Re: How to activate MAC address randomization?
On 08/30/2016 07:49 AM, Thomas Haller wrote: Hi, as a follow-up, I tried to explain the new options here: https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ Otherwise, our documentation should answer all your questions -- if you don't understand something from our manual pages, we'd like to improve them. Thomas The blog post does explain the 'stable' option pretty well, though the 'Supported Modes' looks a little too terse to explain the new behaviors ('stable' would seem to be a non-random option). At first glance, the expanded options look very useful. But the new NM is not yet working for me... see new troubleshooting thread. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
Hi, as a follow-up, I tried to explain the new options here: https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/ Otherwise, our documentation should answer all your questions -- if you don't understand something from our manual pages, we'd like to improve them. Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 06.07.2016 17:41, Thomas Haller wrote: > On Wed, 2016-07-06 at 16:45 +0200, poma wrote: >> On 18.06.2016 14:36, Chris Laprise wrote: >> >> [...] >> >>> Is there more of a consensus now on this issue? >>> >>> My last attempt at using NM 1.2 with wpas 2.4 and iwlwifi driver >>> (which >>> supposedly uses nl80211) resulted in NM saying it couldn't turn >>> randomization on. >>> >>> If I compile the latest NM 1.2 and wpas 2.5 master branches, should >>> it >>> work? My objective is to document the conditions and steps needed >>> to get >>> wifi randomization operational on Qubes OS, which is based on >>> fedora. >>> >>> Chris >>> >> >> >> Have you tested recent Haller's commits? >> "wifi: implement MAC address randomization in NetworkManager instead >> of supplicant" >> https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?qt=gr >> ep&q=randomization > > Hi poma, > > > I wanted to reply to this thread, explaining what I changed there... I > forgot, ... > > > on master (upcoming 1.4.0) wpa-supplicant is no longer used to > randomize MAC addresses. Instead it's done by NetworkManager. > Also, this also works now with ethernet, not only Wi-Fi. > > > > Again, randomization during Wi-Fi scanning is enabled by default. It > can be disabled per-device via NetworkManager.conf: > [device] > wifi.scan-rand-mac-address=no > See `man NetworkManager.conf`. > > > For randomzation during connection, the wifi.mac-address-randomization > setting is deprecated (but still used in case you have old connections > on disc). > Now, you configure instead wifi.cloned-mac-address (or ethernet.cloned- > mac-address). See `man nm-settings`. > > nmcli connection modify $MY_WIFI wifi.cloned-mac-address stable > > Vorsprung durch Technik Tested, and basic, Pre-association / Scanning -and- Association / Connection - random MAC address works /etc/NetworkManager/NetworkManager.conf ... [connection] # deprecated - see 'man 5 NetworkManager.conf / nm-settings': # wifi.mac-address-randomization=2 # # replacement: wifi.cloned-mac-address=random [device] # default: # wifi.scan-rand-mac-address=yes Test builds - Fedora: http://goo.gl/Gm4ffO net/ Repairs double "random" ethernet / wifi assigned-mac-address value description for NM-SETTINGS(5) --- libnm-core/nm-setting-wired.c| 2 +- libnm-core/nm-setting-wireless.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libnm-core/nm-setting-wired.c b/libnm-core/nm-setting-wired.c index 66ed9c4..fc5ab3e 100644 --- a/libnm-core/nm-setting-wired.c +++ b/libnm-core/nm-setting-wired.c @@ -1151,7 +1151,7 @@ nm_setting_wired_class_init (NMSettingWiredClass *setting_wired_class) * format: string * description: The new field for the cloned MAC address. It can be either * a hardware address in ASCII representation, or one of the special values -* "preserve", "permanent", "random", "random" or "stable". +* "preserve", "permanent", "random" or "stable". * This field replaces the deprecated "cloned-mac-address" on D-Bus, which * can only contain explict hardware addresses. * ---end--- diff --git a/libnm-core/nm-setting-wireless.c b/libnm-core/nm-setting-wireless.c index 2aa29c9..a7f58fe 100644 --- a/libnm-core/nm-setting-wireless.c +++ b/libnm-core/nm-setting-wireless.c @@ -1392,7 +1392,7 @@ nm_setting_wireless_class_init (NMSettingWirelessClass *setting_wireless_class) * format: string * description: The new field for the cloned MAC address. It can be either * a hardware address in ASCII representation, or one of the special values -* "preserve", "permanent", "random", "random" or "stable". +* "preserve", "permanent", "random" or "stable". * This field replaces the deprecated "cloned-mac-address" on D-Bus, which * can only contain explict hardware addresses. * ---end--- -- > > > > Related expert options are: > > * per-connection (man nm-settings): > > - "connection.stable-id", which affects the generated ID for > with "cloned-mac-address=stable". If you have multiple > connections that should generate the same MAC address. > > - "wifi.generate-mac-address-mask", > "ethernet.generate-mac-address-mask" > > * per-device (man NetworkManager.conf): > > - "wifi.scan-generate-mac-address-mask" > > > > Thomas > Chris, tested expert options? ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Wed, 2016-07-06 at 16:45 +0200, poma wrote: > On 18.06.2016 14:36, Chris Laprise wrote: > > [...] > > > Is there more of a consensus now on this issue? > > > > My last attempt at using NM 1.2 with wpas 2.4 and iwlwifi driver > > (which > > supposedly uses nl80211) resulted in NM saying it couldn't turn > > randomization on. > > > > If I compile the latest NM 1.2 and wpas 2.5 master branches, should > > it > > work? My objective is to document the conditions and steps needed > > to get > > wifi randomization operational on Qubes OS, which is based on > > fedora. > > > > Chris > > > > > Have you tested recent Haller's commits? > "wifi: implement MAC address randomization in NetworkManager instead > of supplicant" > https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?qt=gr > ep&q=randomization Hi poma, I wanted to reply to this thread, explaining what I changed there... I forgot, ... on master (upcoming 1.4.0) wpa-supplicant is no longer used to randomize MAC addresses. Instead it's done by NetworkManager. Also, this also works now with ethernet, not only Wi-Fi. Again, randomization during Wi-Fi scanning is enabled by default. It can be disabled per-device via NetworkManager.conf: [device] wifi.scan-rand-mac-address=no See `man NetworkManager.conf`. For randomzation during connection, the wifi.mac-address-randomization setting is deprecated (but still used in case you have old connections on disc). Now, you configure instead wifi.cloned-mac-address (or ethernet.cloned- mac-address). See `man nm-settings`. nmcli connection modify $MY_WIFI wifi.cloned-mac-address stable Related expert options are: * per-connection (man nm-settings): - "connection.stable-id", which affects the generated ID for with "cloned-mac-address=stable". If you have multiple connections that should generate the same MAC address. - "wifi.generate-mac-address-mask", "ethernet.generate-mac-address-mask" * per-device (man NetworkManager.conf): - "wifi.scan-generate-mac-address-mask" Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 18.06.2016 14:36, Chris Laprise wrote: [...] > Is there more of a consensus now on this issue? > > My last attempt at using NM 1.2 with wpas 2.4 and iwlwifi driver (which > supposedly uses nl80211) resulted in NM saying it couldn't turn > randomization on. > > If I compile the latest NM 1.2 and wpas 2.5 master branches, should it > work? My objective is to document the conditions and steps needed to get > wifi randomization operational on Qubes OS, which is based on fedora. > > Chris > Have you tested recent Haller's commits? "wifi: implement MAC address randomization in NetworkManager instead of supplicant" https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?qt=grep&q=randomization ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/25/2016 10:56 AM, Dan Williams wrote: NM always requests that non-associated scans (eg, before you've connected to a wifi network) be randomized by default. You can (through the mac randomization property) request that the association address also be randomized. You can also use the cloned MAC address property to set a specific MAC address for the association, on a per-connection basis. If you choose "always" for mac randomization, that overrides the cloned mac address. As far as we know, and as far as we've tested, these both work correctly when wpa_supplicant support exists and the driver uses the nl80211 kernel API. Out-of-tree and WEXT-based drivers may not work correctly. There does seem to be some confusion about the issue as you can see from this thread, so we're trying to investigate that and clear things up. But when the features were added, they worked. Dan Hi Dan, Is there more of a consensus now on this issue? My last attempt at using NM 1.2 with wpas 2.4 and iwlwifi driver (which supposedly uses nl80211) resulted in NM saying it couldn't turn randomization on. If I compile the latest NM 1.2 and wpas 2.5 master branches, should it work? My objective is to document the conditions and steps needed to get wifi randomization operational on Qubes OS, which is based on fedora. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/25/2016 10:56 AM, Dan Williams wrote: On Wed, 2016-05-18 at 21:10 -0400, Chris Laprise wrote: On 05/18/2016 02:25 PM, Dan Williams wrote: Randomization happens in the supplicant, and the supplicant also controls scanning. If randomization is enabled, the supplicant will change the MAC address before it scans, so this should not be a problem. Of course, if you run 'iw dev wlan0 scan' manually, that does not go through the supplicant, and you will leak your MAC. If you use NM's MAC cloning functionality, then yes, that might leak your MAC because that only clones the MAC address for the duration of the connection to a specific access point. It's not randomization, it's the same as ethernet MAC cloning. It does seem like a primary use case for randomization would be random addresses during scans only, and transition to chosen non-original addresses for connections (per-AP). The users and admins aren't going to think to themselves: "We're going to assign different addresses to these connections, so we're OK with the hardware address coming through." Not if they're using pre-connection randomization (which should be considered the operational norm by now). And its not that connection randomization isn't important, too. I just think that pre-connection randomization would work very well towards privacy if the 'randomization' were on a per-AP basis and not a per-session basis (the latter being less compatible with some institutional security schemes). Per-AP is more realistic and far more likely to be used. So I would like to know if NM can coordinate with supplicant well enough to transition the NIC between randomized pre-connection scanning and statically-spoofed connections without allowing the original address to be broadcast. NM always requests that non-associated scans (eg, before you've connected to a wifi network) be randomized by default. You can (through the mac randomization property) request that the association address also be randomized. You can also use the cloned MAC address property to set a specific MAC address for the association, on a per-connection basis. If you choose "always" for mac randomization, that overrides the cloned mac address. As far as we know, and as far as we've tested, these both work correctly when wpa_supplicant support exists and the driver uses the nl80211 kernel API. Out-of-tree and WEXT-based drivers may not work correctly. There does seem to be some confusion about the issue as you can see from this thread, so we're trying to investigate that and clear things up. But when the features were added, they worked. Dan Thanks to all of you for the clarifications and for addressing the remaining issues. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 24.05.2016 18:18, poma wrote: > [...] > > However working Association / Connection random MAC address only applies to > the: > 1. wpa_supplicant (Client) -> wpa_supplicant (Hotspot) > 2. wpa_supplicant (Client) -> NetworkManager (Hotspot) > > but not for: > 3. NetworkManager (Client) -> NetworkManager (Hotspot) > > Showcase, if applied - for 'MacAddr', the same mechanism as for 'PreassocMacAddr'; sed -i 's/PreassocMacAddr/MacAddr/' src/supplicant-manager/nm-supplicant-interface.c --- src/supplicant-manager/nm-supplicant-interface.