You are not logged in.

Pages: 1

#1 2026-01-31 16:10:06

fabullo
Member
Registered: 2026-01-29
Posts: 6

NetworkManager.conf help

Hi

It seems I learned documentation of NetworkManager.

And, can you please check whether i am doing right, because it is first time i ever change something like this.

Here is what i drafted:

[main]
hostname-mode=none

[connection]
connection.stable-id="${RANDOM}"
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv4.dhcp-client-id=stable
ipv6.dhcp-duid=stable-uuid
ipv6.addr-gen-mode=stable-privacy
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no
generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00

Last one should deceive networks that it is "real" MAC, not randomized since captive can demand real OUI and i don't feel comfortable revealing my brand, let alone MAC

My idea to hide myself from public networks. I already enabled random MAC, but i see that machine-idused in DHCP ID, which can be used to track me. So i wonder if this config will help me WITHOUT constant rotation of machine-id.

Some guides in internet says i should put `ipv4.dhcp-client-id=mac` but won't it kill all the purpose of hiding?

Last edited by fabullo (2026-01-31 16:11:04)

Offline

#2 2026-01-31 17:00:47

jasper_e
Member
From: Area 51
Registered: 2026-01-31
Posts: 6

Re: NetworkManager.conf help

pretty nice conf - i would like to point out a few thing i see here
first off, in connection.stable-id="${RANDOM}" -  conf is not shell script, so "${RANDOM}" will literally be a string - not random numbers. so u could set that value to simply random. it will work but it will jsut set a random string and not change it upon boot. so u could do it manually or use a custom systemd service - sounds scary but its actually ez to create.

then, just remove ipv4.dhcp-client-id=stable, let netman autogen it - cuz stable CAN be used to track you across networks - yk its derived from macid

ipv6.dhcp-duid=stable-uuid is a nice one, but for maximum protection ipv6.dhcp-duid=random.

before i continue - i must hats off, generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00 IS TOO GOOD!

also to be fully anonymous on public wifi ? - whonix, tails, or tor are goat. but jsut an addon cuz ur never truly private on public wifi no matter ur netman conf. jsut sayin

but its good

also yeah ipv4.dhcp-client-id=mac is stupid straight up

hope i helped, reply if u need any help

go make the world a better place - money is insignificant as long as there is humanity, foss, and community

Offline

#3 2026-01-31 17:37:52

fabullo
Member
Registered: 2026-01-29
Posts: 6

Re: NetworkManager.conf help

jasper_e wrote:

then, just remove ipv4.dhcp-client-id=stable, let netman autogen it - cuz stable CAN be used to track you across networks - yk its derived from macid

ipv6.dhcp-duid=stable-uuid is a nice one, but for maximum protection ipv6.dhcp-duid=random.


Many thanks!


So for now fixed one:

[main]
hostname-mode=none

[connection]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv6.dhcp-duid=random
ipv6.addr-gen-mode=stable-privacy
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no
generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00

ipv4.dhcp-client-id=stable removed, so it means it is random now?

P.S: it is not about anonymity. It is about like door in bathroom. I am not CIA agent to go with WHONIX, but i still don't want networks to track me.

Offline

#4 2026-01-31 22:06:21

Bangkah
Member
From: Aceh, Indonesia
Registered: 2026-01-31
Posts: 5
Website

Re: NetworkManager.conf help

Hi fabullo and jasper_e,

Thanks for sharing your configs and tips! I’m also experimenting with NetworkManager settings to reduce device tracking on public networks.

I noticed your current config randomizes MAC addresses and IPv6 DUID, which seems really effective. I just wanted to ask:

For generate-mac-address-mask, is there any risk of breaking connectivity on certain captive portals?

Do you think keeping ipv6.addr-gen-mode=stable-privacy is fine, or should I switch to random for maximum privacy?

I’m not looking for complete anonymity, just trying to minimize tracking in cafes/public Wi-Fi. Would love to hear your thoughts!

Thanks in advance!

Linux enthusiast | Arch user | Learning by building real projects

Offline

#5 2026-02-01 03:44:42

fabullo
Member
Registered: 2026-01-29
Posts: 6

Re: NetworkManager.conf help

Bangkah wrote:

For generate-mac-address-mask, is there any risk of breaking connectivity on certain captive portals?

Do you think keeping ipv6.addr-gen-mode=stable-privacy is fine, or should I switch to random for maximum privacy?

Regarding ipv6 - I am trying to understand this too


generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00 it is better than without. Without captive portal see random mac and can ban it. This spoofs like real one

OUI list you can get here: https://raw.githubusercontent.com/idoCo … in/oui.txt

Also, i didn't test but some guides says that something like ipv4.dhcp-client-id=mac is mac that randomised by ethernet.cloned-mac-address=random / wifi.cloned-mac-address=random. But i am not sure. I will be very pleased if someone check

Offline

#6 2026-02-01 04:12:42

fabullo
Member
Registered: 2026-01-29
Posts: 6

Re: NetworkManager.conf help

I also found this mentions via dorks... (not sure about them)

ipv4.dhcp-client-id=stable-${RANDOM}
connection.stable-id=${CONNECTION}/${BOOT}/${RANDOM}

# Optional: force new random stable-id on every boot
connection.stable-id=${BOOT}

# MOST interesting -->
# Claimed as "MAC-based client-id/IAID" replacement of machine-id derived values
# MEANS identifiers change together with randomized MAC???
ipv4.dhcp-client-id=mac
ipv4.dhcp-iaid=mac
ipv6.dhcp-duid=ll

Offline

#7 2026-02-01 09:55:36

jasper_e
Member
From: Area 51
Registered: 2026-01-31
Posts: 6

Re: NetworkManager.conf help

fabullo wrote:

ipv4.dhcp-client-id=stable removed, so it means it is random now?

Yup, the randomness of dhcp = the randomness of mac and 

wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random

ensures it

go make the world a better place - money is insignificant as long as there is humanity, foss, and community

Offline

#8 2026-02-01 10:02:21

jasper_e
Member
From: Area 51
Registered: 2026-01-31
Posts: 6

Re: NetworkManager.conf help

Bangkah wrote:

Hi fabullo and jasper_e,

Thanks for sharing your configs and tips! I’m also experimenting with NetworkManager settings to reduce device tracking on public networks.

I noticed your current config randomizes MAC addresses and IPv6 DUID, which seems really effective. I just wanted to ask:

For generate-mac-address-mask, is there any risk of breaking connectivity on certain captive portals?

Do you think keeping ipv6.addr-gen-mode=stable-privacy is fine, or should I switch to random for maximum privacy?

I’m not looking for complete anonymity, just trying to minimize tracking in cafes/public Wi-Fi. Would love to hear your thoughts!

Thanks in advance!


Good question, u see with a mask like FF:FF:FF:00:00:00 3C:28:6D:00:00:00 ur making mac look like a normal oui - so it (for 99%) doesnt flag u. the most it will do is cause weird behaviour. it has more benefit than downside tho.

also for ur case - stable-privacy is good enough. random can sometimes cause ipv6 only services to break - and for public wifi use case - i think its the best, so yeah, its fine.

also about minimizing tracking - this config is the most. other than that - the other ways you can be tracked are browser related, all we can do with netman is done./

go make the world a better place - money is insignificant as long as there is humanity, foss, and community

Offline

Pages: 1

Board footer

Powered by FluxBB