My linux config and rc files https://git.sommerfeld.dev/dotfiles/atom/etc/iwd/main.conf?h=master 2026-05-29T10:18:14Z 2026-05-29T10:18:14Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-29T10:18:14Z urn:sha1:5ee66a0415e88f4fa78986c823dd1ad709524e70 `AddressRandomization=network` made iwd present a per-SSID random MAC to every Wi-Fi network. On networks that pin DHCP leases or 802.1X access to a specific hardware MAC (corporate Wi-Fi, routers with DHCP reservations, MAC-filtered networks) this means iwd associates fine but DHCP never completes — the new MAC is unknown to the upstream. The privacy gain is marginal when the user only connects to a small set of known APs anyway, and the cost (no IP on a familiar network) is much worse than the threat model justified. Drop the override entirely; iwd's defaults (permanent MAC, no IP config — systemd-networkd remains the IP-layer authority via etc/systemd/network/30-wifi-bond0.network) match what we actually want. If we want privacy MAC again later, the right place is a systemd .link file with MACAddressPolicy=random, applied per-interface, not iwd-wide. 2026-05-29T10:18:12Z sommerfeld sommerfeld@sommerfeld.dev 2026-05-29T10:18:12Z urn:sha1:0ccd0743ef845084a1b410fa1f0a36946dbb9e8d AddressRandomization=network: iwd generates a deterministic per-SSID random MAC. Hardware MAC is never exposed on Wi-Fi; reconnects to the same network reuse the same MAC, so DHCP leases, WPA-EAP creds and captive portals stay stable. EnableNetworkConfiguration=false keeps systemd-networkd authoritative for IP — the existing 30-wifi-bond0.network setup is unaffected and the wlan interface still gets enslaved into bond0.