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/supplicant-manager/nm-supplicant-interface.c b/src/supplicant-manager/nm-supplicant-interface.c index ce7a2a2..b9cafc3 100644 --- a/src/supplicant-manager/nm-supplicant-interface.c +++ b/src/supplicant-manager/nm-supplicant-interface.c @@ -552,7 +552,7 @@ iface_introspect_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data if (strstr (data, "ProbeRequest")) priv->ap_support = NM_SUPPLICANT_FEATURE_YES; - if (strstr (data, "PreassocMacAddr")) { + if (strstr (data, "MacAddr")) { priv->mac_randomization_support = NM_SUPPLICANT_FEATURE_YES; /* Turn on MAC randomization during scans by default */ @@ -561,7 +561,7 @@ iface_introspect_cb (GDBusProxy *proxy, GAsyncResult *result, gpointer user_data DBUS_INTERFACE_PROPERTIES ".Set", g_variant_new ("(ssv)", WPAS_DBUS_IFACE_INTERFACE, - "PreassocMacAddr", + "MacAddr", g_variant_new_string ("1")), G_DBUS_CALL_FLAGS_NONE, -1, = Client = # journalctl -o cat -b -u NetworkManager | grep -i mac NetworkManager[2098]: [...] sup-iface[...,wlp0s2f1u3]: config: set MAC randomization to 1 # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalctl -o cat -b -u wpa_supplicant.service | grep -i mac wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee wlp0s2f1u3: WPS: UUID based on MAC address: [...] properties_get_or_set: Set(MacAddr) mac_addr=1 properties_get_or_set: Set(MacAddr) mac_addr=1 nl80211: set_mac_addr for wlp0s2f1u3 to be:7f:1b:50:34:0b wlp0s2f1u3: Using random MAC address be:7f:1b:50:34:0b $ macchanger -s wlp0s2f1u3 Current MAC: be:7f:1b:50:34:0b (unknown) Permanent MAC: 00:aa:bb:cc:dd:ee (...) = Hotspot = # journalctl -o cat -b -u wpa_supplicant.service | grep '00:aa:bb:cc:dd:ee\|be:7f:1b:50:34:0b' nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlp2s2f7u2(ee:dd:cc:bb:aa:00) A1=ff:ff:ff:ff:ff:ff A2=00:aa:bb:cc:dd:ee nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=00:aa:bb:cc:dd:ee bssid=ff:ff:ff:ff:ff:ff freq=2412 ssi_signal=-19 fc=0x40 seq_ctrl=0xdc0 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=42 nl80211: send_mlme - da= 00:aa:bb:cc:dd:ee noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3 ... nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlp2s2f7u2(ee:dd:cc:bb:aa:00) A1=ee:dd:cc:bb:aa:00 A2=be:7f:1b:50:34:0b nl80211: RX frame da=ee:dd:cc:bb:aa:00 sa=be:7f:1b:50:34:0b bssid=ee:dd:cc:bb:aa:00 freq=2412 ssi_signal=-15 fc=0xb0 seq_ctrl=0x0 stype=11 (WLAN_FC_STYPE_AUTH) len=30 authentication: STA=be:7f:1b:50:34:0b auth_alg=0 auth_transaction=1 status_code=0 wep=0 seq_ctrl=0x0 ap_sta_add: register ap_handle_timer timeout for be:7f:1b:50:34:0b (300 seconds - ap_max_inactivity) nl80211: sta_remove -> DEL_STATION wlp2s2f7u2 be:7f:1b:50:34:0b --> -2 (No such file or directory) nl80211: Add STA be:7f:1b:50:34:0b hostapd_logger: STA be:7f:1b:50:34:0b - authentication OK (open system) hostapd_logger: STA be:7f:1b:50:34:0b - MLME-AUTHENTICATE.indication(be:7f:1b:50:34:0b, OPEN_SYSTEM) hostapd_logger: STA be:7f:1b:50:34:0b - MLME-DELETEKEYS.request(be:7f:1b:50:34:0b) authentication reply: STA=be:7f:1b:50:34:0b auth_alg=0 auth_transaction=2 resp=0 (IE len=0) nl80211: send_mlme - da= be:7f:1b:50:34:0b noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xb0 (WLAN_FC_STYPE_AUTH) nlmode=3 nl80211: New station be:7f:1b:50:34:0b nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlp2s2f7u2(ee:dd:cc:bb:aa:00) A1=ee:dd:cc:bb:aa:00 A2=be:7f:1b:50:34:0b nl80211: RX frame da=ee:dd:cc:bb:aa:00 sa=be:7f:1b:50:34:0b bssid=ee:dd:cc:bb:aa:00 freq=2412 ssi_signal=-15 fc=0x0 seq_ctrl=0x10 stype=0 (WLAN_FC_STYPE_ASSOC_REQ) len=110 association request: STA=be:7f:1b:50:34:0b capab_info=0x411 listen_interval=3 seq_ctrl=0x10 HT: STA be:7f:1b:50:34:0b HT Capabilities Info: 0x19ee update_sta_ht STA be:7f:1b:50:34:0b - no greenfield, num of non-gf stations 1 hostapd_logge
Re: How to activate MAC address randomization?
On 25.05.2016 16:56, Dan Williams wrote: > On Wed, 2016-05-18 at 21:10 -0400, Chris Laprise wrote: >> >> On 05/18/2016 02:25 PM, Dan Williams wrote: >>> >>> >>> Randomization happens in the supplicant, and the supplicant also >>> controls scanning. If randomization is enabled, the supplicant >>> will >>> change the MAC address before it scans, so this should not be a >>> problem. >>> >>> Of course, if you run 'iw dev wlan0 scan' manually, that does not >>> go >>> through the supplicant, and you will leak your MAC. >>> >>> If you use NM's MAC cloning functionality, then yes, that might >>> leak >>> your MAC because that only clones the MAC address for the duration >>> of >>> the connection to a specific access point. It's not randomization, >>> it's the same as ethernet MAC cloning. >> It does seem like a primary use case for randomization would be >> random >> addresses during scans only, and transition to chosen non-original >> addresses for connections (per-AP). The users and admins aren't going >> to >> think to themselves: "We're going to assign different addresses to >> these >> connections, so we're OK with the hardware address coming through." >> Not >> if they're using pre-connection randomization (which should be >> considered the operational norm by now). >> >> And its not that connection randomization isn't important, too. I >> just >> think that pre-connection randomization would work very well towards >> privacy if the 'randomization' were on a per-AP basis and not a >> per-session basis (the latter being less compatible with some >> institutional security schemes). Per-AP is more realistic and far >> more >> likely to be used. >> >> So I would like to know if NM can coordinate with supplicant well >> enough >> to transition the NIC between randomized pre-connection scanning and >> statically-spoofed connections without allowing the original address >> to >> be broadcast. > > NM always requests that non-associated scans (eg, before you've > connected to a wifi network) be randomized by default. You can > (through the mac randomization property) request that the association > address also be randomized. > > You can also use the cloned MAC address property to set a specific MAC > address for the association, on a per-connection basis. If you choose > "always" for mac randomization, that overrides the cloned mac address. > > As far as we know, and as far as we've tested, these both work > correctly when wpa_supplicant support exists and the driver uses the > nl80211 kernel API. Out-of-tree and WEXT-based drivers may not work > correctly. > > There does seem to be some confusion about the issue as you can see > from this thread, so we're trying to investigate that and clear things > up. But when the features were added, they worked. > On what -particular- commit you are referring to, as "worked" one? Ref. https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?qt=grep&q=randomization ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Wed, 2016-05-18 at 21:10 -0400, Chris Laprise wrote: > > On 05/18/2016 02:25 PM, Dan Williams wrote: > > > > > > Randomization happens in the supplicant, and the supplicant also > > controls scanning. If randomization is enabled, the supplicant > > will > > change the MAC address before it scans, so this should not be a > > problem. > > > > Of course, if you run 'iw dev wlan0 scan' manually, that does not > > go > > through the supplicant, and you will leak your MAC. > > > > If you use NM's MAC cloning functionality, then yes, that might > > leak > > your MAC because that only clones the MAC address for the duration > > of > > the connection to a specific access point. It's not randomization, > > it's the same as ethernet MAC cloning. > It does seem like a primary use case for randomization would be > random > addresses during scans only, and transition to chosen non-original > addresses for connections (per-AP). The users and admins aren't going > to > think to themselves: "We're going to assign different addresses to > these > connections, so we're OK with the hardware address coming through." > Not > if they're using pre-connection randomization (which should be > considered the operational norm by now). > > And its not that connection randomization isn't important, too. I > just > think that pre-connection randomization would work very well towards > privacy if the 'randomization' were on a per-AP basis and not a > per-session basis (the latter being less compatible with some > institutional security schemes). Per-AP is more realistic and far > more > likely to be used. > > So I would like to know if NM can coordinate with supplicant well > enough > to transition the NIC between randomized pre-connection scanning and > statically-spoofed connections without allowing the original address > to > be broadcast. NM always requests that non-associated scans (eg, before you've connected to a wifi network) be randomized by default. You can (through the mac randomization property) request that the association address also be randomized. You can also use the cloned MAC address property to set a specific MAC address for the association, on a per-connection basis. If you choose "always" for mac randomization, that overrides the cloned mac address. As far as we know, and as far as we've tested, these both work correctly when wpa_supplicant support exists and the driver uses the nl80211 kernel API. Out-of-tree and WEXT-based drivers may not work correctly. There does seem to be some confusion about the issue as you can see from this thread, so we're trying to investigate that and clear things up. But when the features were added, they worked. Dan > > > > > If you're looking for a more generic MAC randomization feature that > > also works for ethernet, then yes that would be NM's > > responsibility. > > Internally NM would handle ethernet MAC randomization itself, but > > delegate to the supplicant for WiFi. Since the supplicant handles > > scanning, it must also handle WiFi MAC randomization to ensure > > synchronization of the changes. > > > > Dan > Ethernet is probably not as pressing a concern because of the > physical > link aspect, but thanks for the insight. > > Chris > ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
[...] However working Association / Connection random MAC address only applies to the: 1. wpa_supplicant (Client) -> wpa_supplicant (Hotspot) 2. wpa_supplicant (Client) -> NetworkManager (Hotspot) but not for: 3. NetworkManager (Client) -> NetworkManager (Hotspot) ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 24.05.2016 16:46, poma wrote: > On 24.05.2016 13:22, poma wrote: >> >> [...] NetworkManager [...] >> >> WPA Supplicant comparative test >> - wpa_supplicant v2.6-devel git a26c9c2 2016-05-20 >> - Linux 4.6 >> - QEMU emulator version 2.6.0 (Hotspot) >> >> >> Pre-association / Scanning random MAC address >> >> = Client (mt7601u) = >> >> # grep -v '^#\|^$' /etc/wpa_supplicant.conf >> ctrl_interface=/var/run/wpa_supplicant >> ctrl_interface_group=wheel >> preassoc_mac_addr=1 >> network={ >> ssid="WiFiRd" >> bssid=ee:dd:cc:bb:aa:00 >> key_mgmt=WPA-PSK >> psk="**" >> } >> >> >> # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f >> wpasuplog.txt >> >> >> # grep -i 'mac\|rand\|connected' wpasuplog.txt >> random: Trying to read entropy from /dev/random >> preassoc_mac_addr=1 >> wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee >> wlp0s2f1u3: WPS: UUID based on MAC address: [...] >> EAPOL: SUPP_PAE entering state DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED >> random: Got 20/20 bytes from /dev/random >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> nl80211: set_mac_addr for wlp0s2f1u3 to 4a:b1:d6:28:4c:90 >> wlp0s2f1u3: Using random MAC address 4a:b1:d6:28:4c:90 >> nl80211: set_mac_addr for wlp0s2f1u3 to 00:aa:bb:cc:dd:ee >> wlp0s2f1u3: Using permanent MAC address >> wlp0s2f1u3: CTRL-EVENT-CONNECTED - Connection to ee:dd:cc:bb:aa:00 completed >> [id=0 id_str=] >> ... >> >> >> >> = Hotspot (rt2800usb) = >> >> # grep -v '^#\|^$' /etc/wpa_supplicant.conf >> ctrl_interface=/var/run/wpa_supplicant >> ctrl_interface_group=wheel >> network={ >> ssid="WiFiRd" >> key_mgmt=WPA-PSK >> psk="**" >> mode=2 >> } >> >> >> # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f >> wpasuplog.txt >> >> >> # grep -i '4a:b1:d6:28:4c:90\|00:aa:bb:cc:dd:ee' wpasuplog.txt >> nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=4a:b1:d6:28:4c:90 >> bssid=ff:ff:ff:ff:ff:ff freq=2462 ssi_signal=-19 fc=0x40 seq_ctrl=0x3b20 >> stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=83 >> nl80211: send_mlme - da= 4a:b1:d6:28:4c:90 noack=1 freq=0 no_cck=0 >> offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3 >> nl80211: RX frame da=ee:dd:cc:bb:aa:00 sa=00:aa:bb:cc:dd:ee >> bssid=ee:dd:cc:bb:aa:00 freq=2462 ssi_signal=-19 fc=0x8b0 seq_ctrl=0x3b60 >> stype=11 (WLAN_FC_STYPE_AUTH) len=30 >> ... >> wlp2s2f7u2: AP-STA-CONNECTED 00:aa:bb:cc:dd:ee >> ... >> >> >> ~~~ >> >> >> Association / Connection random MAC address >> >> >> = Client (mt7601u) = >> >> # grep -v '^#\|^$' /etc/wpa_supplicant.conf >> ctrl_interface=/var/run/wpa_supplicant >> ctrl_interface_group=wheel >> mac_addr=1 >> network={ >> ssid="WiFiRd" >> bssid=ee:dd:cc:bb:aa:00 >> key_mgmt=WPA-PSK >> psk="**" >> } >> >> >> # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f >> wpasuplog.txt >> >> >> # grep -i 'mac\|rand\|connected' wpasuplog.txt >> random: Trying to read entropy from /dev/random >> mac_addr=1 >> wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee >> wlp0s2f1u3: WPS: UUID based on MAC address: [...] >> EAPOL: SUPP_PAE entering state DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED >> random: Got 20/20 bytes from /dev/random >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> nl80211: set_mac_addr for wlp0s2f1u3 to 0e:5d:07:b0:73:a6 >> wlp0s2f1u3: Using random MAC address 0e:5d:07:b0:73:a6 >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> SCANNING >> wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED >> wlp0s2f1u3: Request to deauthenticate - bssid=00:00:00:00:00:00 >> pending_bssid=00:00:00:00:00:00 reason=3 state=DISCONNECTED >> wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED >> >> >> >> = Hotspot (rt2800usb) = >> >> # grep -v '^#\|^$' /etc/wpa_supplicant.conf >> ctrl_interface=/var/run/wpa_supplicant >> ctrl_interface_group=wheel >> network={ >> ssid="WiFiRd" >> key_mgmt=WPA-PSK >> psk="**" >> mode=2 >> } >> >> >> # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f >> wpasuplog.txt >> >> >> # grep -i acknowledge wpasuplog.txt >> hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication >> response >> hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication >> response >> hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication >> response >> hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authenticatio
Re: How to activate MAC address randomization?
