connections there are.

Peerinfo shows a list of connected peers and that's all that program does. gnunet-peerinfo-gtk is prettier than the gnunet-peerinfo console program shows a similar list of connected peers.


gnunet-setup 0.13.1.

The gnunet-setup program (part of gnunet-gtk) can be used to make a basic configuration file for GNUNet. It will simply tell you "Refusing to start as I will be unable to write configuration file `(null)': Bad address" if you start it in a terminal. You can point it at a configuration file in your user directory and move that to /etc/gnunet.conf later.

gnunet-setup won't start if you point it at a non-existing configuration file but it will start if a blank one exists:

touch $HOME/gnunet.conf
gnunet-setup -c $HOME/gnunet.conf

Make sure you do not click Test configuration because it will simply crash.

There is no Save configuration button. Closing the window will save the configuration file you specified when you launched it. The file it saves will contain a [datastore-mysql] section with a CONFIG variable pointing to a non-existing file in the folder where you happened to be when you started gnunet-setup. You will have to eradicate that section before you deploy the configuration file it creates. It will also put a pointless DEFAULTCONFIG pointing to the location you pointed gnunet-setup to with -c in the file it creates. You'll need to eradicate that line as well.

You should copy your new configuration file to /etc/gnunet.conf because that is where systemd service file it ships with, gnunet.service, points GNUnet to:

ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf

You can use the simple gnunet-config terminal tool to make a default configuration file suitable for a peer instead of the graphical gnunet-setup program. Using it to generate a default configuration file is as easy as:

gnunet-config -s PEER > /etc/gnunet.conf

Verdict And Conclusion

If you are particularly interested in overlay networks, file sharing networks and that kind of thing from a technical perspective then a look at GNUNet is probably worth it.

If you are looking for some easy to use general-purpose file sharing software then GNUNet is probably not what you are looking for. It is not easy to install, not easy to configure and not very easy to use. And there's not much in terms of content on the file sharing service.

GNUNet has potential. A lot of interesting things can be made to run on top of it. It is kind of interesting from a technical perspective. It is, for now, a worthless complete waste of time from a casual end-users perspective.


Building the GNUnet network package requires a lot of libraries you likely do not have:

gettext libgcrypt libtool-ltdl libidn2 libunistring jansson libsodium texinfo zbar

in addition to the standard build toolchain (gettext-devel libgcrypt-devel libtool-ltdl-devel libidn2-devel libunistring-devel jansson-devel texinfo libsodium-devel zbar-devel).

You should also, optionally, have libopus libextractor libextractor-devel libopusenc-devel installed to get some "additional" (more like basic) functionality.

GNUNet needs a special user-account and two groups. You should make those before you compile and install it. The ./configure script will tell you that and provide some instructions which, of course, don't actually work. You should create a gnunet user and group with:

adduser --system -s /bin/false -g gnunet -m -d  /var/lib/gnunet gnunet

You must also create a system group called gnunetdns:

addgroup gnunetdns

You will need to add each regular user who is going to use GNUNet to the gnunet group:

usermod -a -G gnunet yourusername

Actually building it is not very hard if you have the required dependencies installed:

mkdir $HOME/src; cd $HOME/src
tar xfvz gnunet-0.13.3.tar.gz  
cd gnunet-0.13.3
./configure --prefix=/usr/local
# Make sure it did not complain about missing libraries
make -j$(nproc)  # or -j2 if you do not want to use all cores
su -c 'make install'
cd ..

You will also want to the GNUNet GTK GUI package:

./configure --prefix=/usr/local
# Make sure it did not complain about missing libraries
make -j$(nproc)  # or -j2 if you do not want to use all cores
su -c 'make install'

GNUNet provides a systemd gnunet.service file you can use to start it.

GNUNet will not start without first creating a SELinux policy for it if you are using a SELinux-enabled distribution, see GNUNet/SELinux.

GNUNet will not start without a configuration file but it will start with a blank file. You can create a blanke one with touch /etc/gnunet.conf or one with some defaults by running

gnunet-config -s PEER > /etc/gnunet.conf

Ports and Firewalls

GNUNet will by default listen for incoming connections on TCP port 2086. The default for HTTP transport, which is not enabled by default, is TCP port 1080 and the HTTPS transport, also not enabled by default, defaults to port 4433.


The gnunet-arm control program, started by gnunet.service, is very noisy. The gnunet-arm.1 manual page claims the log-level can be set to DEBUG, INFO, WARNING or ERROR using -L or --loglevel= while gnunet-arm --help says it is -L or --log=.

gnunet-arm refuses to start with --loglevel=INFO. It will start with --log=INFO or -L INFO or --log=ERROR but it won't care what option you give it, the same huge flow of absolutely useless messages spewed out regardless of what log-level you request. GNUNet is generally very alpha-quality even though it is a almost 20 year old project so this kind of annoying malfunctioning is to be expected.

Adding --logfile=/dev/null to the ExecStart line in /usr/lib/systemd/system/gnunet.service is a working alternative to the not-functioning log level setting.



The GNUNet website is at The source is at and the handbook is at /handbook/gnunet.html.

Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.