Re: How to activate MAC address randomization?
On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > Hi, > > I just installed NetworkManager 1.2 in fedora 23 in the hopes that I > can > get mac randomization working. Only problem is there's no sign of a > setting for this in nmcli or the applet. I found a reference to a > setting on the NetworkManager.conf manpage which states: > > wifi.mac-address-randomization > If left unspecified, MAC address randomization is > disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to configure NetworkManager to use DUID-LL type with dhclient?
Hi Dan! Thank you so much! You were very clear. I was reading a documentation based just on RFC 3315 (LL, EN and LLT). Besides that I was using a perl conversion script that doesn't consider RFC 6355 (DUID-UUID). The output of this script was telling I was using DUID-LLT (but it's not true, it's a type 4 DUID). So, this scenario is now clear. NetworkManager generates a DUID-UUID that will be the same for the device. Thanks!!! :) -- Jorge Luiz Corrêa Embrapa Informática Agropecuária echo "CkpvcmdlIEx1aXogQ29ycmVhCkFuYWxpc3RhIGRlIFJlZGVzIGUgU2VndXJhbmNhCkVtYnJhcGEgSW5mb3JtYXRpY2EgQWdyb3BlY3VhcmlhIC0gTlRJCkF2LiBBbmRyZSBUb3NlbGxvLCAyMDkgKEJhcmFvIEdlcmFsZG8pCkNFUCAxMzA4My04ODYgLSBDYW1waW5hcywgU1AKVGVsZWZvbmU6ICgxOSkgMzIxMS01ODgyCmpvcmdlLmwuY29ycmVhQGVtYnJhcGEuYnIKCg==" | base64 -d - Mensagem original - De: "Dan Williams" Para: "Jorge L. Corrêa" , networkmanager-list@gnome.org Enviadas: Quinta-feira, 12 de maio de 2016 13:12:05 Assunto: Re: How to configure NetworkManager to use DUID-LL type with dhclient? On Mon, 2016-05-09 at 14:23 -0300, Jorge L. Corrêa wrote: > Hi, I've been looking for information about how to configure network > manager to pass parameters to dhclient. The goal is use dhclient with > "-D LL" (use DUID-LL as default type of DUID generation). I can see > that NetworkManager is calling dhclient in a way that DUID-LLT is > being used. > > For IPv6 networks we need to ensure that a host has, at minimum, one > known IPv6 address. So, after the first DUID generation, we need to > register this value in a system and ensure that this value doesn't > change anymore. If we use DUID-LLT we cannot do that. So, we need > that NetworkManager calls dhclient using DUID-LL (dhclient -D LL > ...). If there is no preconfigured DUID, then NetworkManager will generate a DUID-UUID from the machine-id file following RFC 6355. https://tools.ietf.org/html/rfc6355 NM uses DUID-UUID because DUID-LL/LLT are not guaranteed to remain constant across boots, since network device addresses can change and many devices don't bother to store a MAC address in NVRAM but generate a random one each boot (especially for embedded devices). Once generated, this DUID-UUID gets stored into the leasefile for the connection. Since it's generated from the machine-id (which by definition shouldn't change for the life of the machine/install) it will be the same regardless of whether you swap out NICs or the timestamp, which follows the DHCPv6 standards which say the DUID should not change when network hardware changes (RFC 3315, section 9). If you really want a DUID-LL, you can override it by specifying a DUID in the connection specific leasefile (usually /var/lib/NetworkManager) or in more standard leasefile locations for dhclient, like /etc/dhclient6.leases or /var/lib/dhcp/dhclient6.leases. NM will check those locations first if no connection specific leasefile from /var/lib/NetworkManager is found, and then copy that DUID to the connection specific leasefile when it gets created. Does that help? Dan Aviso de confidencialidade Esta mensagem da Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), empresa publica federal regida pelo disposto na Lei Federal no. 5.851, de 7 de dezembro de 1972, e enviada exclusivamente a seu destinatario e pode conter informacoes confidenciais, protegidas por sigilo profissional. Sua utilizacao desautorizada e ilegal e sujeita o infrator as penas da lei. Se voce a recebeu indevidamente, queira, por gentileza, reenvia-la ao emitente, esclarecendo o equivoco. Confidentiality note This message from Empresa Brasileira de Pesquisa Agropecuaria (Embrapa), a government company established under Brazilian law (5.851/72), is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you are not the addressee, please send it back, elucidating the failure. