Does this work in 4.1? Because sys-net is disposableVM by default. Do you make these changes to templateVM fedora-34 or fedora-34-dvm? By default 4.1 has templateVM set to fedora-34-dvm but i am not sure how all that works with dvm so clarity from someone who has done it would be great
If sys-net is a named disposable, then make the changes in the template of the disposable VM template that was used to create sys-net. iow, in Qubes Manager, there is a disposable VM template listed as the template for sys-net. Now look at the template for that disposable VM template. That is where you make the changes. Just create, edit & save /etc/NetworkManager/conf.d/00_macrandomize.conf, close the template and restart sys-net.
If sys-net is a standard appVM, make the same changes in the template listed next to it in Qubes Manager.
If you want to randomize your hostname in sys-net, follow the steps inside the script in the guide I posted above. Do steps 1 and 2 in the same template you modified for MAC randomization. If sys-net is a named disposable, do step 3 in the disposable VM template that was used to create sys-net. That’s because the step 3 is modifying the home directory which is defined by the disposable VM template. If sys-net is a standard appVM, do step 3 inside the actual sys-net VM.
1 Like
I’m not a fan of specializing your general template for the needs of a single VM.
Instead I would recommend that if you see the need to modify the template used for one particular configuration, you may want to, instead:
- Clone the template first (e.g. clone fedora-34 and call it fedora-34-for-net)
- then make the modifications in the clone
- then set your “App VM” or “Disposable VM Template” to point to this new template.
Alternately, create a Standalone VM from the template, modify the Standalone VM, then (if needed) convert it to a “Disposable VM Template”.
B
2 Likes
Yes, good point. I have unique templates for service VMs and major app VMs, so my various VMs don’t have a hodge podge of installed packages sitting in he background.
I would only add that installing many specialized packages on a single template is actually a form of further generalizing the template (making it more multipurpose), not specializing it. Cloning it and keeping specific packages unique to individual templates is quite literally a way of “specializing a general template”. 
2 Likes
Thanks for your replies,
I followed @necker instruction and created the file in my fedora 34 TemplateVM, because my sys-net is based on fedora. Then I moved it with your commands to my sys-net template and moved it in the right folder. I restarted the templates and used the ip link command. But how you can see in my picture, it doesn´t seemed to work, because it does not show a permaddr adress.
@Amadeus I don’t understand. To be clear, you need to add 00_macrandomize.conf to your main template. Then close the template. You are done with the template. Now restart sys-net so it updates the template changes in it’s own directory. Go to the same directory inside sys-net. 00_macrandomize.conf should be there. Open it and make sure the everything is correct. Check your spelling, directory/file names etc. It should be working. If not, let me know.
1 Like
yeah, I checked the contents and the direction of my 00_macrandomize file, but how you can see, it doesn´t work. 
I hoped that you know more about the content in my screenshots.
You checked the sys-net directory /etc/NetworkManager/conf.d/00_macrandomize.conf and it has the correct contents? Are you sure that the Network Manager service is running in sys-net? Check settings → services
Beyond that, I don’t know what to tell you. I have experience configuring MAC randomization in a Debian template. I didn’t get any of those errors when creating and editing 00_macrandomize.conf. Perhaps someone else can offer some help? Good luck.
[edit: I did just notice that the file name specified in the Qubes guide is 00-macrandomize.conf, not 00_macrandomize.conf. I don’t think that will make a difference. I have 00_macrandomize.conf working on my system. But you can try changing it. You need to change the file name in the template. something like:
sudo mv /etc/NetworkManager/conf.d/00_macrandomize.conf /etc/NetworkManager/conf.d/00-macrandomize.conf
All the best @Amadeus! Good luck.
1 Like
Yeah, I checked the file and used your command to change the name. The guide say that I have to made the file and after it I had to create a usb template. Is this required?
Here is the file with the direction and the content in sys-net after I moved the file from my fedora-34 TemplateVM.
The guide say that I have to made the file and after it I had to create a usb template. Is this required?
I have no idea what that means. The file needs to be in the template, so the template needs to exist first.
It’s not complicated.
In a normal Linux machine, the file needs to be created in /etc/NetworkManager/conf.d In Qubes, the sys-net VM inherits that directory from a parent template, so you need to make that file change in the template. Then shut down the template, make sure the sys-net VM is using that template as it’s main template (settings → basic tab) and start up sys-usb.
If you do that, you will see the file in /etc/NetworkManager/conf.d .
If Network Manager is running as a service on sys-net (settings → services), it will generate randomized addresses.
When you say things like “I have to made the file and after it I had to create a usb template” and “Here is the file with the direction and the content in sys-net after I moved the file from my fedora-34 TemplateVM.” it makes me wonder if you understand the basic concept of templates in Qubes.
Why would you move the file from the Fedora template? That’s where it belongs. How can you create the template after making the file when the file needs to be in the template?
Have you read the Qubes documentation?
After a longer time I tried your steps again and it works for me. I understanding the concept of isolation and yes I read the documentation of qubes and whonix. Anyways, thank you for you help.
1 Like
So I’ve had some success here. But my ethernet is not randomizing, only my wifi. Any thoughts?
@Suspicious_Actions might have some input to offer.
As per the qubes-community guideline I entered a variation of:
"[device]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable
connection.stable-id=${CONNECTION}/${BOOT}"
I changed the word 'stable' to 'random' in all three instances.
Any input on why I may be having troubles?You should not change the connection.stable-id=... part. the stable is part of the name for the variable/option.
Further you do not need it, if setting both stable-ids to random.
Try it without, maybe restart your sys-net.
Am also discovering a new issue.
When creating dhclient.conf to prevent hostname sending…
/etc/NetworkManager/conf.d/dhclient.conf
I’m also noticing that the 00-macrandomize.conf file i’d previously placed and saved for MAC randomization is gone.
When checking if my wifi-MAC still randomizes, it does.
Am going to try your above suggestion and see if that clears my first ethernet-not-randomizing problem.
This file must be placed inside the Template, not the AppVM to be persistent.
1 Like
It’s always going into ‘Template (Disp): debian-11-dvm’, which seeds my disposable sys-net.
Does the bind-dirs solution still apply do you think?
You have to either:
- Put the file in the template of your dvm (debian-11)
- Use the bind dirs and put it in the dvm (debian-11-dvm)
1 Like
This is not a TemplateVM, it’s more like specific AppVM that is using debian-11 TemplateVM but is also sort of “template” for disposable vms.
2 Likes
Yes. I think in this case your solution is more fitting.
1 Like