Enabling MAC randomization
-
Hi,
I have installed Ubuntu Touch on a FairPhone 5.
I would like to configure MAC randomization on the WIFI connection.
I have not been able to find this as a setting in the config app.The normal way of doing this with the NetworkManager is by setting these kinds of properties in the config files
wifi.scan-rand-mac-address=yes wifi.cloned-mac-address=randomWhat I found on my phone is that apparently the
/etc/NetworkManager.confand/etc/NetworkManager/conf.dare all on a readonly file system.
The/etc/NetworkManager/system-connectionsis explicitly mounted on a special directory which is writable.So far I have only come up with these steps, but they seem to me like too much of a hack.
- Adding an extra
conf.ddirectory in a writable location (next to the place where the/etc/NetworkManager/system-connectionsis mounted) - Copy all files that are already in there to the new location
- Add an extra mount line in the
/etc/fstab - Mount it
- Add a new config with the above mentioned lines.
My question is simple: What is the proper way to enable MAC randomization on Ubuntu Touch? Or is the above mentioned way the best available solution?
- Adding an extra
-
@nielsbasjes said in Enabling MAC randomization:
Add an extra mount line in the /etc/fstab
out of curiosity, does it actually work ?
Fromhttps://superuser.com/questions/1507278/mount-overlayfs-on-before-systemd-starts
a race could occur between systemd and the mount.
-
@nielsbasjes you can use systemd mount units for this, we allow writes to
/etc/systemd/system:- Copy your modified
NetworkManager.confto/etc/writableas a safe spot - Create a file
/etc/systemd/system/etc-NetworkManager-NetworkManager.conf.mountwith the following contents:
[Mount] What=/etc/writable/NetworkManager.conf Where=/etc/NetworkManager/NetworkManager.conf Type=none Options=bind [Install] WantedBy=local-fs.target- Enable the mount unit:
sudo systemctl daemon-reload && sudo systemctl enable etc-NetworkManager-NetworkManager.conf.mount
Let me know if it works for you, a quick reboot with this applied on my FP4 resulted in the same IP assigned as before.
- Copy your modified
-
@fredldotme said in Enabling MAC randomization:
a quick reboot with this applied on my FP4 resulted in the same IP assigned as before.
something like that should work, even if probably the unit file should include a before stanza, see below. However it could also depend on what is in the modified NetworkManager.conf.
I tried it a bit differently, partly out of a (possibly outlandish) idea of 'don't change the NetworkManager.conf file ! it is distro controlled'. Well, lol, you for all intent and purpose are the distro here and you advise precisely that
phablet@ubuntu-phablet:/userdata/system-data/etc/NetworkManager/conf.d$ ls
randomwifimacaddress.confcat randomwifimacaddress.conf
[device]
wifi.scan-rand-mac-address=yes[connection]
wifi.cloned-mac-address=randomcat /userdata/system-data/etc/systemd/system/etc-NetworkManager-conf.d.mount
[Unit]
Description=Mount unit for etc/NetworkManager/conf.d
DefaultDependencies=no
Requires=system.slice dev-sda17.device -.mount
Conflicts=umount.target
Before=umount.target local-fs.target
Before=network-pre.service
Wants=network-pre.service[Mount]
Where=/etc/NetworkManager/conf.d
What=/userdata/system-data/etc/NetworkManager/conf.d
Options=rw,relatime,upperdir=/userdata/system-data/etc/NetworkManager/conf.d,lowerdir=/etc/NetworkManager/conf.d,workdir=/userdata/system-data/tmp
Type=overlay[Install]
WantedBy=network.target[there are very probably unnecessary things in this unit...]
phablet@ubuntu-phablet:/userdata/system-data/etc/NetworkManager/conf.d$ ls /userdata/system-data/tmp -lart
total 12
d--------- 2 root root 4096 juil. 11 20:52 work
drwxr-xr-x 3 700 root 4096 juil. 11 20:52 .
drwxr-xr-x 9 root root 4096 nov. 11 01:38 ..after the usual systemd dance ; sudo systemctl daemon-reload, sudo systemctl start, sudo systemctl start etc-NetworkManager-conf.d.mount (to test), systemctl enable etc-NetworkManager-conf.d.mount (to validate before rebooting the phone), it seems to apply a new mac address after the restart or a disable/enable of Wifi on the phone.