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 04/29/2016 09:07 PM, Thomas Haller wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. But its not clear what range of values should be specified here. The nm-settings manpage suggests this is a valid way to turn on randomization: [connection] wifi.mac-address-randomization=2 ...in /etc/NetworkManager/NetworkManager.conf However, it has no effect. I'm not sure what I'm missing here. Hi, How can you tell that it has no effect? Hi, I can tell its not randomizing when I check the address from ifconfig or 'macchanger -s'. The original address is shown. Setting default values in /etc/NetworkManager/NetworkManager.conf would work, for that you need to leave the per-connection value at "default". After editing the connection, you must always reload with `killall -SIGHUP NetworkManager`. So if my NetworkManager.conf looks like the following, it should work...? [main] plugins=keyfile [connection] wifi.mac-address-randomization=2 [logging] #level=DEBUG [keyfile] unmanaged-devices=mac:fe:ff:ff:ff:ff:ff The 'unmanaged' line is a reference to Qubes virtual interfaces; it should have no bearing on wifi. mac-address-randomization requires support by Hardware and wpa- supplicant. On Fedora23 I get a failure and the logfile reads: device (wlp3s0): Activation: (wifi) couldn't build wireless configuration: 802-11-wireless: cannot enable mac-randomization due to missing supplicant support Which log... dmesg or journalctl NetworkManager.service ? The version of wpa_supplicant I have in f23 is 2.4. This should support the feature. But I think you're implying that iwlwifi and/or the hardware are also a factor. What would be helpful is a list of hardware and driver versions that are known to work with randomization. Thomas Thanks, Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to configure NetworkManager to use DUID-LL type with dhclient?
On Mon, 2016-05-09 at 14:23 -0300, Jorge L. Corrêa wrote: > Hi, I've been looking for information about how to configure network > manager to pass parameters to dhclient. The goal is use dhclient with > "-D LL" (use DUID-LL as default type of DUID generation). I can see > that NetworkManager is calling dhclient in a way that DUID-LLT is > being used. > > For IPv6 networks we need to ensure that a host has, at minimum, one > known IPv6 address. So, after the first DUID generation, we need to > register this value in a system and ensure that this value doesn't > change anymore. If we use DUID-LLT we cannot do that. So, we need > that NetworkManager calls dhclient using DUID-LL (dhclient -D LL > ...). If there is no preconfigured DUID, then NetworkManager will generate a DUID-UUID from the machine-id file following RFC 6355. https://tools.ietf.org/html/rfc6355 NM uses DUID-UUID because DUID-LL/LLT are not guaranteed to remain constant across boots, since network device addresses can change and many devices don't bother to store a MAC address in NVRAM but generate a random one each boot (especially for embedded devices). Once generated, this DUID-UUID gets stored into the leasefile for the connection. Since it's generated from the machine-id (which by definition shouldn't change for the life of the machine/install) it will be the same regardless of whether you swap out NICs or the timestamp, which follows the DHCPv6 standards which say the DUID should not change when network hardware changes (RFC 3315, section 9). If you really want a DUID-LL, you can override it by specifying a DUID in the connection specific leasefile (usually /var/lib/NetworkManager) or in more standard leasefile locations for dhclient, like /etc/dhclient6.leases or /var/lib/dhcp/dhclient6.leases. NM will check those locations first if no connection specific leasefile from /var/lib/NetworkManager is found, and then copy that DUID to the connection specific leasefile when it gets created. Does that help? Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list