Enabling MAC randomization

Vlad Nirky

@gpatel-fr
Not so hard and usefull
you must know which yaml file is used for the wifi in /etc/netplan
as root cd /etc/netplan and cat yaml files.
nano 90-NM-5f1fe55a-2996-4485-b6b3-a75fe76edc62.yaml (ie)
Then in the wifi one
replace

      dhcp4: true 
with
      dhcp4: false
      addresses:
        - [your wanted IP]/24 (or less)
      routes:
        - to: default
          via: [your router IP]
      nameservers:
        addresses: [your DNS1, your DNS2]

save it
and validate it by
netplan apply

gpatel-fr

@Vlad-Nirky said in Enabling MAC randomization:

Not so hard and usefull

yes that's a possibility. Another could be to stop and disable the mount unit + restarting the phone when staying at home.

nielsbasjes

What we did:

To test

The /run/ is reset on every reboot so we first created /run/NetworkManager/conf.d/20-randomwifimacaddress.conf with

[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=random

Restart NetworkManager: systemctl restart NetworkManager

The observed effects:

The MAC address was random everytime (as configured).
The wifi network scanning no longer works in the config app.
Scanning from the command line does still work. nmcli radio wifi on && nmcli device wifi rescan && nmcli device wifi list && nmcli radio wifi off

I could really use some help on that one.

To make permanent

Created /userdata/system-data/etc/NetworkManager/conf.d/
Copied the existing /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf to /userdata/system-data/etc/NetworkManager/conf.d/.
Created /userdata/system-data/tmp/
Created the described /userdata/system-data/etc/systemd/system/etc-NetworkManager-conf.d.mount

[Unit]
Description=Mount unit for /etc/NetworkManager/conf.d
DefaultDependencies=no
Requires=system.slice dev-sda17.device -.mount
Conflicts=umount.target
Before=umount.target local-fs.target
Before=network-pre.service
Wants=network-pre.service

[Mount]
Where=/etc/NetworkManager/conf.d
What=/userdata/system-data/etc/NetworkManager/conf.d
Options=rw,relatime,upperdir=/userdata/system-data/etc/NetworkManager/conf.d,lowerdir=/etc/NetworkManager/conf.d,workdir=/userdata/system-data/tmp
Type=overlay

[Install]
WantedBy=network.target

Created /userdata/system-data/etc/NetworkManager/conf.d/20-randomwifimacaddress.conf with

[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=random

Ran commands
- systemctl daemon-reload
- systemctl start etc-NetworkManager-conf.d.mount
Verify it was correctly mounted and had the right files
Ran commands
- systemctl enable etc-NetworkManager-conf.d.mount

Summary so far

MAC Randomization works
Wifi network scanning in the config app no longer works (and it does work using nmcli). If we disable the scan mac randomization then the config app works again.

gpatel-fr

@nielsbasjes said in Enabling MAC randomization:

Wifi network scanning in the config app no longer works

if you mean that the other networks don't appear when disabling and enabling wifi in settings/wifi, I don't repro. I can still see them. I think it has happened to me even without randomisation, the problem is a bit random itself

nielsbasjes

@gpatel-fr Correct, the list in the config UI does not show any of the available networks. On the FP5 we have it seems to be directly related to the scan randomisation setting.

gpatel-fr

@nielsbasjes

Since the grand total of devices in the test is 2 it's difficult to conclude anything.

Does it happen in any neighboroud ? I mean has it been only tested in an enterprise context with special enterprise wifi access point? which version of UT do you use ?

If the problem really interests you, you could enter the lxc android container (sudo lxc-attach --name android -- sh) and use logcat or take a look at the android wifi logs (/data/vendor/wifi/wlan_logs) while disabling/enabling the wifi in the Ui to see if any interesting error message does appear at this time.

gpatel-fr

said in Enabling MAC randomization:

the problem is a bit random itself

actually, it's a bit clearer now; when I enable wifi, I see the whole bunch of other wifi access points around my place; if I close settings and come back after some time (don't remember, maybe half an hour) and I open wifi settings again, I don't see anymore any other access points that the one I am connected to.

nielsbasjes

@gpatel-fr The tests I did were in a residential setting with the Wifi SSIDs of serveral neighbors showing up.

gpatel-fr

@nielsbasjes

that's a bit annoying that the same change on the same hardware leads to 2 different results. There must be a reason but it's difficult to imagine it. As for the moment there is no one to step up to share a result in a different context and I'm definitely not about to buy a new phone to do a different test. I will wait for an idea to come to me

nielsbasjes

@gpatel-fr I wasn't clear. The SSIDs showed when wifi.scan-rand-mac-address was disabled and none (not even the current one) were shown when it was enabled.

gpatel-fr

@nielsbasjes said in Enabling MAC randomization:

none (not even the current one)

Now, even when I don't see the other access points, which is quite often when I swipe out the settings and come back in it, I always see my own access point with "Connected" in green. Like I said, I only see the other access points when first enabling Wifi (and it don't crash the phone, but that's another story).
I'm curious how it appears, could you share a screenshot please ?