-
@gpatel-fr I agree your approach using overlayfs is better, puts the file in the same place we would regularly put our customizations.
-
@fredldotme said in Enabling MAC randomization:
using overlayfs is better
Well, using overlayfs was mostly an experiment on my part (finding on the Internet an example of a mount unit with overlayfs was surprising difficult - finally I had to test on my PC to find a form that actually works - and the official way does not seem to work on Ubuntu 24.04 - it's possible than systemd is bugged at this point)
The downside is, as each port has its own kernel, having overlayfs available is not a sure thing as having the possibility of bind-mounting. As I had no more experience with bind-mount than overlayfs, I used the most exciting possibility -
@gpatel-fr I have not tried this idea. I realized this is such an "extreme" way of settings this (also looking at the other replies) that I asked here first.
My key question is : Is this the right direction or is there a simple, clean and reliable way of enabling MAC randomization.
-
@nielsbasjes said in Enabling MAC randomization:
Is this the right direction or is there a simple, clean and reliable way of enabling MAC randomization.
If you don't know about it, @fredldotme is a pillar of UT, certainly the second ranked; so if he don't advise for a 'simpler, cleaner' solution, you can assume that there is no obvious one. Having the rootfs read-only is certainly a solid part of the core tenets of UT.
-
@nielsbasjes mac random addresses are now pretty much a standart, it would be great if this implementation is shipped on our system by default , if you manage to get this working and send it upstream, that’d be awesome
-
@uxes I'm going to try it this weekend. If it works, where can I find the issue tracker/git repo to submit a patch proposal?
-
@uxes said in Enabling MAC randomization:
shipped on our system by default
I am not sure that any phone is doing that by default.
It has also a downside for anyone using this phone with ssh, that is, the IP address affected by the Dhcp server (the wifi access point) will change often.
It's not a big deal but it can be annoying. -
While I don't have a formal, tangible report to cite, my practical experience dealing with a network of around a hundred devices daily at my company confirms this: Android, iOS, and macOS absolutely randomize their MAC addresses. This behavior makes reliable device tracking within the company difficult, though it admittedly ensures a better degree of anonymity for our users.
https://source.android.com/docs/core/connect/wifi-mac-randomization-behavior
https://support.apple.com/en-us/102509
By default, your device improves privacy by using a different MAC address for each Wi-Fi network. -
@gpatel-fr
You could fix IP (as I did) -
@Vlad-Nirky said in Enabling MAC randomization:
@gpatel-fr
You could fix IPThe option does not seem to be available in the phone UI - I guess that it can be done with some command line trickery. This is not something that is commonly done in Wifi networks where devices are rarely servers.
-
@uxes said in Enabling MAC randomization:
Android, iOS, and macOS absolutely randomize their MAC addresses
there seem to be yet some level of configuration:
what is done by the trick I posted is mostly the highest level, non persistent randomization (except the 'new Mac address every few days'). The article suggests that this can be too strong for some internal 'enterprise' networks that have special requirements. So some level of configuration could be necessary, no size fits all. When adding options in the UI, it gets so much more complicated to program that you begin to understand why it was not done before for UT.
-
@gpatel-fr
Not so hard and usefull
you must know which yaml file is used for the wifi in /etc/netplan
as root cd /etc/netplan and cat yaml files.
nano 90-NM-5f1fe55a-2996-4485-b6b3-a75fe76edc62.yaml (ie)
Then in the wifi one
replacedhcp4: true with dhcp4: false addresses: - [your wanted IP]/24 (or less) routes: - to: default via: [your router IP] nameservers: addresses: [your DNS1, your DNS2]save it
and validate it by
netplan apply -
@Vlad-Nirky said in Enabling MAC randomization:
Not so hard and usefull
yes that's a possibility. Another could be to stop and disable the mount unit + restarting the phone when staying at home.
