I am new to Qubes I just installed it last week. Is it possible to randomize the MAC address of a disposable VM / AppVM?
On the debian template I created /etc/NetworkManager/conf.d/00-macrandomize.conf with following lines
[device]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random
connection.stable-id=${CONNECTION}/${BOOT}
The 00-macrandomize.conf works as the debian template MAC address was randomized. To test further to find out if 00-macrandomize.conf is working I created two StandaloneVM(Fully persistent) and both have random MAC address.
However the disposableVM (fully volatile) and AppVM (persistent home, volatile root) the MAC address does not change.
From my broadband modem i can only see sys-net MAC Address.
Is it possible to randomize disposableVM (fully volatile) and AppVM (persistent home, volatile root) ?
are you referring to /rw/config/NM-system-connections/*.nmconnection of the template?
I checked the folder /rw/config/NM-system-connections/ on the template the only file i see is qubes-uplink-eth0
I checked my app/disp qube / default-dvm / untrusted and i dont see the folder NM-system-connections. I can only see /rw/config folder
thanks for your assistance. Note that I am also new to linux as my work experience is more on Windows Server…But I am now interested in learning linux as I want to learn IT Security.
I’m referring to the network connection in sys-net (for your broadband modem or what’s your uplink interface).
Do you want to randomize the MAC address of your broadband modem in sys-net?
What’s its model? Maybe it doesn’t support changing MAC address?
the content of sys-net /rw/config/NM-system-connections/ are two files one for WiFi_SSID.nmconnection and the other Wired connection 1.nmconnection. I am using WiFi to connect Qubes.
when i open a terminal of any app/disp qube and issue command “ip a” to check if the MAC address has been ramdomized the output is always the default MAC Address…but if i open a terminal of template and two StandaloneVM(Fully persistent) and issue command “ip a” the MAC address has been randomized.
I am hoping to randomized the MAC address of disposableVM (fully volatile) and AppVM (persistent home, volatile root) meaning if i open terminal and issue “ip a” command the MAC address is not the default. Is it possible to randomize the MAC address of disposableVM (fully volatile) and AppVM (persistent home, volatile root)?
So you want to randomize the MAC address of the virtual eth0 interface in the qube?
It only makes sense if there is some software running inside this qube that will read the virtual interface MAC address and use it in some way that you want to prevent.
Related issue:
If you think that this MAC address of the qube is seen by your ISP then you’re mistaken, the ISP can only see the MAC address of the network interface of your real device in sys-net.
sorry I am new to Qubes…my purpose is for privacy. I would like to use two VM preferably disposable. I will also use VPN inside the VM…my questions, after successful VPN connection, is the MAC address of sys-net going to be use by both VM’s? Meaning, are the applications / websites that I am going to access on those VM’s is going to see the MAC address of sys-net instead of the MAC address of the individual VM’s? therefore applications / websites will be able to correlate that the two VM’s are being use by the same person?
Yes, but the MAC address will only be seen by the router you are connected to (e.g. ISP) and your MAC address inside a packet will be be overwritten by the MAC address of the WAN interface of the router you are connected to:
The applications running inside the qube will be able to see the MAC address of the interfaces.
Websites won’t be able to see your MAC address.
Also the MAC address of the qube virtual network interface is the same for all qubes and all users - 00:16:3e:5e:6c:00.
thanks for your reply. Just to clarify and make sure i understand you, when you say “the applications running inside the qube will be able to see the MAC address of the interfaces”, are you referring to the interface inside the Qube meaning the MAC address inside the qube which is 00:16:3e:5e:6c:00? or are you referring to the sys-net interface MAC Address?