NetworkManager.conf help

Linux Support
1

Hi

It seems I learned documentation NetworkManager.conf: NetworkManager Reference Manual of NetworkManager.

And, can you please check whether i am doing right, because it is first time i ever change something like this.

Here is what i drafted

[main]
hostname-mode=none

[connection]
connection.stable-id="${RANDOM}" #is this correct?
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv4.dhcp-client-id=stable #maybe =mac?
ipv6.dhcp-duid=stable-uuid #maybe =random?
ipv6.addr-gen-mode=stable-privacy #maybe =random?
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no
generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00

Other variants from varios forums (not sure about them)

ipv4.dhcp-client-id=stable-${RANDOM}
connection.stable-id=${CONNECTION}/${BOOT}/${RANDOM}

# Optional: force new random stable-id on every boot
connection.stable-id=${BOOT}


# MOST interesting -->
# Claimed as "MAC-based client-id/IAID" replacement of machine-id derived values
# MEANS identifiers change together with randomized MAC???
ipv4.dhcp-client-id=mac
ipv4.dhcp-iaid=mac
ipv6.dhcp-duid=ll

Last one should deceive networks that it is “real” MAC, not randomized since captive can demand real OUI and i don’t feel comfortable revealing my brand, let alone MAC

My idea to hide myself from public networks. I already enabled random MAC, but i see that machine-idused in DHCP ID, which can be used to track me. So i wonder if this config will help me WITHOUT constant rotation of machine-id.

Some guides in internet says i should put ipv4.dhcp-client-id=mac but won’t it kill all the purpose of hiding? Also, i didn’t test but some guides says that something like ipv4.dhcp-client-id=mac is mac that randomised by ethernet.cloned-mac-address=random / wifi.cloned-mac-address=random. But i am not sure. I will be very pleased if someone check

generate-mac-address-mask=FF:FF:FF:00:00:00 3C:28:6D:00:00:00 it is better than without. Without captive portal see random mac and can ban it. This spoofs like real one

OUI for it can be taken from list https://raw.githubusercontent.com/idoCo10/OUI-list/refs/heads/main/oui.txt

I will be very pleased for review, critics and advices

2 Likes
Weekly Forum Summary
2

You’re mostly on the right track. The one thing to watch is that anything set to stable can still be derived from connection.stable-id, which may be long-lived unless you rotate it.

If your goal is privacy on public networks without touching machine-id, the simplest approach is:

  • Keep MAC randomization enabled.
  • Use ipv4.dhcp-client-id=mac. This follows the randomized MAC, not the real one.
  • Avoid ipv4.dhcp-client-id=duid, since that uses machine-id.
  • Set connection.stable-id=${BOOT} if you want identifiers to change per reboot, not on every reconnect.

Your OUI mask is valid and can help with captive portals, but it’s optional and adds complexity.

Basically randomized MAC + DHCP client-id tied to that MAC already achieves what you want.

3 Likes
Weekly Forum Summary
3

So… revised one is:

[main]
hostname-mode=none

[connection]
connection.stable-id="${RANDOM}"
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv4.dhcp-client-id=mac
ipv4.dhcp-iaid=mac
ipv6.dhcp-duid=ll
ipv6.addr-gen-mode=random
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no
generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00

Right? Can you point out mistakes? Or i good to go?