Page 1 of 1
Forum

Welcome to the Tweaking4All community forums!
When participating, please keep the Forum Rules in mind!

Topics for particular software or systems: Start your topic link with the name of the application or system.
For example “MacOS X – Your question“, or “MS Word – Your Tip or Trick“.

Please note that switching to another language when reading a post will not bring you to the same post, in Dutch, as there is no translation for that post!



Share:
Notifications
Clear all

Apple Rotating WiFi Address

9 Posts
2 Users
0 Reactions
315 Views
(@stevebythebay)
Active Member
Joined: 2 years ago
Posts: 4
Topic starter  

I noticed that with macOS Sequoia a new option exists to rotate the device's IP address.  I'm not clear on how this may impact access across a local network when other devices are already network mounted.  Seems that, for instance, an existing mount will not be broken.  However, if either the Apple device or the mounted device breaks the connection, trying to use ConnectMeNow's existing definition for a device will fail.  At best one can create reservations for devices on the local router.  But that would then mean disabling the connection (turn off then turn the device's WiFi), and then the reserved IP address would be assigned once again.  Just trying to get a handle on what this may mean both functionally and for usability.

This topic was modified 1 month ago by Hans

   
ReplyQuote
 Hans
(@hans)
Famed Member Admin
Joined: 11 years ago
Posts: 2797
 

Interesting find ... I had not noticed this.

My initial thought was indeed to create a reservation in one's router.

Did some testing and found the IP address assignment behavior to be "as usual".
One router sticks with the IP address it had assigned before (OPNSense) and another router assigns just the next IP address in line (Fritz!box modem).
Not seeing anything unusual there.

So I went snooping in the settings (running Sequoia 15.0.1 on an M1):

Settings -> Wi-Fi -> specific WiFi AP/Network name -> Details

I do see some settings like "Private Wi-Fi address" (off, fixed, rotating - mine is set to fixed in both tests), and "Limit IP address tracking" is set to ON (I would think this is only relevant for your public IP address, eg the address seen from the Internet).
Since both tests were set the same, I would guess this may be a router issue? Or are your settings different?


   
ReplyQuote
 Hans
(@hans)
Famed Member Admin
Joined: 11 years ago
Posts: 2797
 

Apologies, I mis-read your post.
You did see this new feature and are not sure what the impact would be, where as I read that you IP address kept changing 😜 

I guess the  "Private Wi-Fi address" (offfixedrotating) option is what you were referring to?


   
ReplyQuote
(@stevebythebay)
Active Member
Joined: 2 years ago
Posts: 4
Topic starter  

@hans there are various scenarios it seems.  The Apple doc that was recommended I read is

https://support.apple.com/102509 which doesn’t help much.  I’ve chosen to go with “rotating” along with “limit in address tracking”, a seemingly different security measure.  I’ll just have to find out, over time, whether it impacts the local network at all.  Apple only seems to protect its ecosystem from this setting while devices are logged into iCloud, etc.  It would seem the bigger issues arise with non-local devices accessing the local network.  No telling how this might cause unmounts, though we’re talking over a couple weeks before a poss IP address rotation.


   
ReplyQuote
 Hans
(@hans)
Famed Member Admin
Joined: 11 years ago
Posts: 2797
 

Maybe I'm not quite understanding the issue (apologies):
Am I understanding this right that you're worried the IP address may change of a Mac on which you have made a share available?
I mean, for a Mac (running ConnectMeNow) accessing a share on another machine this wouldn't matter.

As far as I understand, this feature changes the MAC address of your Mac's WiFi connection.
Note: This would then potentially interfere with making IP address reservations in your router, since those rely on a consistent MAC address.

Sounds like something you'd want to use when you're on the road - to maybe improve security a tiny bit.
But not for a private (at-home) WiFi network.

As far as I can see, this is also a per-network (SSID) setting. Mine all have set this to "fixed".

So for now I do not see an issue with ConnectMeNow. Unless you make a share on your Mac available when you're on the road, not in your own private network.