On 24.05.2016 13:22, poma wrote: > > [...] NetworkManager [...] > > WPA Supplicant comparative test > - wpa_supplicant v2.6-devel git a26c9c2 2016-05-20 > - Linux 4.6 > - QEMU emulator version 2.6.0 (Hotspot) > > > Pre-association / Scanning random MAC address > > = Client (mt7601u) = > > # grep -v '^#\|^$' /etc/wpa_supplicant.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > preassoc_mac_addr=1 > network={ > ssid="WiFiRd" > bssid=ee:dd:cc:bb:aa:00 > key_mgmt=WPA-PSK > psk="**" > } > > > # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt > > > # grep -i 'mac\|rand\|connected' wpasuplog.txt > random: Trying to read entropy from /dev/random > preassoc_mac_addr=1 > wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee > wlp0s2f1u3: WPS: UUID based on MAC address: [...] > EAPOL: SUPP_PAE entering state DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED > random: Got 20/20 bytes from /dev/random > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > nl80211: set_mac_addr for wlp0s2f1u3 to 4a:b1:d6:28:4c:90 > wlp0s2f1u3: Using random MAC address 4a:b1:d6:28:4c:90 > nl80211: set_mac_addr for wlp0s2f1u3 to 00:aa:bb:cc:dd:ee > wlp0s2f1u3: Using permanent MAC address > wlp0s2f1u3: CTRL-EVENT-CONNECTED - Connection to ee:dd:cc:bb:aa:00 completed > [id=0 id_str=] > ... > > > > = Hotspot (rt2800usb) = > > # grep -v '^#\|^$' /etc/wpa_supplicant.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > network={ > ssid="WiFiRd" > key_mgmt=WPA-PSK > psk="**" > mode=2 > } > > > # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt > > > # grep -i '4a:b1:d6:28:4c:90\|00:aa:bb:cc:dd:ee' wpasuplog.txt > nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=4a:b1:d6:28:4c:90 > bssid=ff:ff:ff:ff:ff:ff freq=2462 ssi_signal=-19 fc=0x40 seq_ctrl=0x3b20 > stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=83 > nl80211: send_mlme - da= 4a:b1:d6:28:4c:90 noack=1 freq=0 no_cck=0 > offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3 > nl80211: RX frame da=ee:dd:cc:bb:aa:00 sa=00:aa:bb:cc:dd:ee > bssid=ee:dd:cc:bb:aa:00 freq=2462 ssi_signal=-19 fc=0x8b0 seq_ctrl=0x3b60 > stype=11 (WLAN_FC_STYPE_AUTH) len=30 > ... > wlp2s2f7u2: AP-STA-CONNECTED 00:aa:bb:cc:dd:ee > ... > > > ~~~ > > > Association / Connection random MAC address > > > = Client (mt7601u) = > > # grep -v '^#\|^$' /etc/wpa_supplicant.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > mac_addr=1 > network={ > ssid="WiFiRd" > bssid=ee:dd:cc:bb:aa:00 > key_mgmt=WPA-PSK > psk="**" > } > > > # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt > > > # grep -i 'mac\|rand\|connected' wpasuplog.txt > random: Trying to read entropy from /dev/random > mac_addr=1 > wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee > wlp0s2f1u3: WPS: UUID based on MAC address: [...] > EAPOL: SUPP_PAE entering state DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED > random: Got 20/20 bytes from /dev/random > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > nl80211: set_mac_addr for wlp0s2f1u3 to 0e:5d:07:b0:73:a6 > wlp0s2f1u3: Using random MAC address 0e:5d:07:b0:73:a6 > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> SCANNING > wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED > wlp0s2f1u3: Request to deauthenticate - bssid=00:00:00:00:00:00 > pending_bssid=00:00:00:00:00:00 reason=3 state=DISCONNECTED > wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED > > > > = Hotspot (rt2800usb) = > > # grep -v '^#\|^$' /etc/wpa_supplicant.conf > ctrl_interface=/var/run/wpa_supplicant > ctrl_interface_group=wheel > network={ > ssid="WiFiRd" > key_mgmt=WPA-PSK > psk="**" > mode=2 > } > > > # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt > > > # grep -i acknowledge wpasuplog.txt > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication > response > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication > response > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication > response > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication > response > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication > response > hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge a
Re: How to activate MAC address randomization?
[...] NetworkManager [...] WPA Supplicant comparative test - wpa_supplicant v2.6-devel git a26c9c2 2016-05-20 - Linux 4.6 - QEMU emulator version 2.6.0 (Hotspot) Pre-association / Scanning random MAC address = Client (mt7601u) = # grep -v '^#\|^$' /etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel preassoc_mac_addr=1 network={ ssid="WiFiRd" bssid=ee:dd:cc:bb:aa:00 key_mgmt=WPA-PSK psk="**" } # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt # grep -i 'mac\|rand\|connected' wpasuplog.txt random: Trying to read entropy from /dev/random preassoc_mac_addr=1 wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee wlp0s2f1u3: WPS: UUID based on MAC address: [...] EAPOL: SUPP_PAE entering state DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED random: Got 20/20 bytes from /dev/random wlp0s2f1u3: State: DISCONNECTED -> SCANNING nl80211: set_mac_addr for wlp0s2f1u3 to 4a:b1:d6:28:4c:90 wlp0s2f1u3: Using random MAC address 4a:b1:d6:28:4c:90 nl80211: set_mac_addr for wlp0s2f1u3 to 00:aa:bb:cc:dd:ee wlp0s2f1u3: Using permanent MAC address wlp0s2f1u3: CTRL-EVENT-CONNECTED - Connection to ee:dd:cc:bb:aa:00 completed [id=0 id_str=] ... = Hotspot (rt2800usb) = # grep -v '^#\|^$' /etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="WiFiRd" key_mgmt=WPA-PSK psk="**" mode=2 } # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt # grep -i '4a:b1:d6:28:4c:90\|00:aa:bb:cc:dd:ee' wpasuplog.txt nl80211: RX frame da=ff:ff:ff:ff:ff:ff sa=4a:b1:d6:28:4c:90 bssid=ff:ff:ff:ff:ff:ff freq=2462 ssi_signal=-19 fc=0x40 seq_ctrl=0x3b20 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=83 nl80211: send_mlme - da= 4a:b1:d6:28:4c:90 noack=1 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0x50 (WLAN_FC_STYPE_PROBE_RESP) nlmode=3 nl80211: RX frame da=ee:dd:cc:bb:aa:00 sa=00:aa:bb:cc:dd:ee bssid=ee:dd:cc:bb:aa:00 freq=2462 ssi_signal=-19 fc=0x8b0 seq_ctrl=0x3b60 stype=11 (WLAN_FC_STYPE_AUTH) len=30 ... wlp2s2f7u2: AP-STA-CONNECTED 00:aa:bb:cc:dd:ee ... ~~~ Association / Connection random MAC address = Client (mt7601u) = # grep -v '^#\|^$' /etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel mac_addr=1 network={ ssid="WiFiRd" bssid=ee:dd:cc:bb:aa:00 key_mgmt=WPA-PSK psk="**" } # wpa_supplicant -i wlp0s2f1u3 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt # grep -i 'mac\|rand\|connected' wpasuplog.txt random: Trying to read entropy from /dev/random mac_addr=1 wlp0s2f1u3: Own MAC address: 00:aa:bb:cc:dd:ee wlp0s2f1u3: WPS: UUID based on MAC address: [...] EAPOL: SUPP_PAE entering state DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED random: Got 20/20 bytes from /dev/random wlp0s2f1u3: State: DISCONNECTED -> SCANNING nl80211: set_mac_addr for wlp0s2f1u3 to 0e:5d:07:b0:73:a6 wlp0s2f1u3: Using random MAC address 0e:5d:07:b0:73:a6 wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> SCANNING wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> SCANNING wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> SCANNING wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> SCANNING wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> SCANNING wlp0s2f1u3: State: AUTHENTICATING -> DISCONNECTED wlp0s2f1u3: Request to deauthenticate - bssid=00:00:00:00:00:00 pending_bssid=00:00:00:00:00:00 reason=3 state=DISCONNECTED wlp0s2f1u3: State: DISCONNECTED -> DISCONNECTED = Hotspot (rt2800usb) = # grep -v '^#\|^$' /etc/wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="WiFiRd" key_mgmt=WPA-PSK psk="**" mode=2 } # wpa_supplicant -i wlp2s2f7u2 -c /etc/wpa_supplicant.conf -d -f wpasuplog.txt # grep -i acknowledge wpasuplog.txt hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authentication response hostapd_logger: STA 0e:5d:07:b0:73:a6 - did not acknowledge authen
Re: How to activate MAC address randomization?
