Chris Laprise:
> On 10/03/2016 03:05 PM, Chris Laprise wrote:
>> Network Manager 1.4.2 has been testing very well for me the last few
>> days...
>>
>> This new version appears to randomize MAC addresses properly, and the
>> feature set has evolved to the point where the randomization process
>> is managed in a more holistic way. For example, you can specify a
>> cloned-mac-address type of 'stable', and this will generate a random
>> MAC (for a given access point) and store it for use with the same AP
>> in the future. Setting it to 'random' will generate a random MAC each
>> time it connects, instead of remembering the address. You can also
>> specify bitmasks for randomization.
>>
>> When disconnected, the MAC is changed regularly at a set interval.
>> Randomizing also works for ethernet, and is handled entirely by NM
>> just like it is now for wifi.
>>
>> The network-manager 1.4.2 package is in Debian unstable repo and its
>> not hard to install in Debian stretch/9. I do recommend removing your
>> old NM connection profiles after upgrading, as randomization (while
>> connected) didn't work for me until I started with fresh connection
>> settings (created a new netvm). After installing, edit
>> /etc/NetworkManager/NetworkManager.conf in the template and add lines
>> like:
>>
>>    [device-scan]
>>    wifi.scan-rand-mac-address=yes
>>
>>    [connection]
>>    wifi.cloned-mac-address=random
>>
>> Then stop the template and restart the netvm.
>>
>> More details here:
>> https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/
>>
>> https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html
>>
>> man nm-settings
>> https://github.com/QubesOS/qubes-issues/issues/938
>>
>> Chris
>>
> 
> FYI, Network Manager 1.4.2 has migrated to the Debian stretch repo.
> Simply upgrading the template to debian 9 should provide all the
> randomizing features that NM offers.
> 
> https://www.qubes-os.org/doc/debian-template-upgrade-8/
> 
> Chris
> 

Thanks for the heads-up!  I just replaced my very hacky, years-old MAC
randomization setup with debian-9 with NetworkManager 1.4.2.

As you say, I needed to re-create my connection profiles, but that's a
trivial matter.  Everything seems to work as promised!

I am _so_ glad that MAC randomization will finally be available to Qubes
users, and that closing this tracking ticket is finally within sight!  :)

Qubes devs: What would it take to make this the default?  Is the problem
simply that it requires Debian stretch?  Further, since everything works
as-is with Debian, why not make Debian the default template for service
VMs?  Not only is it nice for having longer release cycles, but moving
to this default will save most people a nice chunk of disk space.

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/771d4c46-6b5c-d166-5dcd-4ac60dfea1ef%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to