debian-9 sys-net, random MAC buggy

[qubenix]

I've used the docs[1] to randomize my MAC on sys-net with debian-9 as
it's template. At first everything was working normal, but I've noticed
now that my MAC is only randomized until I connect to a network. At that
point it switches back to the original MAC. Anyone else experiencing this?

Second issue is that it seems my eth0 is never randomized. Any users
with the same experience?

[1] https://www.qubes-os.org/doc/anonymizing-your-mac-address/

--
qubenix
GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

[Reg Tiangha]

On 12/15/2016 11:50 AM, qubenix wrote:
> I've used the docs[1] to randomize my MAC on sys-net with debian-9 as
> it's template. At first everything was working normal, but I've noticed
> now that my MAC is only randomized until I connect to a network. At that
> point it switches back to the original MAC. Anyone else experiencing this?
>
> Second issue is that it seems my eth0 is never randomized. Any users
> with the same experience?
>
> [1] https://www.qubes-os.org/doc/anonymizing-your-mac-address/
>

I've had that happen ever since I tried it so I just assumed it was a
bug or a hardware issue that doesn't allow my wifi adapter to change. If
there's a workaround or an extra package to install to make it work
properly, I'd love to hear it. I get the same issue with NM on Debian 9
or Fedora 25, as well as the macchanger method. It does scramble the MAC
address when it's not connected to an access point, but reverts to the
original one once it connects to a network.

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This is a known issue:

https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-247272139

Please view the link for a potential workaround.

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYU4EsAAoJENtN07w5UDAwGYIP/ihgE1PKPJCHyWPef6Z3Ofhp
geNZiD2Q6Uty4nBhmJToNgWUzBcos4XVGyifVd9CvyAWnJ7xjk6EcRyAEcTZc7hX
2Tujw4riI84KkC00cS14jO64ZJMw0oQb5yNTHYuhGr6w4nippiApytkHaL7A8jcc
xC/GAqNUje2jgIaDpw3GjZdG72/dBgNTRs4A6sSOp2/35Q9fEeWMBx/sIbktvlfa
r4wKKqu7S92xrmdOGo9WTKLZ3H2hIx1lDa576L96LGC2tla223GErlUUReVBTzIS
RgWC477czw5U03q+PZFMB8/MLWs8j0N3YbCp3Q/Fh2K+keKjagwpZP80qJCHjmme
bnzmif71ZObcpueSZCqV6eoKa/bCQP7NZv0Pv6z+YK5QmOgQf2WJNKIDKdRx4quu
+4OiptGlPv5s1BmTfke9U+nO4RnFSaygDY1rmAsuUSkaUC54WOJOV8Ye9kOdb4sl
DpMrcztN4D/3YNoUoQLuGwMH9VbaVXAB6RqeEArArVyqSefSJNkIGnVtKNXxcu62
If+Zw2H+BQktQYN2tFIJBYBMarSNrNpAuEmKhYHvasCnTuquQrEYLQtcTlcL2X7h
liXw9/h6hBQ4om7Rq3UY6Vqm5IcMhAMPUg5WB22pwjjPJIUeO9QgZk/Y5ZSRAGXe
2bFAe2mlDekDKtnROC7O
=J2vH
-----END PGP SIGNATURE-----

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-15 21:52, Andrew David Wong wrote:
> On 2016-12-15 10:58, Reg Tiangha wrote:
>> On 12/15/2016 11:50 AM, qubenix wrote:
>>> I've used the docs[1] to randomize my MAC on sys-net with debian-9 as
>>> it's template. At first everything was working normal, but I've noticed
>>> now that my MAC is only randomized until I connect to a network. At that
>>> point it switches back to the original MAC. Anyone else experiencing this?
>>>
>>> Second issue is that it seems my eth0 is never randomized. Any users
>>> with the same experience?
>>>
>>> [1] https://www.qubes-os.org/doc/anonymizing-your-mac-address/
>>>
>
>> I've had that happen ever since I tried it so I just assumed it was a
>> bug or a hardware issue that doesn't allow my wifi adapter to change. If
>> there's a workaround or an extra package to install to make it work
>> properly, I'd love to hear it. I get the same issue with NM on Debian 9
>> or Fedora 25, as well as the macchanger method. It does scramble the MAC
>> address when it's not connected to an access point, but reverts to the
>> original one once it connects to a network.
>
>
> This is a known issue:
>
> https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-247272139
>
> Please view the link for a potential workaround.
>