> So, you had the right version of wpa-supplicant but it didn't work? > Could you send a logfile of NM with TRACE logging enabled? > > > It looks like the logging level is set to info by default. >> As a side comment, If I use the "unsupported" wpa_supplicant version >> (ie >> the last stable), I cannot connect to the SSID if I ask for >> randomization (always) and I have this error: "active connection >> removed >> before it was initialized". Of course, this doesn't happen if I build >> wpa_supplicant from their master branch. > that would be expected, no? Yes, absolutely. It was just a comment to show that the master version shows a different behavior, which is a positive signal. > You should also see a message in the logfile: > "Activation: (wifi) couldn't build wireless configuration: 802-11- > wireless: cannot enable mac-randomization due to missing supplicant > support" > This is is what I get on Fedora 23. > I have the same. I dumped the useful journalctl part here: pastebin.com/QKvfgyP0 my config (just for info) pastebin.com/3KQTwXFA Thanks. -- François Boulogne. http://www.sciunto.org GPG: 32D5F22F ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Sun, 2016-05-22 at 15:43 +0200, fo...@sciunto.org wrote: > Hi Thomas, Hi, > > Oh, I didn't actually test mac-addr-randomization myself :) > > I am definitely interested whether it works for you (but I still > > expect > > it works, if wpa-supplicant has support). > I made further test with another computer, but same OS. I got the > same > behavior, ie I couldn't randomize my mac address. > That was the occasion to build against a more recent master version > of > wpa_supplicant. So, you had the right version of wpa-supplicant but it didn't work? Could you send a logfile of NM with TRACE logging enabled? > As a side comment, If I use the "unsupported" wpa_supplicant version > (ie > the last stable), I cannot connect to the SSID if I ask for > randomization (always) and I have this error: "active connection > removed > before it was initialized". Of course, this doesn't happen if I build > wpa_supplicant from their master branch. that would be expected, no? You should also see a message in the logfile: "Activation: (wifi) couldn't build wireless configuration: 802-11- wireless: cannot enable mac-randomization due to missing supplicant support" This is is what I get on Fedora 23. > If anybody has a chance to test this, I would be happy to hear about > it, > or if you have ideas/instructions to get a better understanding. > > Thanks. > > Best, Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
Hi Thomas, > Oh, I didn't actually test mac-addr-randomization myself :) > I am definitely interested whether it works for you (but I still expect > it works, if wpa-supplicant has support). I made further test with another computer, but same OS. I got the same behavior, ie I couldn't randomize my mac address. That was the occasion to build against a more recent master version of wpa_supplicant. As a side comment, If I use the "unsupported" wpa_supplicant version (ie the last stable), I cannot connect to the SSID if I ask for randomization (always) and I have this error: "active connection removed before it was initialized". Of course, this doesn't happen if I build wpa_supplicant from their master branch. If anybody has a chance to test this, I would be happy to hear about it, or if you have ideas/instructions to get a better understanding. Thanks. Best, -- François Boulogne. http://www.sciunto.org GPG: 32D5F22F ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 21.05.2016 01:03, poma wrote: > On 20.05.2016 19:36, Dan Williams wrote: >> On Fri, 2016-05-20 at 19:03 +0200, poma wrote: >>> On 19.05.2016 12:22, Thomas Haller wrote: On Thu, 2016-05-19 at 01:41 +0200, poma wrote: > > On 18.05.2016 16:49, Thomas Haller wrote: >> >> > I actually have a question for you, and Lubo; > > In the wpa_supplicant, Pre-association MAC random-ization is > disabled > per default: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 > PreassocMacAddr > Pre-association MAC address policy > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > #n41 > 8 > # MAC address policy for pre-association operations (scanning, > ANQP) > # 0 = use permanent MAC address > # 1 = use random MAC address > # 2 = like 1, but maintain OUI (with local admin bit set) > #preassoc_mac_addr=0 > > > and the same was said, toward NetworkManager, in: > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N > EWS# > n8 > * Added an option to enable use of random MAC addresses for Wi-Fi > access > point scanning (defaults to disabled). Controlled with > 'wifi.mac-address-randomization' property > (MAC_ADDRESS_RANDOMIZATION key in > ifcfg files). Yeah, this is wrong. I fixed it: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/? id=e0e1c5916073deac49d27a9ee2343073f5fe552a > > -but- you said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > 0042 > .html > > When NM detects support in wpa-supplicant, it always sets > PreassocMacAddr to 1. This setting is only relevant during > scanning, > and thus NM *always* enables it. > > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > ckin > g-protection-in-wi-fi-networks > > What seems like a viable option is randomizing the MAC address > while > scanning, > changing it every now and then, > but still use the hard-wired MAC address for association and > actual > connectivity. [...] > With the upcoming NetworkManager 1.2 we’re doing this too. [...] > With the upcoming NetworkManager 1.2 (when using wpa_supplicant > 2.4 > or newer) we’re doing this too. > > > > Is not that, as mentioned in the NEWS, in fact MAC random-ization > per > connecting, not MAC random-ization per scanning!? You are right. > > That is, in the wpa_supplicant, Connection MAC random-ization: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 > MacAddr > MAC address policy default > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > #n40 > 5 > # MAC address policy default > # 0 = use permanent MAC address > # 1 = use random MAC address for each ESS connection > # 2 = like 1, but maintain OUI (with local admin bit set) > # > # By default, permanent MAC address is used unless policy is > changed > by > # the per-network mac_addr parameter. Global mac_addr=1 can be > used > to > # change this default behavior. > #mac_addr=0 > > > toward NetworkManager, what -you- said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > 0042 > .html > > The mac-address-randomization connection-setting on the other > hand, > configures the behavior while being connected. > > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > ckin > g-protection-in-wi-fi-networks > > Could we randomize the permanent address too? > We added option for that to NetworkManager 1.2 too, but are > leaving > it off. [...] > > > > What is what, and what is not!? :) > Hi poma, yes, the NEWS file was wrong. Also, as we already found out, another mistake was that wpa- supplicant support is not yet available in 2.4. It is currently only on master (and will be in supplicant version 2.6) -- unless we backport it, for which you opened a Fedora bug (thank you). Lubo's "but are leaving it off." statement means: if you leave the per-connection setting wifi.mac-address- randomization at "default", then the default means "off" -- unless you overwrite it via a global default value in /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. Does this resolve all unclarities? >>> >>> Of course! >>> >>> Here's the answer to your question - "Why do you say that "rand-mac" >>> does not work?" >>> >>> >>
Re: How to activate MAC address randomization?
On 20.05.2016 19:36, Dan Williams wrote: > On Fri, 2016-05-20 at 19:03 +0200, poma wrote: >> On 19.05.2016 12:22, Thomas Haller wrote: >>> >>> On Thu, 2016-05-19 at 01:41 +0200, poma wrote: On 18.05.2016 16:49, Thomas Haller wrote: > > I actually have a question for you, and Lubo; In the wpa_supplicant, Pre-association MAC random-ization is disabled per default: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 PreassocMacAddr Pre-association MAC address policy https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf #n41 8 # MAC address policy for pre-association operations (scanning, ANQP) # 0 = use permanent MAC address # 1 = use random MAC address # 2 = like 1, but maintain OUI (with local admin bit set) #preassoc_mac_addr=0 and the same was said, toward NetworkManager, in: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N EWS# n8 * Added an option to enable use of random MAC addresses for Wi-Fi access point scanning (defaults to disabled). Controlled with 'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in ifcfg files). >>> Yeah, this is wrong. I fixed it: >>> >>> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/? >>> id=e0e1c5916073deac49d27a9ee2343073f5fe552a >>> >>> >>> >>> -but- you said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 0042 .html When NM detects support in wpa-supplicant, it always sets PreassocMacAddr to 1. This setting is only relevant during scanning, and thus NM *always* enables it. -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra ckin g-protection-in-wi-fi-networks What seems like a viable option is randomizing the MAC address while scanning, changing it every now and then, but still use the hard-wired MAC address for association and actual connectivity. [...] With the upcoming NetworkManager 1.2 we’re doing this too. [...] With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too. Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per scanning!? >>> You are right. >>> >>> >>> >>> That is, in the wpa_supplicant, Connection MAC random-ization: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 MacAddr MAC address policy default https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf #n40 5 # MAC address policy default # 0 = use permanent MAC address # 1 = use random MAC address for each ESS connection # 2 = like 1, but maintain OUI (with local admin bit set) # # By default, permanent MAC address is used unless policy is changed by # the per-network mac_addr parameter. Global mac_addr=1 can be used to # change this default behavior. #mac_addr=0 toward NetworkManager, what -you- said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 0042 .html The mac-address-randomization connection-setting on the other hand, configures the behavior while being connected. -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra ckin g-protection-in-wi-fi-networks Could we randomize the permanent address too? We added option for that to NetworkManager 1.2 too, but are leaving it off. [...] What is what, and what is not!? :) >>> >>> Hi poma, >>> >>> >>> yes, the NEWS file was wrong. >>> >>> Also, as we already found out, another mistake was that wpa- >>> supplicant >>> support is not yet available in 2.4. It is currently only on master >>> (and will be in supplicant version 2.6) >>> -- unless we backport it, for which you opened a Fedora bug (thank >>> you). >>> >>> >>> Lubo's "but are leaving it off." statement means: >>> if you leave the per-connection setting wifi.mac-address- >>> randomization >>> at "default", then the default means "off" >>> -- unless you overwrite it via a global default value in >>> /etc/NetworkManager/NetworkManager.conf, see `man >>> NetworkManager.conf`. >>> >>> >>> >>> Does this resolve all unclarities? >>> >> >> Of course! >> >> Here's the answer to your question - "Why do you say that "rand-mac" >> does not work?" >> >> >> == Client == >> >> # cat /sys/class/net/wlp0s2f1u3/address >> 00:aa:bb:cc:dd:ee >> >> >> # journalctl -o cat -b -u NetworkManager >> ... >> NetworkManager[2125]: [[...]] platform: signal: link changed: >> 5:
Re: How to activate MAC address randomization?
On Fri, 2016-05-20 at 19:03 +0200, poma wrote: > On 19.05.2016 12:22, Thomas Haller wrote: > > > > On Thu, 2016-05-19 at 01:41 +0200, poma wrote: > > > > > > On 18.05.2016 16:49, Thomas Haller wrote: > > > > > > > > > > > I actually have a question for you, and Lubo; > > > > > > In the wpa_supplicant, Pre-association MAC random-ization is > > > disabled > > > per default: > > > > > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 > > > PreassocMacAddr > > > Pre-association MAC address policy > > > > > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > > > #n41 > > > 8 > > > # MAC address policy for pre-association operations (scanning, > > > ANQP) > > > # 0 = use permanent MAC address > > > # 1 = use random MAC address > > > # 2 = like 1, but maintain OUI (with local admin bit set) > > > #preassoc_mac_addr=0 > > > > > > > > > and the same was said, toward NetworkManager, in: > > > > > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/N > > > EWS# > > > n8 > > > * Added an option to enable use of random MAC addresses for Wi-Fi > > > access > > > point scanning (defaults to disabled). Controlled with > > > 'wifi.mac-address-randomization' property > > > (MAC_ADDRESS_RANDOMIZATION key in > > > ifcfg files). > > Yeah, this is wrong. I fixed it: > > > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/? > > id=e0e1c5916073deac49d27a9ee2343073f5fe552a > > > > > > > > > > > > > > -but- you said in: > > > > > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > > > 0042 > > > .html > > > > > > When NM detects support in wpa-supplicant, it always sets > > > PreassocMacAddr to 1. This setting is only relevant during > > > scanning, > > > and thus NM *always* enables it. > > > > > > > > > > > > -and- as "published" by Lubo in: > > > > > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > > > ckin > > > g-protection-in-wi-fi-networks > > > > > > What seems like a viable option is randomizing the MAC address > > > while > > > scanning, > > > changing it every now and then, > > > but still use the hard-wired MAC address for association and > > > actual > > > connectivity. [...] > > > With the upcoming NetworkManager 1.2 we’re doing this too. [...] > > > With the upcoming NetworkManager 1.2 (when using wpa_supplicant > > > 2.4 > > > or newer) we’re doing this too. > > > > > > > > > > > > Is not that, as mentioned in the NEWS, in fact MAC random-ization > > > per > > > connecting, not MAC random-ization per scanning!? > > You are right. > > > > > > > > > > > > > > That is, in the wpa_supplicant, Connection MAC random-ization: > > > > > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 > > > MacAddr > > > MAC address policy default > > > > > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf > > > #n40 > > > 5 > > > # MAC address policy default > > > # 0 = use permanent MAC address > > > # 1 = use random MAC address for each ESS connection > > > # 2 = like 1, but maintain OUI (with local admin bit set) > > > # > > > # By default, permanent MAC address is used unless policy is > > > changed > > > by > > > # the per-network mac_addr parameter. Global mac_addr=1 can be > > > used > > > to > > > # change this default behavior. > > > #mac_addr=0 > > > > > > > > > toward NetworkManager, what -you- said in: > > > > > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg0 > > > 0042 > > > .html > > > > > > The mac-address-randomization connection-setting on the other > > > hand, > > > configures the behavior while being connected. > > > > > > > > > > > > -and- as "published" by Lubo in: > > > > > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tra > > > ckin > > > g-protection-in-wi-fi-networks > > > > > > Could we randomize the permanent address too? > > > We added option for that to NetworkManager 1.2 too, but are > > > leaving > > > it off. [...] > > > > > > > > > > > > What is what, and what is not!? :) > > > > > > > Hi poma, > > > > > > yes, the NEWS file was wrong. > > > > Also, as we already found out, another mistake was that wpa- > > supplicant > > support is not yet available in 2.4. It is currently only on master > > (and will be in supplicant version 2.6) > > -- unless we backport it, for which you opened a Fedora bug (thank > > you). > > > > > > Lubo's "but are leaving it off." statement means: > > if you leave the per-connection setting wifi.mac-address- > > randomization > > at "default", then the default means "off" > > -- unless you overwrite it via a global default value in > > /etc/NetworkManager/NetworkManager.conf, see `man > > NetworkManager.conf`. > > > > > > > > Does this resolve all unclarities? > > > > Of course! > > Here's the answer to your question - "Why do you say that "rand-mac" > does not work?" > > > == Client == > > # cat /sys/class/net/wlp0s2f1u3/address > 00:aa:bb:cc:dd:ee > >
Re: How to activate MAC address randomization?
