NetworkManager.conf help

General Help
1

Hi

It seems I learned documentation of NetworkManager.

I am trying to achieve what i posted here /etc/machine-id questions but in other way (via NetworkManager.conf).

And, can you please check whether i am doing right, because it is first time i ever change something like this.

Here is what i drafted:

[main]
hostname-mode=none

[connection]
connection.stable-id="${RANDOM}"
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv4.dhcp-client-id=stable
ipv6.dhcp-duid=stable-uuid
ipv6.addr-gen-mode=stable-privacy
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no
generate-mac-address-mask=FF:FF:FF:00:00:00  3C:28:6D:00:00:00

Last one should deceive networks that it is "real" MAC, not randomized since captive can demand real OUI and i don't feel comfortable revealing my brand, let alone MAC

My idea to hide myself from public networks. I already enabled random MAC, but i see that machine-idused in DHCP ID, which can be used to track me. So i wonder if this config will help me WITHOUT constant rotation of machine-id.

Some guides in internet says i should put ipv4.dhcp-client-id=mac but won't it kill all the purpose of hiding?

2

Yes, it would.

I think:

This would have the opposite effect and create a fixed I.D.

[main]
hostname-mode=none

[connection]
connection.stable-id=${CONNECTION}
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
ipv4.dhcp-client-id=stable
ipv6.dhcp-duid=stable-uuid
ipv6.addr-gen-mode=stable-privacy
ipv6.ip6-privacy=2
ipv4.dhcp-send-hostname=false
ipv6.dhcp-send-hostname=false
connection.mdns=no
connection.llmnr=no

That said - I am no expert, but I would expect instability in your networking doing this this way.

3

Many thanks for your help!

I also found this mentions via dorks... (not sure about them)

ipv4.dhcp-client-id=stable-${RANDOM}
connection.stable-id=${CONNECTION}/${BOOT}/${RANDOM}

# Optional: force new random stable-id on every boot
connection.stable-id=${BOOT}

# MOST interesting -->
# Claimed as "MAC-based client-id/IAID" replacement of machine-id derived values
# MEANS identifiers change together with randomized MAC???
ipv4.dhcp-client-id=mac
ipv4.dhcp-iaid=mac
ipv6.dhcp-duid=ll

Some guides in internet says i should put ipv4.dhcp-client-id=mac but won't it kill all the purpose of hiding? Also, i didn't test but some guides says that something like ipv4.dhcp-client-id=mac is mac that randomised by ethernet.cloned-mac-address=random / wifi.cloned-mac-address=random. But i am not sure. I will be very pleased if someone check

I will be very pleased for review, critics and advices

4

A Brave A.I. search brought back this:

" To hide your MAC address completely in Linux, you can use MAC address spoofing to temporarily change your network interface’s MAC address. This prevents your real hardware MAC from being exposed on the network.

Using macchanger (Recommended)

Install macchanger :

sudo apt install macchanger  # Debian/Ubuntu/Kali
sudo pacman -S macchanger    # Arch Linux
  • Randomize MAC (recommended for anonymity):
sudo ip link set dev wlan0 down
sudo macchanger -r wlan0
sudo ip link set dev wlan0 up
  • Set a specific spoofed MAC:
sudo macchanger --mac=AA:BB:CC:DD:EE:FF wlan0
  • Restore original MAC:
sudo macchanger -p wlan0

Note: Always bring the interface down before changing the MAC, then bring it back up.

Automate Spoofing on Boot

To ensure MAC is changed every time you connect:

  • Use systemd or udev rules to run macchanger at boot.
  • Example systemd service (/etc/systemd/system/macspoof@.service ):
[Unit]
Description=MAC Address Change %I
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
Type=oneshot
ExecStart=/usr/bin/macchanger -r %I
ExecStart=/usr/bin/ip link set dev %I up

[Install]
WantedBy=multi-user.target

Enable with: sudo systemctl enable macspoof@wlan0.service

Use Tools Like anonym8 (for full anonymity)

The anonym8 tool hides both IP and MAC address:

git clone https://github.com/hiroshim/anonym8.git
cd anonym8
chmod +x install.sh
sudo ./install.sh
anonym8 start  # Starts Tor + MAC spoofing
anonym8 start mac  # Changes MAC address

Important: MAC spoofing is temporary and resets on reboot unless automated. It does not hide your MAC from local network traffic if you're on the same LAN, but it prevents tracking via MAC address on public networks.

For maximum privacy , combine MAC spoofing with Tor , VPN , and network manager settings that disable MAC randomization tracking.

AI-generated answer. Please verify critical facts."