If the non-macchanger method also doesn't work, then you may be
experiencing a bug that goes beyond the one linked above. Added:

https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-267522839

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYU4HAAAoJENtN07w5UDAwtUsP/A13547jK6rxAPYOyd7ru3vw
3GNenoLihHIR/1BhNdYSVsQvljJfqkHvr0EjLD5aO9FskBgNPq9p3M67ePX4x7D+
K7vbSc67Hl0LeMCEN+BeUDx2W0ZJbqtodAwYtHMLom7QSox6btwn1HAwtC+qKoRM
4kC93bAHcfHmaEmJoVVHifPggFcxjQY0JiHLWcuxalp/r0NhwnzzFC5933NNddM0
cYHZKLr5FjAoLe+OkcgUUR8pqrS4gMsL+r2KeggMUHQG7dwwTpQqKX9REeJgyWCx
o1ZZoGmxf3nh4GJJ45Pkeafx7kVW/S3b+0/aV3nADlDadbUemHn+P59iPy1qPyxp
78XI6vvp5FCwoW8SJwrmuNqcLIns4OzHprl3ZovTh4lwSbDh61BQUWVVLtBfSyXo
AfrlU6i6Ar3nVFLNOFr4497Qw72mzjvEaMetKLhb3/4kRNhdfALOgFQLVUqp8uw/
ZZVK5sXX8qSmmUuVmobv3uTOVimkaCMDB3art4LzqmY751jZntY+xG7b8Np1b5Ti
BNMgiQfojvxzsFRGYgwwHIYCJl5+RrGauzb+B+K7BmVJNj1b+nzjXFeS+hu27t3z
xHipsz9MNQrFMiXE8EP9A7Ri2KAASZVxoEt9yKadYyHiNkY49oTLQF1y+oU5QkgT
/Dewh3CaBbyASCXWbnXU
=MFiZ
-----END PGP SIGNATURE-----

[Chris Laprise]

The main issue here is that the correct config keyword
"cloned-mac-address" reverted to an incorrect (non-)keyword
"assigned-mac-address" that was used in an earlier version (see
https://github.com/tasket/qubes-doc/commit/27dcc6f142d627293d7788cbd5610b4f6b4f2df5
).

Somehow this got changed back to the original, mistaken keyword here:
https://github.com/QubesOS/qubes-doc/commit/a9a82bedf092eec13e774dc50cbc6f83f0ef2182

The "assigned-mac-address" is a property for NM's dbus interface ...not
in the config parser where "cloned-mac-address" is used (see gnome.org
link below).

--

With that said, there is an actual NM bug where it ignores randomization
settings when connecting to an AP. This bug bit me and the workaround
was to use a newly-created netVM instead of existing one so that old NM
connection data was not present in the new configuration. That's why the
instructions say to create a new netVM.

https://mail.gnome.org/archives/networkmanager-list/2016-October/msg00019.html


Chris

[qubenix]

Chris Laprise:

Ah, that was my mistake/commit. I apologize, I did not see this
documented before. Thank you for helping me to realize this confusing
situation.

The worst part, really, is that the only place in the man pages where
random vs. stable is documented is in the section that specifies that
`cloned-mac-address` is deprecated!?! It would be really nice if this
were also doc'd in the `keyfile` or `ifcfg` pages. So now the Qubes docs
have to point to a page that is going to recreate this situation over
again.

Relevant NetworkManager doc pages:

https://developer.gnome.org/NetworkManager/1.4/nm-settings.html
https://developer.gnome.org/NetworkManager/1.4/nm-settings-keyfile.html
https://developer.gnome.org/NetworkManager/1.4/nm-settings-ifcfg-rh.html

--
qubenix
GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

[Chris Laprise]

On 12/16/2016 12:21 PM, qubenix wrote:
>
> Ah, that was my mistake/commit. I apologize, I did not see this
> documented before. Thank you for helping me to realize this confusing
> situation.
>
> The worst part, really, is that the only place in the man pages where
> random vs. stable is documented is in the section that specifies that
> `cloned-mac-address` is deprecated!?! It would be really nice if this
> were also doc'd in the `keyfile` or `ifcfg` pages. So now the Qubes docs
> have to point to a page that is going to recreate this situation over
> again.
>
> Relevant NetworkManager doc pages:
>
> https://developer.gnome.org/NetworkManager/1.4/nm-settings.html
> https://developer.gnome.org/NetworkManager/1.4/nm-settings-keyfile.html
> https://developer.gnome.org/NetworkManager/1.4/nm-settings-ifcfg-rh.html

Yeah, I initially made the same mistake. :) Per what Thomas said in the
linked NM thread, the current NM documentation is confusing.

Chris