On 19.05.2016 12:22, Thomas Haller wrote: > On Thu, 2016-05-19 at 01:41 +0200, poma wrote: >> On 18.05.2016 16:49, Thomas Haller wrote: >>> >> I actually have a question for you, and Lubo; >> >> In the wpa_supplicant, Pre-association MAC random-ization is disabled >> per default: >> >> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 >> PreassocMacAddr >> Pre-association MAC address policy >> >> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n41 >> 8 >> # MAC address policy for pre-association operations (scanning, ANQP) >> # 0 = use permanent MAC address >> # 1 = use random MAC address >> # 2 = like 1, but maintain OUI (with local admin bit set) >> #preassoc_mac_addr=0 >> >> >> and the same was said, toward NetworkManager, in: >> >> https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS# >> n8 >> * Added an option to enable use of random MAC addresses for Wi-Fi >> access >> point scanning (defaults to disabled). Controlled with >> 'wifi.mac-address-randomization' property >> (MAC_ADDRESS_RANDOMIZATION key in >> ifcfg files). > > Yeah, this is wrong. I fixed it: > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e0e1c5916073deac49d27a9ee2343073f5fe552a > > > > >> -but- you said in: >> >> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 >> .html >> >> When NM detects support in wpa-supplicant, it always sets >> PreassocMacAddr to 1. This setting is only relevant during scanning, >> and thus NM *always* enables it. >> >> >> >> -and- as "published" by Lubo in: >> >> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin >> g-protection-in-wi-fi-networks >> >> What seems like a viable option is randomizing the MAC address while >> scanning, >> changing it every now and then, >> but still use the hard-wired MAC address for association and actual >> connectivity. [...] >> With the upcoming NetworkManager 1.2 we’re doing this too. [...] >> With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 >> or newer) we’re doing this too. >> >> >> >> Is not that, as mentioned in the NEWS, in fact MAC random-ization per >> connecting, not MAC random-ization per scanning!? > > You are right. > > > > >> That is, in the wpa_supplicant, Connection MAC random-ization: >> >> https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 >> MacAddr >> MAC address policy default >> >> https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n40 >> 5 >> # MAC address policy default >> # 0 = use permanent MAC address >> # 1 = use random MAC address for each ESS connection >> # 2 = like 1, but maintain OUI (with local admin bit set) >> # >> # By default, permanent MAC address is used unless policy is changed >> by >> # the per-network mac_addr parameter. Global mac_addr=1 can be used >> to >> # change this default behavior. >> #mac_addr=0 >> >> >> toward NetworkManager, what -you- said in: >> >> https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 >> .html >> >> The mac-address-randomization connection-setting on the other hand, >> configures the behavior while being connected. >> >> >> >> -and- as "published" by Lubo in: >> >> https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin >> g-protection-in-wi-fi-networks >> >> Could we randomize the permanent address too? >> We added option for that to NetworkManager 1.2 too, but are leaving >> it off. [...] >> >> >> >> What is what, and what is not!? :) >> > > > Hi poma, > > > yes, the NEWS file was wrong. > > Also, as we already found out, another mistake was that wpa-supplicant > support is not yet available in 2.4. It is currently only on master > (and will be in supplicant version 2.6) > -- unless we backport it, for which you opened a Fedora bug (thank > you). > > > Lubo's "but are leaving it off." statement means: > if you leave the per-connection setting wifi.mac-address-randomization > at "default", then the default means "off" > -- unless you overwrite it via a global default value in > /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. > > > > Does this resolve all unclarities? > Of course! Here's the answer to your question - "Why do you say that "rand-mac" does not work?" == Client == # cat /sys/class/net/wlp0s2f1u3/address 00:aa:bb:cc:dd:ee # journalctl -o cat -b -u NetworkManager ... NetworkManager[2125]: [[...]] platform: signal: link changed: 5: wlp0s2f1u3 mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver mt7601u NetworkManager[2125]: [[...]] platform: signal: link changed: 5: wlp0s2f1u3 mtu 1500 arp 1 wifi? init addrgenmode none addr 00:AA:BB:CC:DD:EE driver mt7601u NetworkManager[2125]: [[...]] platform: signal: link changed: 5: wlp0s2f1u3 mtu 1500 arp 1 wifi? init addrgenmode eui64 addr 00:AA:BB:CC:DD:EE driver mt7601u # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalct
Re: How to activate MAC address randomization?
On Sun, 2016-05-15 at 22:36 +0200, fo...@sciunto.org wrote: > Thank you Thomas for you quick reply. > > > > > > When you run wpa-supplicant via NetworkManager, NM configures the > > supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf > > still is used (depending on your configuration), I don't think it > > matters nor is does it sound right to do. > OK, so now, I commented these three options in wpa_supplicant.conf, > so > it's back to the default values. > > > > > > > > > > > For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, > > > I > > > put > > > mac-address-randomization=2 (I also empty mac-address at some > > > point). > > > > > > Then, I reload: systemctl reload wpa_supplicant && systemctl > > > reload > > > NetworkManager > > you can edit keyfiles in /etc/NetworkManager/system-connections, > > but > > afterwards you must issue `nmcli connection reload` -- not > > `systemctl > > reload`. The former reloads connections from disk, the latter > > reloads > > NetworkManager configuration. > > > > Well, whatever the details here... Lets just assume after editing > > the > > files you did sufficiently reload the involved components :) > Yes, I always reload both wpa_supplicant and NM before checking a > configuration. It might be overkill... :) > but I took this precaution. > Sorry, I made a typo also, I wanted to write systemctl restart, so > I'm > sure that the process is killed. > > > > > > > > > > to check the MAC address. I noticed that a first address > > > (different > > > to the > > > physical one) was attributed but before the connection was > > > established. > > You mean, during scanning it was randomized? That sounds right as > > NM > > always sets PreassocMacAddr=1 > Yes and yes. That was something positive to me. > > > > > > > > > > And > > > then, a second one corresponding to the physical one was used to > > > establish > > > the connection. Looking at journalctl -xn confirmed what I saw. > > > > > > I checked with > > > nmcli connection show TNCAP1CA11F > > > that the random field (802-11-wireless.mac-address-randomization) > > > was > > > on > > > "always". > > > > > > > > > I noticed that if I added a section [connection] in > > > /etc/NetworkManager/NetworkManager.conf with > > > wifi.mac-address-randomization=1 and in > > > /etc/NetworkManager/system-connections/TNCAP1CA11F, I put > > > mac-address-randomization=1, nmcli connection show TNCAP1CA11F > > > was on > > > "never". > > Editing [connection] section in > > /etc/NetworkManager/NetworkManager.conf > > allows you to configure default-values for connection properties. > > But those default values *only* take effect, when the value in the > > connection itself is set to "default". > > > > That is, if `nmcli connection show TNCAP1CA11F` gives "never" or > > "always", the default value is completely ignored, because the per- > > connection setting is preferred. > Sorry I was not clear here. Let me clarify the config in both files > and > the output of the command + the MAC address. > As I write, I redo the tests. > Case 1: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=0 > -> default and physical MAC address > > Case 2: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=1 > -> never and physical MAC address > > Case 3: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=2 > -> always and physical MAC address > > > If I comment the default option (ie I comment lines [connection] and > the > next line wifi.mac-address-randomization=1), case 1, 2 and 3, give > the > same results. > > The only thing I do not understand is why the mac address is not > randomized for cases 2 or 3, for an established connection? > Do you agree that my expectations are correct? Hi, don't get confused by the [connection] setting in /etc/NetworkManager/NetworkManger.conf. So, if you explicitly set the value per-connection, the default does not matter. If you want to test this, just set an explicit value to either "never" or "always". nmcli connection modify $CONNECTION \ 802-11-wireless.mac-address-randomization always DETAILS: As described in `man NetworkManager.conf`, [connection] allows you to overwrite the default-values for certain settings -- iff the setting is left unspecified in the corresponding per-connection setting. E.g. if your connection shows nmcli connection show $CONNECTION 802-11-wireless.mac-address-randomization:default then (and only then), NetworkManager will check whether the default value is overwritten in NetworkManager.conf. If also no default value is found in the [connection] section, it determines the default somehow different: - in case of wifi.mac-address-randomization the fallback value is "never" - in case of ipv6.ip6-privacy it reads /proc/sys/net/ipv6/conf/default/use_tempaddr - etc. Yes, if you want to enable randomization by def
Re: How to activate MAC address randomization?
