IPv6 privacy extension failure check and restart network

This script checks that the IPv6 privacy extension are working properly and if there is a problem with getting a new IPv6 address this script restarts the network. I saw once in a while that the IPv6 privacy extension failed to get a new IPv6 address from the router and stopped working. Use this script in a schedule to check for working IPv6 privacy extension.

Update: 2024-12-24. New and improved script to check and restart IPv6 privacy address generation

Save the new file as /etc/cron.hourly/IPv6-privacy-check and chmod 0755 for permission. Change the name of interface ens18 to the name of your server's interface.

/etc/cron.hourly/IPv6-privacy-check
#!/bin/bash

IPv6privacycheck=$(/sbin/ip -6 addr | grep inet6 | grep -v "::1" | grep -v "inet6 fe80" | grep -v "inet6 fd" | grep "scope global temporary dynamic")

if [ -z "$IPv6privacycheck" ]
then

for i in $(/sbin/ip -6 addr | grep 'temporary' | sed -e 's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d');
do
	ip -6 addr del ${i}/64 dev ens18
done

logger -p warning "IPv6 privacy extension failed, restarting"
sysctl -w net.ipv6.conf.ens18.use_tempaddr=0
sleep 15
sysctl -w net.ipv6.conf.ens18.use_tempaddr=2
fi

exit 0

Old method that I do not use anymore

Bash script using IPv6 grep

IPv6-privacy-check
#!/bin/bash

IPv6privacycheck=$(/sbin/ip -6 addr | grep inet6 | grep -v "::1" | grep -v "inet6 fe80" | grep -v "inet6 fd" | grep "scope global temporary dynamic")

if [ -z "$IPv6privacycheck" ]
then
systemctl restart networking
sleep 60
logger " IPv6 privacy extension failed, restarting network"
fi

exit 0

Bash script using IPv6 route command with token. If the IPv6 privacy extension stops working Linux start using the token for outgoing connection, this script checks if a token is being used for outbound connection and if it is then it restarts the network interface.

IPv6-privacy-check-route
#!/bin/bash

SUFFIX="::71c6:b34f:8e2a:54f5"

__rfc5952_expand () {
    read addr mask < <(IFS=/; echo $1)
    quads=$(grep -oE "[a-fA-F0-9]{1,4}" <<< ${addr/\/*} | wc -l)
    grep -qs ":$" <<< $addr && { addr="${addr}0000"; (( quads++ )); }
    grep -qs "^:" <<< $addr && { addr="0000${addr}"; (( quads++ )); }
    [ $quads -lt 8 ] && addr=${addr/::/:$(for (( i=1; i<=$(( 8 - quads )) ; i++ )); do printf "0000:"; done)}
    addr=$(for quad in $(IFS=:; echo ${addr}); do printf "${delim}%04x" "0x${quad}"; delim=":"; done)
    [ ! -z $mask ] && echo $addr/$mask || echo $addr
}

SUFFIX="$(__rfc5952_expand $SUFFIX)"
SUFFIX=${SUFFIX: -19}

OutboundIPv6=$(ip route get 2000:: | awk '{print $11}')
#OutboundIPv6=$(ip route get 2000:: | grep -Po -- 'src \K\S*')
OutboundIPv6="$(__rfc5952_expand $OutboundIPv6)"
OutboundIPv6=${OutboundIPv6: -19}

if [ $OutboundIPv6 == $SUFFIX ]; then
systemctl restart networking
sleep 60
logger " IPv6 token detected in outbound connection"
fi

exit 0

Let me know if you have any comments or if there is any error in this guide.

https://github.com/saudiqbal