On Thu, 2014-06-12 at 17:43 -0500, Dan Williams wrote:
On Thu, 2014-06-12 at 23:22 +0200, Mark Elkins wrote:I hear that the latest Apple IOS uses a random MAC address when scanning local wifi hotspots - so "people" can not track the device so easily... seems like a good addition. It would also be interesting if I could automatically change my MAC address every so many configurable minutes - both on wifi and wired interfaces... a bit like I can do with my IPv6 address...We've been discussing this upstream with kernel developers too. The short answer is that yes, it can happen, but it'll take some work in the kernel and wpa_supplicant to make that happen. Once that's done, NetworkManager can use it. Note that this behavior is only for randomized MAC addresses when *scanning*. The device must still use a stable MAC address when it connects to a network, and that address cannot change during the connection without breaking the connection entirely and reconnecting. And that wouldn't work well for hotspots, since they often cache your "logged-in" status based on your MAC address. For wired it would probably greatly confuse switches and bridges, and would trigger re-authentications for 802.1x-enabled switches. So yeah, randomized MAC when scanning is coming. But randomized MAC every few minutes wouldn't work well in many normal WiFi and ethernet cases, so that's probably not going to happen soon (if ever)...
The request has a nefarious element.... those "free for 15 minute" Internet connections at the Airport.... Simply having a "timer" that changes the MAC would be good. One would have to re-authenticate - but that is location (Ahem.. airport) dependant and that annoyance is balanced out by the "free" service.
(note that even though the MAC is randomized when scanning, tracker devices could use timing and IE heuristics to detect your MAC address with some > 50% probability, if you stay in the same place long enough.) DanOn Thu, 2014-06-12 at 15:24 -0500, Dan Williams wrote:On Wed, 2014-06-11 at 12:12 -0400, Chuck Anderson wrote:Has any thought been given to implementing standardized network provisioning similar to how Apple's .mobileconfig works? We are using CloudPath XpressConnect to provision Windows, Mac, Linux, Android, iOS, etc. with our WPA-Enterprise EAP-TLS configuration & certificates. XpressConnect's Linux support uses a native Linux binary and relies on communication with the NetworkManager DBUS API. The rapid changes in this API and other system components on Linux cause this to break frequently. For example, XpressConnect works on a freshly installed Fedora 20, but not one updated with the latest package updates. XpressConnect for iOS just generates a .mobileconfig file server-side, and the client downloads that and installs it to configure- the network settings, install certificates, etc. There is no client-side code at all. It would be nice if NetworkManager supported a similar methodolgy for standardized network configuration provisioning.That would be nice, and if the .mobileconfig is well-formed enough we might as well just use that format. It might not be too hard to create an importer (similar to the VPN plugin importers) that could just be run client-side that would send all this to NetworkManager. I've filed: https://bugzilla.gnome.org/show_bug.cgi?id=731596 and this would be a great standalone project for anyone that wants to help out or get into NM development! Dan _______________________________________________ networkmanager-list mailing list networkmanager-list gnome org https://mail.gnome.org/mailman/listinfo/networkmanager-list_______________________________________________ networkmanager-list mailing list networkmanager-list gnome org https://mail.gnome.org/mailman/listinfo/networkmanager-list
-- Mark James ELKINS - Posix Systems - (South) Africa mje posix co za Tel: +27.128070590 Cell: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Attachment:
smime.p7s
Description: S/MIME cryptographic signature