On Thu, 2016-05-19 at 01:41 +0200, poma wrote: > On 18.05.2016 16:49, Thomas Haller wrote: > > > I actually have a question for you, and Lubo; > > In the wpa_supplicant, Pre-association MAC random-ization is disabled > per default: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 > PreassocMacAddr > Pre-association MAC address policy > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n41 > 8 > # MAC address policy for pre-association operations (scanning, ANQP) > # 0 = use permanent MAC address > # 1 = use random MAC address > # 2 = like 1, but maintain OUI (with local admin bit set) > #preassoc_mac_addr=0 > > > and the same was said, toward NetworkManager, in: > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS# > n8 > * Added an option to enable use of random MAC addresses for Wi-Fi > access > point scanning (defaults to disabled). Controlled with > 'wifi.mac-address-randomization' property > (MAC_ADDRESS_RANDOMIZATION key in > ifcfg files). Yeah, this is wrong. I fixed it: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=e0e1c5916073deac49d27a9ee2343073f5fe552a > -but- you said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 > .html > > When NM detects support in wpa-supplicant, it always sets > PreassocMacAddr to 1. This setting is only relevant during scanning, > and thus NM *always* enables it. > > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin > g-protection-in-wi-fi-networks > > What seems like a viable option is randomizing the MAC address while > scanning, > changing it every now and then, > but still use the hard-wired MAC address for association and actual > connectivity. [...] > With the upcoming NetworkManager 1.2 we’re doing this too. [...] > With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 > or newer) we’re doing this too. > > > > Is not that, as mentioned in the NEWS, in fact MAC random-ization per > connecting, not MAC random-ization per scanning!? You are right. > That is, in the wpa_supplicant, Connection MAC random-ization: > > https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 > MacAddr > MAC address policy default > > https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n40 > 5 > # MAC address policy default > # 0 = use permanent MAC address > # 1 = use random MAC address for each ESS connection > # 2 = like 1, but maintain OUI (with local admin bit set) > # > # By default, permanent MAC address is used unless policy is changed > by > # the per-network mac_addr parameter. Global mac_addr=1 can be used > to > # change this default behavior. > #mac_addr=0 > > > toward NetworkManager, what -you- said in: > > https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042 > .html > > The mac-address-randomization connection-setting on the other hand, > configures the behavior while being connected. > > > > -and- as "published" by Lubo in: > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-trackin > g-protection-in-wi-fi-networks > > Could we randomize the permanent address too? > We added option for that to NetworkManager 1.2 too, but are leaving > it off. [...] > > > > What is what, and what is not!? :) > Hi poma, yes, the NEWS file was wrong. Also, as we already found out, another mistake was that wpa-supplicant support is not yet available in 2.4. It is currently only on master (and will be in supplicant version 2.6) -- unless we backport it, for which you opened a Fedora bug (thank you). Lubo's "but are leaving it off." statement means: if you leave the per-connection setting wifi.mac-address-randomization at "default", then the default means "off" -- unless you overwrite it via a global default value in /etc/NetworkManager/NetworkManager.conf, see `man NetworkManager.conf`. Does this resolve all unclarities? Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/18/2016 02:25 PM, Dan Williams wrote: Randomization happens in the supplicant, and the supplicant also controls scanning. If randomization is enabled, the supplicant will change the MAC address before it scans, so this should not be a problem. Of course, if you run 'iw dev wlan0 scan' manually, that does not go through the supplicant, and you will leak your MAC. If you use NM's MAC cloning functionality, then yes, that might leak your MAC because that only clones the MAC address for the duration of the connection to a specific access point. It's not randomization, it's the same as ethernet MAC cloning. It does seem like a primary use case for randomization would be random addresses during scans only, and transition to chosen non-original addresses for connections (per-AP). The users and admins aren't going to think to themselves: "We're going to assign different addresses to these connections, so we're OK with the hardware address coming through." Not if they're using pre-connection randomization (which should be considered the operational norm by now). And its not that connection randomization isn't important, too. I just think that pre-connection randomization would work very well towards privacy if the 'randomization' were on a per-AP basis and not a per-session basis (the latter being less compatible with some institutional security schemes). Per-AP is more realistic and far more likely to be used. So I would like to know if NM can coordinate with supplicant well enough to transition the NIC between randomized pre-connection scanning and statically-spoofed connections without allowing the original address to be broadcast. If you're looking for a more generic MAC randomization feature that also works for ethernet, then yes that would be NM's responsibility. Internally NM would handle ethernet MAC randomization itself, but delegate to the supplicant for WiFi. Since the supplicant handles scanning, it must also handle WiFi MAC randomization to ensure synchronization of the changes. Dan Ethernet is probably not as pressing a concern because of the physical link aspect, but thanks for the insight. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 18.05.2016 16:49, Thomas Haller wrote: > On Wed, 2016-05-18 at 01:36 +0200, poma wrote: >> On 16.05.2016 23:07, Chris Laprise wrote: >>> >>> >>> >>> On 05/16/2016 12:03 PM, poma wrote: On 13.05.2016 00:16, Dan Williams wrote: > > On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: >> >> Hi, >> >> I just installed NetworkManager 1.2 in fedora 23 in the hopes >> that I >> can >> get mac randomization working. Only problem is there's no >> sign of a >> setting for this in nmcli or the applet. I found a reference >> to a >> setting on the NetworkManager.conf manpage which states: >> >> wifi.mac-address-randomization >> If left unspecified, MAC address randomization >> is >> disabled. > wpa_supplicant only gained the necessary functionality that > NetworkManager looks for back in late October 2015. It was > committed > after wpa_supplicant 2.5 but it appears there hasn't been a > release > since then. But once that happens, or if you build supplicant > version > from git, NM will begin to use that capability if you've enable > it in > the NM configuration. > > http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a > 3c9cc37743747 > > Dan > dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) >>> LOL, that's great. I hope this means the feature could land in >>> Fedora >>> 24, which has wpas 2.5. >>> >>> Chris >>> >> # grep rand /etc/NetworkManager/NetworkManager.conf >> wifi.mac-address-randomization=2 > > the value 2 here means ALWAYS: > > typedef enum { > »···NM_SETTING_MAC_RANDOMIZATION_DEFAULT = 0, > »···NM_SETTING_MAC_RANDOMIZATION_NEVER = 1, > »···NM_SETTING_MAC_RANDOMIZATION_ALWAYS = 2, > } NMSettingMacRandomization; > >> >> # nmcli connection show WiFiRd | grep rand >> 802-11-wireless.mac-address-randomization:default > > correct, so it is allowed to fallback to the global configuration > above. > > > > >> # journalctl -o cat -b -u NetworkManager | grep random >> NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: >> config: set MAC randomization to 1 > > here NM logs the value for the supplicant, that is supplicant's > "MacAddr" property, it is either 0 (no-rand) or 1 (randomization). > > This is not the numeric value 2 (from NMSettingMacRandomization). > > > So, above is correct and as expected (albeit confusing). > > >> The problem is that "rand-mac" does not work, >> tested with patched 2.5 and 2.6-devel, >> mt7601u and rt2800usb driven devices. > > Why do you say that "rand-mac" does not work? > > > > Thomas > I actually have a question for you, and Lubo; In the wpa_supplicant, Pre-association MAC random-ization is disabled per default: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n964 PreassocMacAddr Pre-association MAC address policy https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n418 # MAC address policy for pre-association operations (scanning, ANQP) # 0 = use permanent MAC address # 1 = use random MAC address # 2 = like 1, but maintain OUI (with local admin bit set) #preassoc_mac_addr=0 and the same was said, toward NetworkManager, in: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS#n8 * Added an option to enable use of random MAC addresses for Wi-Fi access point scanning (defaults to disabled). Controlled with 'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in ifcfg files). -but- you said in: https://mail.gnome.org/archives/networkmanager-list/2016-May/msg00042.html When NM detects support in wpa-supplicant, it always sets PreassocMacAddr to 1. This setting is only relevant during scanning, and thus NM *always* enables it. -and- as "published" by Lubo in: https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks What seems like a viable option is randomizing the MAC address while scanning, changing it every now and then, but still use the hard-wired MAC address for association and actual connectivity. [...] With the upcoming NetworkManager 1.2 we’re doing this too. [...] With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too. Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per scanning!? That is, in the wpa_supplicant, Connection MAC random-ization: https://w1.fi/cgit/hostap/tree/doc/dbus.doxygen#n954 MacAddr MAC address policy default https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf#n405 # MAC address policy default # 0 = use permanent MAC address # 1 = use random MAC address for each ESS connection # 2 = like 1, but maintain OUI (with local admin bit set) # # By default, permanent MAC address
Re: How to activate MAC address randomization?
On Wed, 2016-05-18 at 11:21 -0400, Chris Laprise wrote: > > On 05/18/2016 08:24 AM, poma wrote: > > > > On 18.05.2016 06:14, Chris Laprise wrote: > > > > > > > > > On 05/17/2016 07:36 PM, poma wrote: > > > > > > > > On 16.05.2016 23:07, Chris Laprise wrote: > > > > > > > > > > On 05/16/2016 12:03 PM, poma wrote: > > > > > > > > > > > > On 13.05.2016 00:16, Dan Williams wrote: > > > > > > > > > > > > > > On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > I just installed NetworkManager 1.2 in fedora 23 in the > > > > > > > > hopes that I > > > > > > > > can > > > > > > > > get mac randomization working. Only problem is there's > > > > > > > > no sign of a > > > > > > > > setting for this in nmcli or the applet. I found a > > > > > > > > reference to a > > > > > > > > setting on the NetworkManager.conf manpage which > > > > > > > > states: > > > > > > > > > > > > > > > > wifi.mac-address-randomization > > > > > > > > If left unspecified, MAC address > > > > > > > > randomization is > > > > > > > > disabled. > > > > > > > wpa_supplicant only gained the necessary functionality > > > > > > > that > > > > > > > NetworkManager looks for back in late October 2015. It > > > > > > > was committed > > > > > > > after wpa_supplicant 2.5 but it appears there hasn't been > > > > > > > a release > > > > > > > since then. But once that happens, or if you build > > > > > > > supplicant version > > > > > > > from git, NM will begin to use that capability if you've > > > > > > > enable it in > > > > > > > the NM configuration. > > > > > > > > > > > > > > http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d > > > > > > > 92ee3a3c9cc37743747 > > > > > > > > > > > > > > Dan > > > > > > > > > > > > > dbus: Expose interface globals via D-Bus properties - 2.5 > > > > > > backport > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1336495 > > > > > > > > > > > > Professor, your patch your move ;) > > > > > LOL, that's great. I hope this means the feature could land > > > > > in Fedora > > > > > 24, which has wpas 2.5. > > > > > > > > > > Chris > > > > > > > > > # grep rand /etc/NetworkManager/NetworkManager.conf > > > > wifi.mac-address-randomization=2 > > > > > > > > # nmcli connection show WiFiRd | grep rand > > > > 802-11-wireless.mac-address-randomization:default > > > > > > > > # journalctl -o cat -b -u NetworkManager | grep random > > > > NetworkManager[2081]: [...] sup- > > > > iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 > > > > > > > > > > > > The problem is that "rand-mac" does not work, > > > > tested with patched 2.5 and 2.6-devel, > > > > mt7601u and rt2800usb driven devices. > > > > > > > Does this leave us with fully functional pre-connection > > > randomization > > > anyway? I would define 'full function' as the original mac addr > > > not > > > being broadcast when Network Manager scans then connects using > > > either of > > > the following: > > > > > > 1. A random address for any target AP > > > 2. A static spoofed address for a predefined NM connection > > > > > > The second case, at least, puts control of disclosure of the > > > original > > > 'hardware' address in the hands of the user. That is a big step > > > in the > > > right direction. > > > > > > I would also like to know if the second case is already possible > > > with > > > the current unpatched releases of nm and wpas. > > > > > > Many thanks, > > > Chris > > > > > 2nd - 'cloned-mac-address' is there, if not from the very beginning > My concern here is just that some implementation detail will cause > the > original address to be announced anyway. For instance, mac addresses > have a habit of reverting to original when waking a system from > sleep. > Conceivably, a scan could take place with original address before > connection is re-established using assigned address. Randomization happens in the supplicant, and the supplicant also controls scanning. If randomization is enabled, the supplicant will change the MAC address before it scans, so this should not be a problem. Of course, if you run 'iw dev wlan0 scan' manually, that does not go through the supplicant, and you will leak your MAC. If you use NM's MAC cloning functionality, then yes, that might leak your MAC because that only clones the MAC address for the duration of the connection to a specific access point. It's not randomization, it's the same as ethernet MAC cloning. > So, a static spoofing function written for past use cases (which > didn't > grapple with concealment) may be different than a spoofing function > that > works to conceal original addresses. > > > > > > > 1st - 'mac-address-randomization' i.e. "dynamic" version of the > > 2nd, > > works like this - observing 'watch -n.1 macchanger -s > > wlp0s2f1u3' > > it randomizes "Current MAC" value, > > e.g. > > Current MAC: ea:1q:3w:z
Re: How to activate MAC address randomization?
