MAC Address Anonymization and NetworkManager Compatibility
67 views
Skip to first unread message
sf0IqXUyNLTP22nB3Lpt
Feb 26, 2020, 1:12:20 AM2/26/20
to qubes...@googlegroups.com
I have recently set up a vpn gateway qube according to the instructions as listed here. I have now gone to set up the MAC Anonymization and have a question and a problem both.
Firstly the linked page wrote specifically not to include the network manager. But at the same time the page on anonymizing the MAC address says that you must begin by installing the network manager. Is this safe to do?
The second is that I only have NetworkManager 1.16.4. When I try to update or reinstall with sudo dnf install NetworkManager I get
'
Last metadata expiration check: 0:21:07 ago on Wed Feb 26 00:45:32 2020.
Package NetworkManager-1:1.16.4-1.fc30.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
'
Thank you for your kind assistance
Sent with ProtonMail Secure Email.
_DRX_
Feb 26, 2020, 2:15:01 AM2/26/20
to qubes-users
The easy way would be to install the Network-Manager and set the Cloned Mac Address to Random,
or you can also change it per Script with Macchanger
You can try
sudo apt remove NetworkManager
sudo apt update
sudo apt install NetworkManager
sudo apt upgrade --fix-missing
It works fine here
David Hobach
Feb 26, 2020, 6:06:39 AM2/26/20
to sf0IqXUyNLTP22nB3Lpt, qubes...@googlegroups.com
On 2/26/20 7:12 AM, 'sf0IqXUyNLTP22nB3Lpt' via qubes-users wrote:
> I have recently set up a vpn gateway qube according to the instructions as listed [here](https://www.qubes-os.org/doc/vpn/). I have now gone to set up the MAC Anonymization and have a question and a problem both.
>
> Firstly the linked page wrote specifically not to include the network manager. But at the same time the page on anonymizing the MAC address says that you must begin by installing the network manager. Is this safe to do?
The doc is here: https://www.qubes-os.org/doc/anonymizing-your-mac-address/
> Firstly the linked page wrote specifically not to include the network manager. But at the same time the page on anonymizing the MAC address says that you must begin by installing the network manager. Is this safe to do?
Your VPN client should reside in a different VM (a proxy VM named e.g.
sys-vpn) than NetworkManager (sys-net).
Chris Laprise
Feb 26, 2020, 6:36:17 AM2/26/20
to sf0IqXUyNLTP22nB3Lpt, qubes...@googlegroups.com
On 2/26/20 1:12 AM, 'sf0IqXUyNLTP22nB3Lpt' via qubes-users wrote:
> I have recently set up a vpn gateway qube according to the instructions
> as listed here <https://www.qubes-os.org/doc/vpn/>. I have now gone to
> I have recently set up a vpn gateway qube according to the instructions
> set up the MAC Anonymization and have a question and a problem both.
>
> Firstly the linked page wrote specifically not to include the network
> manager. But at the same time the page on anonymizing the MAC address
> says that you must begin by installing the network manager. Is this safe
> to do?
There are two main setup options in that VPN doc: The first one tells
>
> Firstly the linked page wrote specifically not to include the network
> manager. But at the same time the page on anonymizing the MAC address
> says that you must begin by installing the network manager. Is this safe
> to do?
you to enable Network Manager in the VPN VM. The second one is
script-based and tells you not to enable NM in the VPN VM.
The "don't include NM" part refers only to setting up the VPN VM, which
is separate from sys-net. In other words, the VPN instructions don't
affect sys-net, so you can keep using NM (in sys-net) after you setup
your VPN.
>
> The second is that I only have NetworkManager 1.16.4. When I try to
> update or reinstall with sudo dnf install NetworkManager I get
> '
> Last metadata expiration check: 0:21:07 ago on Wed Feb 26 00:45:32 2020.
> Package NetworkManager-1:1.16.4-1.fc30.x86_64 is already installed.
> Dependencies resolved.
> Nothing to do.
> Complete!
listed in the doc.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
sf0IqXUyNLTP22nB3Lpt
Feb 27, 2020, 12:52:10 AM2/27/20
to Chris Laprise, qubes...@googlegroups.com
Thanks to you both. I was mistaken in thinking I needed to set up MAC anonymizing in all NetVMs, but it seems like just the sys-net one is needed.
And for some reason I kept reading 1.16 as 1.1.6. Which was dumb of me but led to my confusion.
Thanks again for your help!
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
And for some reason I kept reading 1.16 as 1.1.6. Which was dumb of me but led to my confusion.
Thanks again for your help!
Sent with ProtonMail Secure Email.
On Wednesday, February 26, 2020 6:36 AM, Chris Laprise <tas...@posteo.net> wrote:
> On 2/26/20 1:12 AM, 'sf0IqXUyNLTP22nB3Lpt' via qubes-users wrote:
>
> > I have recently set up a vpn gateway qube according to the instructions
> > as listed here https://www.qubes-os.org/doc/vpn/. I have now gone to
> On 2/26/20 1:12 AM, 'sf0IqXUyNLTP22nB3Lpt' via qubes-users wrote:
>
> > I have recently set up a vpn gateway qube according to the instructions
> > set up the MAC Anonymization and have a question and a problem both.
