[SOLVED] MAC randomization, NM, IWD ?

mokkurkalve · 2022-10-23 06:11:55

I have NetworkManager with iwd backend.

cat /etc/NetworkManager/conf.d/wifi_backend.conf 
[device]
wifi.backend=iwd

As I no longer use any USB wifi-card I decided to get some MAC randomization, per some how-tos I fell down on this:

cat /etc/NetworkManager/conf.d/wifi_rand_mac.conf 
[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable
connection.stable-id=${CONNECTION}/${BOOT}

And then I set method on individual existing connections thus:

nmcli connection modify ${nmconnection}  wifi.cloned-mac-address random

Some to "random", some to "stable"

However. Testing with "cat /sys/class/net/wlan0/address" or "sudo ip link show wlan0" I only see the same old HW MAC address. No randomization as far as I get it. On any interface - even if

802-11-wireless.cloned-mac-address:     random

So I wonder if this has anything with me using iwd as backend? Or is there another well-known explanation I haven't found? Anybody in the know?

Last edited by mokkurkalve (2022-10-27 17:04:59)

seth · 2022-10-23 06:48:38

https://wiki.archlinux.org/title/NetworkManager#Configuring_MAC_address_randomization wrote:

stable generates a random MAC address when you connect to a new network and associates the two permanently. This means that you will use the same MAC address every time you connect to that network. In contrast, random will generate a new MAC address every time you connect to a network, new or previously known.

Did you connect to any AP and did you alter the configuration before or after?
If you've control over the/any AP I'd check *there* whether you show up w/ a new MAC everytime.

Also nb. the caveat note in the wiki - some APs really don't like that at all, assume malice and kick you.

mokkurkalve · 2022-10-23 13:10:37

For "random" test I changed this after disconnect from said AP, and there was also a reboot before trying to connect again. No, I did not have possibility to see how this looked from the perspective of the AP.

However. It looks like this is what happens when you use iwd for NM-backend. I now found this gitlab issue.

seth · 2022-10-23 13:45:16

Good find.
https://wiki.archlinux.org/title/Talk:NetworkManager#iwd_backend_doesn't_support_mac_spoofing (just added, this should be pointed out for sure)

jprestwo · 2022-10-24 16:03:04

You could work around NM's lack of support by setting it into IWD's config directly (/etc/iwd/main.conf):

[General]
AddressRandomization=network

mokkurkalve · 2022-10-24 19:52:48

jprestwo wrote:

You could work around NM's lack of support by setting it into IWD's config directly (/etc/iwd/main.conf):
[General]
AddressRandomization=network

Yes. I tried that, the problem was that NetworkManager didn't knew about the "new card" and made a new profile for the connection, and thus I lost all my settings for that connection. And if that happens every time I reboot (?) - it's not very practical.
But I used the setting from the wiki:

/etc/iwd/main.conf

[General]
AddressRandomization=once
AddressRandomizationRange=nic

...so I look into the variant you suggest...
Edit:
It looks like this will make NM create a new profile every so often, so that I cannot have persistent settings regarding this or that AP?

Last edited by mokkurkalve (2022-10-24 20:02:48)

jprestwo · 2022-10-25 19:40:28

Its my understanding that when using NM it essentially controls IWD's profiles, so adding options directly into a profile like /var/lib/iwd/ssid.psk isn't a good idea. But this is not the case for IWD's global configuration file, /etc/iwd/main.conf, NM should never touch this.

So NM "creating a new profile every so often" isn't related to setting [General].AddressRandomization in main.conf, its just the way NM works.

But you should still be able to randomize the address using this option regardless of what NM wants to do. You have a few options:

[General]
# Will randomize one time on startup, the MAC will not change while IWD runs
AddressRandomization=once

# Will randomize for each network deterministically, so for each different network you will have a different randomized MAC.
AddressRandomization=network

I saw you had it set to "once" which may have led you to believe it wasn't randomizing.

mokkurkalve · 2022-10-26 05:58:16

jprestwo wrote:

I saw you had it set to "once" which may have led you to believe it wasn't randomizing.

It was randomizing. The problem was that when iwd had given wlan0 a new MAC address NM created a new profile for the connection with default settings, which led to other settings that are important to me, like DNS, priority etc. got lost. And as I understand also with "once" this will happen after each reboot. Which is too unpractical as I have to reedit the profiles and reconnect after each reboot. The advantages of MAC randomization are probably not that great to me...

mokkurkalve · 2022-10-26 09:41:38

Actually, I tested again using this:

cat /etc/iwd/main.conf 
[General]
AddressRandomization=network
AddressRandomizationRange=nic

And after stripping "mac-address" and "interface-name" from the NM-profiles using the commands described here, I seem to get a new MAC address without NM writing a new profile and thus deleting my other settings for the connection.
So maybe this is solved.
But I will test and look into it a bit more.

mokkurkalve · 2022-10-27 17:02:01

Yes. As long as you follow the prerequisites in the iwd wiki and sanitize those NM-profiles by stripping away the "mac-address", "interface-name", "permissions" and "bssid" fields like it's described there, this seems to be working very well.

Arch Linux

#1 2022-10-23 06:11:55

[SOLVED] MAC randomization, NM, IWD ?

#2 2022-10-23 06:48:38

Re: [SOLVED] MAC randomization, NM, IWD ?

#3 2022-10-23 13:10:37

Re: [SOLVED] MAC randomization, NM, IWD ?

#4 2022-10-23 13:45:16

Re: [SOLVED] MAC randomization, NM, IWD ?

#5 2022-10-24 16:03:04

Re: [SOLVED] MAC randomization, NM, IWD ?

#6 2022-10-24 19:52:48

Re: [SOLVED] MAC randomization, NM, IWD ?

#7 2022-10-25 19:40:28

Re: [SOLVED] MAC randomization, NM, IWD ?

#8 2022-10-26 05:58:16

Re: [SOLVED] MAC randomization, NM, IWD ?

#9 2022-10-26 09:41:38

Re: [SOLVED] MAC randomization, NM, IWD ?

#10 2022-10-27 17:02:01

Re: [SOLVED] MAC randomization, NM, IWD ?

Board footer