Wow, thanks so much, Thomas. I'm glad I asked. I'll have to give this a try.
In looking at the blog post and the values available in the default config
file, this approach didn't seem apparent. I appreciate the in-depth explanation.
- Jim
On Sat, Jun 30, 2018, at 6:33 AM, Thomas Haller wrote:
> On Fri, 2018-06-29 at 15:48 -0500, Jim Campbell wrote:
> > Hi All,
> >
> > I was looking through the options regarding MAC Address
> > randomization, and have a question about them. A member of my team
> > wanted to know if it would be possible to do a sort of combo between
> > the "stable" and the "random" options.
> >
> > As a refresher, here is my understanding of these two particular
> > options:
> >
> > 1) The "stable" option - give one MAC address to My_Neat_Wifi_AP_Name
> > (which would remain stable, but would be unique), and give another
> > unique address to each other Wifi AP. The MAC address would remain
> > stable for each of those AP's, but they would be unique between each
> > other.
> >
> > or
> >
> > 2) The "random" option - Give a random MAC address to
> > My_Neat_Wifi_AP_Name and to every other Wifi AP (each connection
> > would always use a random MAC address every time the system connected
> > to an AP).
> >
> > What my coworker inquired about is a mix between 1 (stable for
> > My_Neat_Wifi_AP_Name ) and 2 (random for every other AP).
> >
> > I don't think this is currently possible (and may not be feasible /
> > practical in the future), but I thought I would inquire about it just
> > to be sure.
> >
> > Thanks very much for all of your work.
>
> Hi,
>
> I think that should be easily possible.
>
>
> In general, NetworkManager is profile oriented. So, you anyway reqire a
> profile for each SSID, as you see them with `nmcli connection`.
>
> The configuration option in question (wifi.cloned-mac-address) is part
> of the profile, you could just configure most profiles with a value
> "random", except one having "stable". For example with something like:
>
> for UUID in $(nmcli -g UUID connection); do nmcli connection modify
> uuid "$UUID" wifi.cloned-mac-address $WHATEVER ; done
>
>
> Alternativley, various profile settings support to have their default
> value defined in NetworkManager.conf. See "CONNECTION SECTION" in `man
> NetworkManager.conf`. As such, you could instead leave "wifi.cloned-
> mac-address" setting of most profiles at their default/unset value.
> This makes the setting elegible to fallback to the default from
> NetworkManager.conf. Only at a selected few you'd configure an explicit
> value.
>
> It result is very similar, whether you explicitly configure "random" in
> the profile, or whether you allow it to fall back to a default-value
> "random" from NetworkManager.conf.
>
>
> Also, I personally prefer to leave cloned-mac-address always unset (in
> the profile), and set their default to "stable". But then instead I
> tweak the stable-id to either "${RANDOM}" or "some value". The stable-
> id itself can be dynamic, via certain special values ("${RANDOM}",
> "${BOOT}", "${CONNECTION}", which also can be combined, like
> "${CONNECTION}${BOOT}" -- which is actually the only combination that
> makes sense).
>
> See connection.stable-id in `man nm-settings` [1].
>
> Actually, I use [2] snippet, with most profiles neither specifying
> stable-id nor cloned-mac-address (thus, falling back to "stable" and a
> "${RANDOM}" stable-id). And then, for a selected few profiles, I set a
> more suitable stable-id.
>
> [1] https://developer.gnome.org/NetworkManager/stable/nm-settings.html
> [2]
> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/nm-conf.d/30-anon.conf?id=b26efa5b680b45a1e6e8fcfb2f9ea996d8e28706
>
>
>
> best,
> Thomas
>
>
> >
> > Kind regards,
> >
> > Jim
> >
> > P.S. Thanks for this well-written blog-post! https://blogs.gnome.org
> > /thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
> > _______________________________________________
> > networkmanager-list mailing list
> > [email protected]
> > https://mail.gnome.org/mailman/listinfo/networkmanager-list
> Email had 1 attachment:
> + signature.asc
> 1k (application/pgp-signature)
_______________________________________________
networkmanager-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/networkmanager-list