Please correct me if I'm misinterpreting the original post 😊 


   
ReplyQuote
(@stevebythebay)
Active Member
Joined: 2 years ago
Posts: 4
Topic starter  

I do have mounts from Mac to Mac in my local network. This new feature periodically changes the IP address.  My concern is that the mounts will no longer work once the IP address is changed.  As I understand it the MAC address is hardware based and is like a unique serial number.  The former is what the setting is changing. When that happens it would seem the mount will be broken.

However, maybe what this rotating feature is doing is hiding the hardware MAC when communicating to internet rather than local devices. So, for example, a USB drive attached to a MacBook that is mounted from outside the local network may loose its ability to share.  Just not clear.

As for ConnectMeNow if I choose to keep a fixed (reserved) IP address via my router, that would only guarantee that on rebooting the MacBook the assigned IP address would return to the MacBook.  Any system that was using ConnectMeNow which had the MacBook as part of its definitions could remount that machine without any issues.

Let me know if I’m misreading the Apple document or misunderstanding how ConnectMeNow works.


   
ReplyQuote
 Hans
(@hans)
Famed Member Admin
Joined: 11 years ago
Posts: 2797
 

Posted by: @stevebythebay
I do have mounts from Mac to Mac in my local network

Ah OK, now it makes sense why you're concerned about changing IP addresses. 😊 
Apologies for the confusion on my end.

The MAC address should be unique but can be changed. We used to use that trick to clone modem MAC addresses when we would want to use our own modems but our ISP would not allow this 😉 

Using a fixed IP address then indeed may come with problems when the IP address of the target Mac keeps changing.
You could use the computer name of course. You will need to add ".local" at the end, so if your Mac is called "MYMACBOOK" (NETBIOS name) then the network name would be "MYMACBOOK.local". You can try if that works by doing a ping from Terminal (ping MYMACBOO.local) - we have to make sure the DNS resolves the name properly to an IP address.

 

Private Wi-Fi Setting (link)

Off - WiFi works as always, with the hardware MAC address.
Fixed - (default) WiFi uses a fixed private MAC address that does not change so IP address.
Rotating - WiFi changes MAC address every 2 weeks.

Reading this for the 5th time now and I honestly have zero trust in this feature improving security ... at all 😉 

 

 

So coming back to your question (sorry for sidetracking):

If you use fixed IP addresses in ConnectMeNow, and you use WiFi with the changing MAC address option (Rotating), then this could cause issues indeed, as the router would potentially assign it a different IP address, making it unreachable for ConnectMeNow.

You have two options here to avoid this:

1) Leave this set to "OFF" or "FIXED" which is what I would recommend.

"Fixed" is the default setting (per Apple Docs). When traveling and/or connecting to 3rd party WiFi, then you could consider using "Rotating" but in all honesty I doubt it will serve any practical purpose. Maybe useful if you stay in a hotel for a week or something like that. Hotel WiFi would be a no-no for me anyway.

** Note that this appears to be a per-SSID setting. So for your home and office you could use OFF or FIXED, and when traveling you can set it to ROTATING for a specific connection. However, it will change only every 2 weeks, so I have no idea how useful this would even be.

2) Use computer NETBIOS names (eg. MYMACBOOK.local).

This would then never be affected by changed IP addresses. However, when your router is temporary down, you may not be able to reach that share either. You can find this under WINS of your WiFi settings.

 

Does this answer you question? 😊 


   
ReplyQuote
(@stevebythebay)
Active Member
Joined: 2 years ago
Posts: 4
Topic starter  

Thanks for your assessment.

I think I’ll go with fixed as you and Apple suggest, since I’ve neither heard nor uncovered any clear understanding as to the this settings value.  Maybe it lies on the extremes of security.  


   
ReplyQuote
 Hans
(@hans)
Famed Member Admin
Joined: 11 years ago
Posts: 2797
 

You're most welcome - thanks to you I've learned something new as well, so thank you for that 😊 

I think rotating MAC addresses may be useful when they get changed every so many minutes. But a 2 week delay would give the bad guys 2 weeks to do their thing anyway. I'm sure I'm not that important that a bad guys wants to spend more than that one me anyway ... 😉 


   
ReplyQuote
Share: