Hello, I want to randomize the Mac address of my new Librem 14.
As a total beginner I have some questions how I can do that and are grateful for any support. First, in the Github document was written about to create a new NetVM, so I have to create a new VM and set up all changes for randomizing my Mac adress and then create a new NetVM ( I using the default sys-net VM ) . My second questions is about the file directory, in the document was written:
"Write the settings to a new file in the
/etc/NetworkManager/conf.d/ directory, such as 00/macrandomize.conf . "
but I doesn´t know how I can find this directory.
“Write the settings to a new file in the
/etc/NetworkManager/conf.d/ directory, such as 00/macrandomize.conf . "
but I doesn´t know how I can find this directory.”
You must create this directory by yourself.
1 Like
Thanks, I know it is self advising but where can I find the right directory exactly? I never create a file with a command and create it by myself 
.
@Amadeus You sound like me. FWIW, Qubes was my first Linux OS. Before that I was all Mac OS with no terminal experience. I assumed it would be a great way to try different Linux systems to see which one I liked. 
Like learning to swim in a tank full of sharks.
Anyway… try this. I used it to randomize my MAC address and hostname (both in sys-net). That way, my hostname doesn’t advertise that I’m using Qubes.
2 Likes
Oh I see. I just looked at that guide and realized that it’s not explicit step by step.
To create a new file, use the touch command. To make changes in the root directory (folders outside of your home folder), use sudo to claim administrative rights.
To move to specific directory, use cd (“change directory”). To see the path of your current location at any time, use pwd (“present working directory”). And to list the contents of a directory use ls (“list”).
To edit a file in a debian template/VM, use nano as a text editor. It’s the easiest for beginners. If you are using a Fedora template/VM, you can use gedit.
Putting the above into action using Debian template/VM as an example and approaching it like a beginner… move to the directory you want to change:
cd /etc/NetworkManager/conf.d
List the contents of the directory:
ls
The file you need likely doesn’t exist so make it:
sudo touch 00_macrandomize.conf
Now edit the file you created:
sudo nano 00_macrandomize.conf
Copy or carefully type the script into the editor. When you are done, use ctrl X to “exit”. Then type y for “yes” to save changes. Then hit enter to confirm the file that will be changed.
You can also create files with nano and save them. You don’t need to use touch. And you don’t have to change your present working directory to make changes in other directories. Just reference it (ex. ls /home/user/Documents will list the contents of your Documents folder… You don’t have to cd to Documents and then ls) But I think it’s less confusing to mimic what you would do in a GUI window until you get the hang of making changes with terminal commands.
Hope that helps. Just ask if you are confused about anything.
2 Likes
Oh yeah… I modified the script slightly to make the MAC address more random. I replaced both instances of =stable with =random. That way, every time I disconnect and reconnect, I have a new MAC address. Otherwise, it only randomizes The MAC address every time I reboot the VM.
2 Likes
I tried to follow your advice, I put your script inside my sys-net terminal and build the 00_macrandomize.conf file. Then I added the script from the documentation.
After that I tried to save the file in the right direction.
(etc/Networkmanager/conf.d)
I found the right file when I go to: safe as → then this little hdd button → etc…
@Amadeus From the picture of your terminal, it looks like you are trying to make changes to the sys-net VM? You need to make changes to the template for sys-net… not the sys-net VM. Open Qubes Manager and look for sys-net. What is the “template” for sys-net? Open that template terminal and follow the directions again.
I don’t understand those errors. I tried to make the same edit in my Fedora template and had similar errors. (I really don’t like Fedora… 
)
Try this… in any VM, make a plain text file named 00_macrandomize.conf and paste the same contents that you typed before. Save it and in the VM file manager, right click the file and “copy to VM” to your sys-net template. Then open your sys-net template terminal.
First change directories to your QubesIncoming folder:
cd ~/QubesIncoming
Then list the contents of the folder:
ls
Then use cd again to go into the folder named after the VM that you used to write the text file. ex:
cd work
Then list the contents again:
ls
You should see 00_macrandomize.conf
Now use mv to move it to the right place:
sudo mv 00_macrandomize.conf /etc/NetworkManager/conf.d/00_macrandomize.conf
And that’s it. Shut down your template. Restart sys-usb and it should be working.
There are more simple ways to do this, but I think this is easiest for a beginner to understand. Let me know if you need any more help. You should be able to do this.
1 Like
Oh yeah… to test if the script worked, you can open the sys-net VM terminal and enter:
sudo ip link show
Look for “link/ether”. To the right it will have a MAC address. Look further to the right. It should say "“permaddr” (permanent address) with a different MAC address. That means it’s working. The link/ether address is your randomized address. Your permanent address is your “true” (hidden) MAC address.