On 05/18/2016 08:24 AM, poma wrote: On 18.05.2016 06:14, Chris Laprise wrote: On 05/17/2016 07:36 PM, poma wrote: On 16.05.2016 23:07, Chris Laprise wrote: On 05/16/2016 12:03 PM, poma wrote: On 13.05.2016 00:16, Dan Williams wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) LOL, that's great. I hope this means the feature could land in Fedora 24, which has wpas 2.5. Chris # grep rand /etc/NetworkManager/NetworkManager.conf wifi.mac-address-randomization=2 # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalctl -o cat -b -u NetworkManager | grep random NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 The problem is that "rand-mac" does not work, tested with patched 2.5 and 2.6-devel, mt7601u and rt2800usb driven devices. Does this leave us with fully functional pre-connection randomization anyway? I would define 'full function' as the original mac addr not being broadcast when Network Manager scans then connects using either of the following: 1. A random address for any target AP 2. A static spoofed address for a predefined NM connection The second case, at least, puts control of disclosure of the original 'hardware' address in the hands of the user. That is a big step in the right direction. I would also like to know if the second case is already possible with the current unpatched releases of nm and wpas. Many thanks, Chris 2nd - 'cloned-mac-address' is there, if not from the very beginning My concern here is just that some implementation detail will cause the original address to be announced anyway. For instance, mac addresses have a habit of reverting to original when waking a system from sleep. Conceivably, a scan could take place with original address before connection is re-established using assigned address. So, a static spoofing function written for past use cases (which didn't grapple with concealment) may be different than a spoofing function that works to conceal original addresses. 1st - 'mac-address-randomization' i.e. "dynamic" version of the 2nd, works like this - observing 'watch -n.1 macchanger -s wlp0s2f1u3' it randomizes "Current MAC" value, e.g. Current MAC: ea:1q:3w:z5:y8:ae <= Permanent MAC: 00:11:22:33:44:55 but during connection attempts it returns to the original - "Permanent MAC" value, e.g. Current MAC: 00:11:22:33:44:55 <= Permanent MAC: 00:11:22:33:44:55 But not quite simply a dynamic version of NM cloning, as NM didn't use macchanger. How hard would it be to move random number code into NM? Then it could have the same reliability as spoofing with a static address. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Wed, 2016-05-18 at 01:36 +0200, poma wrote: > On 16.05.2016 23:07, Chris Laprise wrote: > > > > > > > > On 05/16/2016 12:03 PM, poma wrote: > > > > > > On 13.05.2016 00:16, Dan Williams wrote: > > > > > > > > On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > > > > > > > > > > Hi, > > > > > > > > > > I just installed NetworkManager 1.2 in fedora 23 in the hopes > > > > > that I > > > > > can > > > > > get mac randomization working. Only problem is there's no > > > > > sign of a > > > > > setting for this in nmcli or the applet. I found a reference > > > > > to a > > > > > setting on the NetworkManager.conf manpage which states: > > > > > > > > > > wifi.mac-address-randomization > > > > > If left unspecified, MAC address randomization > > > > > is > > > > > disabled. > > > > wpa_supplicant only gained the necessary functionality that > > > > NetworkManager looks for back in late October 2015. It was > > > > committed > > > > after wpa_supplicant 2.5 but it appears there hasn't been a > > > > release > > > > since then. But once that happens, or if you build supplicant > > > > version > > > > from git, NM will begin to use that capability if you've enable > > > > it in > > > > the NM configuration. > > > > > > > > http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a > > > > 3c9cc37743747 > > > > > > > > Dan > > > > > > > dbus: Expose interface globals via D-Bus properties - 2.5 > > > backport > > > https://bugzilla.redhat.com/show_bug.cgi?id=1336495 > > > > > > Professor, your patch your move ;) > > LOL, that's great. I hope this means the feature could land in > > Fedora > > 24, which has wpas 2.5. > > > > Chris > > > # grep rand /etc/NetworkManager/NetworkManager.conf > wifi.mac-address-randomization=2 the value 2 here means ALWAYS: typedef enum { »···NM_SETTING_MAC_RANDOMIZATION_DEFAULT = 0, »···NM_SETTING_MAC_RANDOMIZATION_NEVER = 1, »···NM_SETTING_MAC_RANDOMIZATION_ALWAYS = 2, } NMSettingMacRandomization; > > # nmcli connection show WiFiRd | grep rand > 802-11-wireless.mac-address-randomization:default correct, so it is allowed to fallback to the global configuration above. > # journalctl -o cat -b -u NetworkManager | grep random > NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: > config: set MAC randomization to 1 here NM logs the value for the supplicant, that is supplicant's "MacAddr" property, it is either 0 (no-rand) or 1 (randomization). This is not the numeric value 2 (from NMSettingMacRandomization). So, above is correct and as expected (albeit confusing). > The problem is that "rand-mac" does not work, > tested with patched 2.5 and 2.6-devel, > mt7601u and rt2800usb driven devices. Why do you say that "rand-mac" does not work? Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 18.05.2016 06:14, Chris Laprise wrote: > > > On 05/17/2016 07:36 PM, poma wrote: >> On 16.05.2016 23:07, Chris Laprise wrote: >>> >>> On 05/16/2016 12:03 PM, poma wrote: On 13.05.2016 00:16, Dan Williams wrote: > On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: >> Hi, >> >> I just installed NetworkManager 1.2 in fedora 23 in the hopes that I >> can >> get mac randomization working. Only problem is there's no sign of a >> setting for this in nmcli or the applet. I found a reference to a >> setting on the NetworkManager.conf manpage which states: >> >> wifi.mac-address-randomization >> If left unspecified, MAC address randomization is >> disabled. > wpa_supplicant only gained the necessary functionality that > NetworkManager looks for back in late October 2015. It was committed > after wpa_supplicant 2.5 but it appears there hasn't been a release > since then. But once that happens, or if you build supplicant version > from git, NM will begin to use that capability if you've enable it in > the NM configuration. > > http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 > > Dan > dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) >>> LOL, that's great. I hope this means the feature could land in Fedora >>> 24, which has wpas 2.5. >>> >>> Chris >>> >> # grep rand /etc/NetworkManager/NetworkManager.conf >> wifi.mac-address-randomization=2 >> >> # nmcli connection show WiFiRd | grep rand >> 802-11-wireless.mac-address-randomization:default >> >> # journalctl -o cat -b -u NetworkManager | grep random >> NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: config: set >> MAC randomization to 1 >> >> >> The problem is that "rand-mac" does not work, >> tested with patched 2.5 and 2.6-devel, >> mt7601u and rt2800usb driven devices. >> > Does this leave us with fully functional pre-connection randomization > anyway? I would define 'full function' as the original mac addr not > being broadcast when Network Manager scans then connects using either of > the following: > > 1. A random address for any target AP > 2. A static spoofed address for a predefined NM connection > > The second case, at least, puts control of disclosure of the original > 'hardware' address in the hands of the user. That is a big step in the > right direction. > > I would also like to know if the second case is already possible with > the current unpatched releases of nm and wpas. > > Many thanks, > Chris > 2nd - 'cloned-mac-address' is there, if not from the very beginning 1st - 'mac-address-randomization' i.e. "dynamic" version of the 2nd, works like this - observing 'watch -n.1 macchanger -s wlp0s2f1u3' it randomizes "Current MAC" value, e.g. Current MAC: ea:1q:3w:z5:y8:ae <= Permanent MAC: 00:11:22:33:44:55 but during connection attempts it returns to the original - "Permanent MAC" value, e.g. Current MAC: 00:11:22:33:44:55 <= Permanent MAC: 00:11:22:33:44:55 ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/17/2016 07:36 PM, poma wrote: On 16.05.2016 23:07, Chris Laprise wrote: On 05/16/2016 12:03 PM, poma wrote: On 13.05.2016 00:16, Dan Williams wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) LOL, that's great. I hope this means the feature could land in Fedora 24, which has wpas 2.5. Chris # grep rand /etc/NetworkManager/NetworkManager.conf wifi.mac-address-randomization=2 # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalctl -o cat -b -u NetworkManager | grep random NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 The problem is that "rand-mac" does not work, tested with patched 2.5 and 2.6-devel, mt7601u and rt2800usb driven devices. Does this leave us with fully functional pre-connection randomization anyway? I would define 'full function' as the original mac addr not being broadcast when Network Manager scans then connects using either of the following: 1. A random address for any target AP 2. A static spoofed address for a predefined NM connection The second case, at least, puts control of disclosure of the original 'hardware' address in the hands of the user. That is a big step in the right direction. I would also like to know if the second case is already possible with the current unpatched releases of nm and wpas. Many thanks, Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 16.05.2016 23:07, Chris Laprise wrote: > > > On 05/16/2016 12:03 PM, poma wrote: >> On 13.05.2016 00:16, Dan Williams wrote: >>> On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. >>> wpa_supplicant only gained the necessary functionality that >>> NetworkManager looks for back in late October 2015. It was committed >>> after wpa_supplicant 2.5 but it appears there hasn't been a release >>> since then. But once that happens, or if you build supplicant version >>> from git, NM will begin to use that capability if you've enable it in >>> the NM configuration. >>> >>> http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 >>> >>> Dan >>> >> dbus: Expose interface globals via D-Bus properties - 2.5 backport >> https://bugzilla.redhat.com/show_bug.cgi?id=1336495 >> >> Professor, your patch your move ;) > > LOL, that's great. I hope this means the feature could land in Fedora > 24, which has wpas 2.5. > > Chris > # grep rand /etc/NetworkManager/NetworkManager.conf wifi.mac-address-randomization=2 # nmcli connection show WiFiRd | grep rand 802-11-wireless.mac-address-randomization:default # journalctl -o cat -b -u NetworkManager | grep random NetworkManager[2081]: [...] sup-iface[[...],wlp0s2f1u3]: config: set MAC randomization to 1 The problem is that "rand-mac" does not work, tested with patched 2.5 and 2.6-devel, mt7601u and rt2800usb driven devices. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/16/2016 12:03 PM, poma wrote: On 13.05.2016 00:16, Dan Williams wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) LOL, that's great. I hope this means the feature could land in Fedora 24, which has wpas 2.5. Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 13.05.2016 00:16, Dan Williams wrote: > On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: >> Hi, >> >> I just installed NetworkManager 1.2 in fedora 23 in the hopes that I >> can >> get mac randomization working. Only problem is there's no sign of a >> setting for this in nmcli or the applet. I found a reference to a >> setting on the NetworkManager.conf manpage which states: >> >> wifi.mac-address-randomization >> If left unspecified, MAC address randomization is >> disabled. > > wpa_supplicant only gained the necessary functionality that > NetworkManager looks for back in late October 2015. It was committed > after wpa_supplicant 2.5 but it appears there hasn't been a release > since then. But once that happens, or if you build supplicant version > from git, NM will begin to use that capability if you've enable it in > the NM configuration. > > http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 > > Dan > dbus: Expose interface globals via D-Bus properties - 2.5 backport https://bugzilla.redhat.com/show_bug.cgi?id=1336495 Professor, your patch your move ;) ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
Thank you Thomas for you quick reply. > When you run wpa-supplicant via NetworkManager, NM configures the > supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf > still is used (depending on your configuration), I don't think it > matters nor is does it sound right to do. OK, so now, I commented these three options in wpa_supplicant.conf, so it's back to the default values. >> For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I >> put >> mac-address-randomization=2 (I also empty mac-address at some point). >> >> Then, I reload: systemctl reload wpa_supplicant && systemctl reload >> NetworkManager > you can edit keyfiles in /etc/NetworkManager/system-connections, but > afterwards you must issue `nmcli connection reload` -- not `systemctl > reload`. The former reloads connections from disk, the latter reloads > NetworkManager configuration. > > Well, whatever the details here... Lets just assume after editing the > files you did sufficiently reload the involved components :) Yes, I always reload both wpa_supplicant and NM before checking a configuration. It might be overkill... :) but I took this precaution. Sorry, I made a typo also, I wanted to write systemctl restart, so I'm sure that the process is killed. >> to check the MAC address. I noticed that a first address (different >> to the >> physical one) was attributed but before the connection was >> established. > You mean, during scanning it was randomized? That sounds right as NM > always sets PreassocMacAddr=1 Yes and yes. That was something positive to me. > >> And >> then, a second one corresponding to the physical one was used to >> establish >> the connection. Looking at journalctl -xn confirmed what I saw. >> >> I checked with >> nmcli connection show TNCAP1CA11F >> that the random field (802-11-wireless.mac-address-randomization) was >> on >> "always". >> >> >> I noticed that if I added a section [connection] in >> /etc/NetworkManager/NetworkManager.conf with >> wifi.mac-address-randomization=1 and in >> /etc/NetworkManager/system-connections/TNCAP1CA11F, I put >> mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on >> "never". > Editing [connection] section in /etc/NetworkManager/NetworkManager.conf > allows you to configure default-values for connection properties. > But those default values *only* take effect, when the value in the > connection itself is set to "default". > > That is, if `nmcli connection show TNCAP1CA11F` gives "never" or > "always", the default value is completely ignored, because the per- > connection setting is preferred. Sorry I was not clear here. Let me clarify the config in both files and the output of the command + the MAC address. As I write, I redo the tests. Case 1: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=0 -> default and physical MAC address Case 2: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=1 -> never and physical MAC