iOS 14

Comments

43 comments

  • Avatar
    John

    Update:

    Since putting the iPad in a group and turning OFF Private address for the wifi radio it's associated with, there have been no problems, no alarms, no LAN address changes. Cool.

    The iPhone suddenly has become stable also with no problems, alarms, or LAN address changes with the same settings.

    The FING link is VERY helpful explaining what's going on. In particular it seems the LAN address may change at random times, possibly even with Private Address OFF. We will see.

    My impression is the changes are related not only to MAC but also the specific radio, so for example, if you change from a 2.4  to 5 hz, at a given location, the address will change.

    All in all the devices, (or maybe me too), have settled down to the new iOs system. I will trying it out on the road, today.

    Good discussion here.

     

    1
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Hi Andy I've seen sources say that it isn't a strict 24 hour process. Some sources claim each wifi point (BSSID really) will be permanently tied to a private MAC. Others say it is random and will change without notice even while you are on a network. Have you tested and verified how it works or did you just read this somewhere? 

    0
    Comment actions Permalink
  • Avatar
    Andy brown

    To be honest, Ive read so much on this feature, cant remember where I read or heard it.  Ive actually turned it back on for one device today to see if there is going to be a change and when.  We have 4 iOS/iPadOS devices, so I will see what the difference is if any.

    1
    Comment actions Permalink
  • Avatar
    Adam Case

    Thanks for this post, it has been very helpful.  I consider myself a novice in this area.  I have been using Firewalla blue for about 6 months.  I have appreciated it because of its simplicity.  I have been having the same problem mentioned in this post, since iOS 14 has been installed on my iOS devices.  I finally realized it was only ios 14 devices that were having the problem.  I have followed the advice here of turning off Private address and it seems to have worked, although it's only been 12 hours ago. I was running two iphones and one ipad that were having issues.  Since finding this post I have upgraded the other two family ipads so I am now running five ios devices on ios 14 and have turned off Private address for each of them.  It seems to have worked. So far I've had no issues since I turned off private address and restarted my devices.

     

    As a novice, my question is, am I more secure using firewalla with private address turned off in ios or would I be more secure to stop using firewalla and leave private address on?  I feel like it would be nice to use both, but from reading this post, that doesn't seem possible.

    0
    Comment actions Permalink
  • Avatar
    Andy

    @Adam, the private address is more for places that try to track you as you move with your device, like in a mall when you are on their wifi, so the changing MAC helps to hide who you are as you move around.

    Using private address does nothing for you at home, except give you a headache with changing devices.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Think of this analogy, when you are outside and order coffee from Starbucks, you can tell them you are Joe or Donald or Jason ...  (in case you are paranoid people knowing your true name) ... 

    Then you are at home, you start telling your wife and kids, you are Joe the first day, the next day Donald ... then Jason the third day.  First, your wife and kids will be worried and tried hard to figure out what you are doing ...  then they will either ignore you or take you to the doctors :)

    not sure if this is funny ... happy Thursday!

    1
    Comment actions Permalink
  • Avatar
    Adam Case

    Thanks @andy and @firewalla  I appreciate the help/clarification.

    It seems like an impossible request, given what is happening with this issue, but it would be helpful for a novice to somehow be alerted to this issue and what the fix/workaround is.  (If I'm understanding things correctly it would be virtually impossible for firewalla to have any way to know iOS was spoofing the MAC address and alert the user).  I was frustrated for a number of days, and then when I found out it was related to firewalla my first thought was that I was going to have to stop using it.  I'm glad I dug a little deeper and was able to find this thread. I greatly appreciate firewalla.  Thanks again everyone.

     

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @Adam, Firewalla is using a dialog to alert you when it thinks that a Private Address is an issue. Though I can't speak to how they determine that or if it is flawless. My guess is that maybe they are looking for devices with names they already know? But in any case, my guess is this is imperfect and this is just one of the challenges any router will face with the introduction of Private Addresses. Eventually people will learn that if they are on a trusted network they should disable Private addresses. It is that simple. 

    0
    Comment actions Permalink
  • Avatar
    New Gold owner

    Michael brings up a great point here:   I don’t know yet if I can stop the kids from using private Mac addresses. If I can’t, then firewalla parental controls are worthless.

    In my current TP-Link router, I've set both the original MAC address and the private MAC address that my kid's iPhone uses to connect to it, in order to apply parental controls (sometimes a blacklist, and sometimes a whitelist of websites, etc). Oddly, I've noticed in iOS 14, it uses the same private MAC address when I toggle it back and forth from private to non-private MAC.  So I just block both and will keep looking if it changes it to another, randomly assigned MAC address.

    Firewalla - have we figured this out? I'd like to know before buying a Gold or Blue Plus.  Parental controls to help guide our kids is exactly what is needed, but almost every teenager knows how to turn on/off a VPN and Private MAC address settings using iOS. 

     

     

     

     

    0
    Comment actions Permalink
  • Avatar
    New Gold owner

    Also, to point out the obvious, if the kids have their cellphones, it’s easy for them to turn off WiFi and use their cellular data plans. So I’ve had to confiscate phones in order for homework to be completed. They can also use a different, publicly available hotspot (xfinitywifi) for their school issued Chromebook, so I’m trying to control our home network at a minimum.

    I know it’s not Firewalla’s problem to fix our kids’ addiction to the Internet (thanks, home/online learning) but anything would certainly help!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The quarantine feature should block traffic if kids are using random MAC's.  It is there in 1.971 already. 

    Controlling phone + device access also can be done via EMM or MDM services ... those require a lot more than just installing a router.   Which means, taking away their phones is likely the quickest and easiest solution

    2
    Comment actions Permalink
  • Avatar
    Michael Bierman

    On your network if you use the quarantine feature, you can block unknown or private MAC addresses from having access to LAN, WAN, or both. So for WiFi devices that is sufficient.

    For known devices, you can limit what they can access (web sites, etc.)

    iOS allows parents to limit WiFi to specific access points, but it is a pain to set up.

    1
    Comment actions Permalink
  • Avatar
    New Gold owner

    Thank you - I'm getting desperate here, and will place my order for Firewalla Gold.  Keep up the good work. Hopefully the interfaces for blacklist websites allows for wildcards and subnets? keyword search blocks?

    0
    Comment actions Permalink

Please sign in to leave a comment.