1 Like
Does this work in 4.1? Because sys-net is disposableVM by default. Do you make these changes to templateVM fedora-34 or fedora-34-dvm? By default 4.1 has templateVM set to fedora-34-dvm but i am not sure how all that works with dvm so clarity from someone who has done it would be great
If sys-net is a named disposable, then make the changes in the template of the disposable VM template that was used to create sys-net. iow, in Qubes Manager, there is a disposable VM template listed as the template for sys-net. Now look at the template for that disposable VM template. That is where you make the changes. Just create, edit & save /etc/NetworkManager/conf.d/00_macrandomize.conf, close the template and restart sys-net.
If sys-net is a standard appVM, make the same changes in the template listed next to it in Qubes Manager.
If you want to randomize your hostname in sys-net, follow the steps inside the script in the guide I posted above. Do steps 1 and 2 in the same template you modified for MAC randomization. If sys-net is a named disposable, do step 3 in the disposable VM template that was used to create sys-net. That’s because the step 3 is modifying the home directory which is defined by the disposable VM template. If sys-net is a standard appVM, do step 3 inside the actual sys-net VM.
1 Like
I’m not a fan of specializing your general template for the needs of a single VM.
Instead I would recommend that if you see the need to modify the template used for one particular configuration, you may want to, instead:
- Clone the template first (e.g. clone fedora-34 and call it fedora-34-for-net)
- then make the modifications in the clone
- then set your “App VM” or “Disposable VM Template” to point to this new template.
Alternately, create a Standalone VM from the template, modify the Standalone VM, then (if needed) convert it to a “Disposable VM Template”.
B
2 Likes
Yes, good point. I have unique templates for service VMs and major app VMs, so my various VMs don’t have a hodge podge of installed packages sitting in he background.
I would only add that installing many specialized packages on a single template is actually a form of further generalizing the template (making it more multipurpose), not specializing it. Cloning it and keeping specific packages unique to individual templates is quite literally a way of “specializing a general template”.
2 Likes
Thanks for your replies,
I followed @necker instruction and created the file in my fedora 34 TemplateVM, because my sys-net is based on fedora. Then I moved it with your commands to my sys-net template and moved it in the right folder. I restarted the templates and used the ip link command. But how you can see in my picture, it doesn´t seemed to work, because it does not show a permaddr adress.
@Amadeus I don’t understand. To be clear, you need to add 00_macrandomize.conf to your main template. Then close the template. You are done with the template. Now restart sys-net so it updates the template changes in it’s own directory. Go to the same directory inside sys-net. 00_macrandomize.conf should be there. Open it and make sure the everything is correct. Check your spelling, directory/file names etc. It should be working. If not, let me know.
1 Like
yeah, I checked the contents and the direction of my 00_macrandomize file, but how you can see, it doesn´t work. 
I hoped that you know more about the content in my screenshots.
You checked the sys-net directory /etc/NetworkManager/conf.d/00_macrandomize.conf and it has the correct contents? Are you sure that the Network Manager service is running in sys-net? Check settings → services
Beyond that, I don’t know what to tell you. I have experience configuring MAC randomization in a Debian template. I didn’t get any of those errors when creating and editing 00_macrandomize.conf. Perhaps someone else can offer some help? Good luck.
[edit: I did just notice that the file name specified in the Qubes guide is 00-macrandomize.conf, not 00_macrandomize.conf. I don’t think that will make a difference. I have 00_macrandomize.conf working on my system. But you can try changing it. You need to change the file name in the template. something like:
sudo mv /etc/NetworkManager/conf.d/00_macrandomize.conf /etc/NetworkManager/conf.d/00-macrandomize.conf
All the best @Amadeus! Good luck.
1 Like
Yeah, I checked the file and used your command to change the name. The guide say that I have to made the file and after it I had to create a usb template. Is this required?
Here is the file with the direction and the content in sys-net after I moved the file from my fedora-34 TemplateVM.
The guide say that I have to made the file and after it I had to create a usb template. Is this required?
I have no idea what that means. The file needs to be in the template, so the template needs to exist first.
It’s not complicated.
In a normal Linux machine, the file needs to be created in /etc/NetworkManager/conf.d In Qubes, the sys-net VM inherits that directory from a parent template, so you need to make that file change in the template. Then shut down the template, make sure the sys-net VM is using that template as it’s main template (settings → basic tab) and start up sys-usb.
If you do that, you will see the file in /etc/NetworkManager/conf.d .
If Network Manager is running as a service on sys-net (settings → services), it will generate randomized addresses.
When you say things like “I have to made the file and after it I had to create a usb template” and “Here is the file with the direction and the content in sys-net after I moved the file from my fedora-34 TemplateVM.” it makes me wonder if you understand the basic concept of templates in Qubes.
Why would you move the file from the Fedora template? That’s where it belongs. How can you create the template after making the file when the file needs to be in the template?
Have you read the Qubes documentation?
After a longer time I tried your steps again and it works for me. I understanding the concept of isolation and yes I read the documentation of qubes and whonix. Anyways, thank you for you help.
1 Like