address Case 3: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=2 -> always and physical MAC address If I comment the default option (ie I comment lines [connection] and the next line wifi.mac-address-randomization=1), case 1, 2 and 3, give the same results. The only thing I do not understand is why the mac address is not randomized for cases 2 or 3, for an established connection? Do you agree that my expectations are correct? > > For the default-value to be used, `nmcli connection show TNCAP1CA11F` > must show you "mac-address-randomzation=default". > I agree. > You say that you edit various files, but beware that you have to reload > stuff afterwards. > For that reason, it's simpler you just do > > nmcli connection modify TNCAP1CA11F \ > 802-11-wireless.mac-address-randomization default > > > -- note that after changing a connection, you must always re-activate > the connection to take effect. > > (that is, `nmcli connection up TNCAP1CA11F`). As said above, I restart(ed) wpa_supp and nm with systemctl. Then, I always check that nm-applet is connected to that SSID before reading the mac address. I also tried your solution but it is the same as we may guess. I probably miss something stupid as it seems to work for you. Thanks. -- François Boulogne. http://www.sciunto.org GPG: 32D5F22F ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Sun, 2016-05-15 at 19:28 +, François Boulogne wrote: > Hi, Hi, > I also tried on my side and it didn't work. Here are the details. I'm > using > archlinux and I compiled wpa_supplicant from git (cloned today). I'm > using > networkmanager 1.2.2. > > In /etc/wpa_supplicant/wpa_supplicant.conf, When you run wpa-supplicant via NetworkManager, NM configures the supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf still is used (depending on your configuration), I don't think it matters nor is does it sound right to do. > I turned the options (mac_addr > (x2) and preassoc_mac_addr) to 1 or 2. When NM detects support in wpa-supplicant, it always sets PreassocMacAddr to 1. This setting is only relevant during scanning, and thus NM *always* enables it. The mac-address-randomization connection-setting on the other hand, configures the behavior while being connected. > For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I > put > mac-address-randomization=2 (I also empty mac-address at some point). > > Then, I reload: systemctl reload wpa_supplicant && systemctl reload > NetworkManager you can edit keyfiles in /etc/NetworkManager/system-connections, but afterwards you must issue `nmcli connection reload` -- not `systemctl reload`. The former reloads connections from disk, the latter reloads NetworkManager configuration. Well, whatever the details here... Lets just assume after editing the files you did sufficiently reload the involved components :) > > Simultaneously, I used > > watch ip addr show wlp3s0 > to check the MAC address. I noticed that a first address (different > to the > physical one) was attributed but before the connection was > established. You mean, during scanning it was randomized? That sounds right as NM always sets PreassocMacAddr=1 > And > then, a second one corresponding to the physical one was used to > establish > the connection. Looking at journalctl -xn confirmed what I saw. > > I checked with > nmcli connection show TNCAP1CA11F > that the random field (802-11-wireless.mac-address-randomization) was > on > "always". > > > I noticed that if I added a section [connection] in > /etc/NetworkManager/NetworkManager.conf with > wifi.mac-address-randomization=1 and in > /etc/NetworkManager/system-connections/TNCAP1CA11F, I put > mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on > "never". Editing [connection] section in /etc/NetworkManager/NetworkManager.conf allows you to configure default-values for connection properties. But those default values *only* take effect, when the value in the connection itself is set to "default". That is, if `nmcli connection show TNCAP1CA11F` gives "never" or "always", the default value is completely ignored, because the per- connection setting is preferred. For the default-value to be used, `nmcli connection show TNCAP1CA11F` must show you "mac-address-randomzation=default". (as explained in `man NetworkManager.conf`). You say that you edit various files, but beware that you have to reload stuff afterwards. For that reason, it's simpler you just do nmcli connection modify TNCAP1CA11F \ 802-11-wireless.mac-address-randomization default -- note that after changing a connection, you must always re-activate the connection to take effect. (that is, `nmcli connection up TNCAP1CA11F`). > I'm puzzled with this. I have no clue where I can be wrong. The doc > of both > projects didn't help me much on that. I also tried different > combinations of > option, without any success. Any thought? Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
Hi, I also tried on my side and it didn't work. Here are the details. I'm using archlinux and I compiled wpa_supplicant from git (cloned today). I'm using networkmanager 1.2.2. In /etc/wpa_supplicant/wpa_supplicant.conf, I turned the options (mac_addr (x2) and preassoc_mac_addr) to 1 or 2. For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I put mac-address-randomization=2 (I also empty mac-address at some point). Then, I reload: systemctl reload wpa_supplicant && systemctl reload NetworkManager Simultaneously, I used watch ip addr show wlp3s0 to check the MAC address. I noticed that a first address (different to the physical one) was attributed but before the connection was established. And then, a second one corresponding to the physical one was used to establish the connection. Looking at journalctl -xn confirmed what I saw. I checked with nmcli connection show TNCAP1CA11F that the random field (802-11-wireless.mac-address-randomization) was on "always". I noticed that if I added a section [connection] in /etc/NetworkManager/NetworkManager.conf with wifi.mac-address-randomization=1 and in /etc/NetworkManager/system-connections/TNCAP1CA11F, I put mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on "never". I'm puzzled with this. I have no clue where I can be wrong. The doc of both projects didn't help me much on that. I also tried different combinations of option, without any success. Any thought? Thank you. François ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 13.05.2016 17:37, Chris Laprise wrote: > > > On 05/12/2016 06:16 PM, Dan Williams wrote: >> On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: >>> Hi, >>> >>> I just installed NetworkManager 1.2 in fedora 23 in the hopes that I >>> can >>> get mac randomization working. Only problem is there's no sign of a >>> setting for this in nmcli or the applet. I found a reference to a >>> setting on the NetworkManager.conf manpage which states: >>> >>> wifi.mac-address-randomization >>> If left unspecified, MAC address randomization is >>> disabled. >> wpa_supplicant only gained the necessary functionality that >> NetworkManager looks for back in late October 2015. It was committed >> after wpa_supplicant 2.5 but it appears there hasn't been a release >> since then. But once that happens, or if you build supplicant version >> from git, NM will begin to use that capability if you've enable it in >> the NM configuration. >> >> http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 >> >> Dan >> > > So there is no current release of wpa_supplicant that supports the > randomization feature? > > According to Lubomir Rintel and Michael Biebl the feature was released > in 2.4. > > https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks/ > > Chris - Add support for using random local MAC address https://w1.fi/cgit/hostap/commit/wpa_supplicant/wpa_supplicant.conf?id=c267753 -is- part of >= wpa_supplicant 2.4 https://w1.fi/cgit/hostap/tree/wpa_supplicant/wpa_supplicant.conf?id=918803 - hostapd/wpa_supplicant 2.4 https://w1.fi/cgit/hostap/tag/?h=hostap_2_4 - Change version information for the 2.4 release https://w1.fi/cgit/hostap/commit/?id=918803 but Williams speaks of the necessary elements to do so in the context, "D-BUS is a system for sending messages between applications. ..." - dbus: Expose interface globals via D-Bus properties https://w1.fi/cgit/hostap/commit/?id=e50c50d ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 05/12/2016 06:16 PM, Dan Williams wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan So there is no current release of wpa_supplicant that supports the randomization feature? According to Lubomir Rintel and Michael Biebl the feature was released in 2.4. https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks/ Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > Hi, > > I just installed NetworkManager 1.2 in fedora 23 in the hopes that I > can > get mac randomization working. Only problem is there's no sign of a > setting for this in nmcli or the applet. I found a reference to a > setting on the NetworkManager.conf manpage which states: > > wifi.mac-address-randomization > If left unspecified, MAC address randomization is > disabled. wpa_supplicant only gained the necessary functionality that NetworkManager looks for back in late October 2015. It was committed after wpa_supplicant 2.5 but it appears there hasn't been a release since then. But once that happens, or if you build supplicant version from git, NM will begin to use that capability if you've enable it in the NM configuration. http://w1.fi/cgit/hostap/commit/?id=e50c50d5a090a6a52af6d92ee3a3c9cc37743747 Dan ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On 04/29/2016 09:07 PM, Thomas Haller wrote: On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. But its not clear what range of values should be specified here. The nm-settings manpage suggests this is a valid way to turn on randomization: [connection] wifi.mac-address-randomization=2 ...in /etc/NetworkManager/NetworkManager.conf However, it has no effect. I'm not sure what I'm missing here. Hi, How can you tell that it has no effect? Hi, I can tell its not randomizing when I check the address from ifconfig or 'macchanger -s'. The original address is shown. Setting default values in /etc/NetworkManager/NetworkManager.conf would work, for that you need to leave the per-connection value at "default". After editing the connection, you must always reload with `killall -SIGHUP NetworkManager`. So if my NetworkManager.conf looks like the following, it should work...? [main] plugins=keyfile [connection] wifi.mac-address-randomization=2 [logging] #level=DEBUG [keyfile] unmanaged-devices=mac:fe:ff:ff:ff:ff:ff The 'unmanaged' line is a reference to Qubes virtual interfaces; it should have no bearing on wifi. mac-address-randomization requires support by Hardware and wpa- supplicant. On Fedora23 I get a failure and the logfile reads: device (wlp3s0): Activation: (wifi) couldn't build wireless configuration: 802-11-wireless: cannot enable mac-randomization due to missing supplicant support Which log... dmesg or journalctl NetworkManager.service ? The version of wpa_supplicant I have in f23 is 2.4. This should support the feature. But I think you're implying that iwlwifi and/or the hardware are also a factor. What would be helpful is a list of hardware and driver versions that are known to work with randomization. Thomas Thanks, Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > Hi, > > I just installed NetworkManager 1.2 in fedora 23 in the hopes that I > can > get mac randomization working. Only problem is there's no sign of a > setting for this in nmcli or the applet. I found a reference to a > setting on the NetworkManager.conf manpage which states: > > wifi.mac-address-randomization > If left unspecified, MAC address randomization is > disabled. > > But its not clear what range of values should be specified here. The > nm-settings manpage suggests this is a valid way to turn on > randomization: > > > > > [connection] > > wifi.mac-address-randomization=2 > ...in /etc/NetworkManager/NetworkManager.conf > > However, it has no effect. I'm not sure what I'm missing here. Hi, How can you tell that it has no effect? See `man nm-settings`, or $ nmcli connection edit $WIFI_CONNECTION > describe wifi.mac-address-randomization Verify the setting with $ nmcli connection show $WIFI_CONNECTION Setting default values in /etc/NetworkManager/NetworkManager.conf would work, for that you need to leave the per-connection value at "default". After editing the connection, you must always reload with `killall -SIGHUP NetworkManager`. mac-address-randomization requires support by Hardware and wpa- supplicant. On Fedora23 I get a failure and the logfile reads: device (wlp3s0): Activation: (wifi) couldn't build wireless configuration: 802-11-wireless: cannot enable mac-randomization due to missing supplicant support Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to activate MAC address randomization?
On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote: > > Hi, > > I just installed NetworkManager 1.2 in fedora 23 in the hopes that I > can > get mac randomization working. Only problem is there's no sign of a > setting for this in nmcli or the applet. I found a reference to a > setting on the NetworkManager.conf manpage which states: > > wifi.mac-address-randomization > If left unspecified, MAC address randomization is > disabled. > > But its not clear what range of values should be specified here. The > nm-settings manpage suggests this is a valid way to turn on > randomization: > > > > > > > [connection] > > wifi.mac-address-randomization=2 > ...in /etc/NetworkManager/NetworkManager.conf > > However, it has no effect. I'm not sure what I'm missing here. Hi, How can you tell that it has no effect? See `man nm-settings`, or $ nmcli connection edit $WIFI_CONNECTION > describe wifi.mac-address-randomization Verify the setting with $ nmcli connection show $WIFI_CONNECTION Setting default values in /etc/NetworkManager/NetworkManager.conf would work, for that you need to leave the per-connection value at "default". After editing the connection, you must always reload with `killall -SIGHUP NetworkManager`. mac-address-randomization requires support by Hardware and wpa- supplicant. On Fedora23 I get a failure and the logfile reads: device (wlp3s0): Activation: (wifi) couldn't build wireless configuration: 802-11-wireless: cannot enable mac-randomization due to missing supplicant support Thomas signature.asc Description: This is a digitally signed message part ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
How to activate MAC address randomization?
Hi, I just installed NetworkManager 1.2 in fedora 23 in the hopes that I can get mac randomization working. Only problem is there's no sign of a setting for this in nmcli or the applet. I found a reference to a setting on the NetworkManager.conf manpage which states: wifi.mac-address-randomization If left unspecified, MAC address randomization is disabled. But its not clear what range of values should be specified here. The nm-settings manpage suggests this is a valid way to turn on randomization: [connection] wifi.mac-address-randomization=2 ...in /etc/NetworkManager/NetworkManager.conf However, it has no effect. I'm not sure what I'm missing here. Regards, Chris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list