Chris Laprise: > On 10/03/2016 03:05 PM, Chris Laprise wrote: >> Network Manager 1.4.2 has been testing very well for me the last few >> days... >> >> This new version appears to randomize MAC addresses properly, and the >> feature set has evolved to the point where the randomization process >> is managed in a more holistic way. For example, you can specify a >> cloned-mac-address type of 'stable', and this will generate a random >> MAC (for a given access point) and store it for use with the same AP >> in the future. Setting it to 'random' will generate a random MAC each >> time it connects, instead of remembering the address. You can also >> specify bitmasks for randomization. >> >> When disconnected, the MAC is changed regularly at a set interval. >> Randomizing also works for ethernet, and is handled entirely by NM >> just like it is now for wifi. >> >> The network-manager 1.4.2 package is in Debian unstable repo and its >> not hard to install in Debian stretch/9. I do recommend removing your >> old NM connection profiles after upgrading, as randomization (while >> connected) didn't work for me until I started with fresh connection >> settings (created a new netvm). After installing, edit >> /etc/NetworkManager/NetworkManager.conf in the template and add lines >> like: >> >> [device-scan] >> wifi.scan-rand-mac-address=yes >> >> [connection] >> wifi.cloned-mac-address=random >> >> Then stop the template and restart the netvm. >> >> More details here: >> https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ >> >> https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html >> >> man nm-settings >> https://github.com/QubesOS/qubes-issues/issues/938 >> >> Chris >> > > FYI, Network Manager 1.4.2 has migrated to the Debian stretch repo. > Simply upgrading the template to debian 9 should provide all the > randomizing features that NM offers. > > https://www.qubes-os.org/doc/debian-template-upgrade-8/ > > Chris >
Thanks for the heads-up! I just replaced my very hacky, years-old MAC randomization setup with debian-9 with NetworkManager 1.4.2. As you say, I needed to re-create my connection profiles, but that's a trivial matter. Everything seems to work as promised! I am _so_ glad that MAC randomization will finally be available to Qubes users, and that closing this tracking ticket is finally within sight! :) Qubes devs: What would it take to make this the default? Is the problem simply that it requires Debian stretch? Further, since everything works as-is with Debian, why not make Debian the default template for service VMs? Not only is it nice for having longer release cycles, but moving to this default will save most people a nice chunk of disk space. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/771d4c46-6b5c-d166-5dcd-4ac60dfea1ef%40riseup.net. For more options, visit https://groups.google.com/d/optout.