> > Firstly the linked page wrote specifically not to include the network
> > manager. But at the same time the page on anonymizing the MAC address
> > says that you must begin by installing the network manager. Is this safe
> > to do?
>
> There are two main setup options in that VPN doc: The first one tells
> you to enable Network Manager in the VPN VM. The second one is
> script-based and tells you not to enable NM in the VPN VM.
>
> The "don't include NM" part refers only to setting up the VPN VM, which
> is separate from sys-net. In other words, the VPN instructions don't
> affect sys-net, so you can keep using NM (in sys-net) after you setup
> your VPN.
>
> > The second is that I only have NetworkManager 1.16.4. When I try to
> > update or reinstall with sudo dnf install NetworkManager I get
> > '
> > Last metadata expiration check: 0:21:07 ago on Wed Feb 26 00:45:32 2020.
> > Package NetworkManager-1:1.16.4-1.fc30.x86_64 is already installed.
> > Dependencies resolved.
> > Nothing to do.
> > Complete!
>
> Nothing wrong there. 1.16 is a much later version than the minimum 1.4.2
> listed in the doc.
>
> ----------------------------------------------------------------------------------------------
> > Firstly the linked page wrote specifically not to include the network
> > manager. But at the same time the page on anonymizing the MAC address
> > says that you must begin by installing the network manager. Is this safe
> > to do?
>
> There are two main setup options in that VPN doc: The first one tells
> you to enable Network Manager in the VPN VM. The second one is
> script-based and tells you not to enable NM in the VPN VM.
>
> The "don't include NM" part refers only to setting up the VPN VM, which
> is separate from sys-net. In other words, the VPN instructions don't
> affect sys-net, so you can keep using NM (in sys-net) after you setup
> your VPN.
>
> > The second is that I only have NetworkManager 1.16.4. When I try to
> > update or reinstall with sudo dnf install NetworkManager I get
> > '
> > Last metadata expiration check: 0:21:07 ago on Wed Feb 26 00:45:32 2020.
> > Package NetworkManager-1:1.16.4-1.fc30.x86_64 is already installed.
> > Dependencies resolved.
> > Nothing to do.
> > Complete!
>
> Nothing wrong there. 1.16 is a much later version than the minimum 1.4.2
> listed in the doc.
>
799
Feb 27, 2020, 12:09:59 PM2/27/20
to sf0IqXUyNLTP22nB3Lpt, qubes-users
Hello sf0IqXUyNLTP22nB3Lpt,
''sf0IqXUyNLTP22nB3Lpt via qubes-users <qubes...@googlegroups.com> schrieb am Mi., 26. Feb. 2020, 07:12:
I have recently set up a vpn gateway qube according to the instructions as listed here. I have now gone to set up the MAC Anonymization and have a question and a problem both.Firstly the linked page wrote specifically not to include the network manager. But at the same time the page on anonymizing the MAC address says that you must begin by installing the network manager. Is this safe to do?
you can build a VPN Gateway without using network manager afaik.
You might want to look into my setup notes on GitHub how I've set it up:
>>How to use a ProxyVM to run all traffix through PIA<<
Amazing name by the way ;-)
One7two99
sf0IqXUyNLTP22nB3Lpt
Feb 28, 2020, 11:39:39 AM2/28/20
to 799, qubes-users
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
lol thanks. It's a traditional family name for many generations in my family. I assume yours is the same ;)
One7two99
Thanks for your help! This script is very interesting. What I want to ask is how the tasket script compares to the setup with cli and iptables in the qubes vpn documentation. I tried to do the tasket but because I had trouble I did the cli and iptables instead. If tasket is better, surely I will use your script.
Chris Laprise
Feb 28, 2020, 2:51:10 PM2/28/20
to sf0IqXUyNLTP22nB3Lpt, qubes-users
On 2/28/20 11:39 AM, 'sf0IqXUyNLTP22nB3Lpt' via qubes-users wrote:
> Thanks for your help! This script is very interesting. What I want to
> ask is how the tasket script compares to the setup with cli and iptables
> in the qubes vpn documentation <https://www.qubes-os.org/doc/vpn/>. I
> Thanks for your help! This script is very interesting. What I want to
> ask is how the tasket script compares to the setup with cli and iptables
> tried to do the tasket but because I had trouble I did the cli and
> iptables instead. If tasket is better, surely I will use your script.
If you mean Qubes-vpn-support...
> iptables instead. If tasket is better, surely I will use your script.
https://github.com/tasket/Qubes-vpn-support
...then its better than the vpn doc in that:
1. Setup is automated; no file editing needed
2. Double-checks the firewall at startup
3. Improves the re-connection behavior of openvpn (doesn't wait very
long periods after a connection is lost)
What is the problem you were having?
Reply all
Reply to author
Forward
0 new messages