Manually generating IPv6 privacy address

This is a quick tutorial to manually generate IPv6 address on a preferred schedule. Tested on Debian 12.

First create a new text file in your home directory for storing IPv6 prefix. For example /root/IPv6/IPv6-prefix.txt with a 0 in it and save it and set chmod 777 as permission for write access. Then create three bash scripts in your home directory as listed below and chmod 755 for execution permission for all of them. Change the name ens18 with the name of your ethenrnet adapter. Change the value preferred_lft 97200 to your desired lifespan of your IPv6 address.

/root/IPv6/IPv6-Add-Privacy-Address.sh
#!/bin/bash

IPv6PrefixFile=/root/IPv6/IPv6-Prefix.txt

IPv6Prefix=$(cat $IPv6PrefixFile)

IPv6Prefix=${IPv6Prefix:0:19}
IP=$(printf "$IPv6Prefix:%s"; openssl rand -hex 8 | sed 's/\(....\)/\1:/g; s/.$//');
ip addr add $IP/64 dev ens18 preferred_lft 97200

logger -p  warning "IPv6 new privacy address added $IP"

# Remove deprecated IPv6 addresses
DHCPv6=$(ip -6 addr|awk '{print $2}'|grep -P '^(?!fe80)(?!fd)[[:alnum:]]{4}:.*/128'|cut -d '/' -f1)
for i in $(/sbin/ip -6 addr | grep -vE 'host|mngtmpaddr|temporary' | grep 'scope global deprecated\s$' | sed -e 's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | grep '^2'| grep -v "${DHCPv6}");
do
	echo remving ${i}
	ip -6 addr del ${i}/64 dev ens18
	logger -p  warning "IPv6 deprecated privacy address removed ${i}"
done

exit 0
/root/IPv6/IPv6-prefix.sh
#!/bin/bash

IPv6PrefixFile=/root/IPv6/IPv6-Prefix.txt

__rfc5952_expand () {
    read addr mask < <(IFS=/; echo $1)
    quads=$(grep -oE "[a-fA-F0-9]{1,4}" <<< ${addr/\/*} | wc -l)
    grep -qs ":$" <<< $addr && { addr="${addr}0000"; (( quads++ )); }
    grep -qs "^:" <<< $addr && { addr="0000${addr}"; (( quads++ )); }
    [ $quads -lt 8 ] && addr=${addr/::/:$(for (( i=1; i<=$(( 8 - quads )) ; i++ )); do printf "0000:"; done)}
    addr=$(for quad in $(IFS=:; echo ${addr}); do printf "${delim}%04x" "0x${quad}"; delim=":"; done)
    [ ! -z $mask ] && echo $addr/$mask || echo $addr
}

IPv6Prefix=$(ip -f inet6 route | grep '^2' | grep '/64' | awk '{print $1}' | cut -d'/' -f1)

IPv6CurrentPrefix="$(__rfc5952_expand $IPv6Prefix)"

STOREDIPV6=$(cat $IPv6PrefixFile)

if [ $IPv6CurrentPrefix != $STOREDIPV6 ]; then
echo $IPv6CurrentPrefix > $IPv6PrefixFile
logger -p  warning "IPv6 new prefix detected $IPv6CurrentPrefix"

# Add new IPv6 address
source /root/IPv6/IPv6-Add-Privacy-Address.sh
fi

exit 0
/root/IPv6/IPv6-System-Startup.sh
#!/bin/bash

IPv6PrefixFile=/root/IPv6/IPv6-Prefix.txt

echo "0" > $IPv6PrefixFile

source /root/IPv6/IPv6-prefix.sh

exit 0

Now add three new cron jobs to automate IPv6 address generation.

Cron Jobs
# IPv6 1AM
0 1 * * * /bin/bash /root/IPv6/IPv6-Add-Privacy-Address.sh > /dev/null 2>&1

# IPv6 Check Every 15 Min
*/15 * * * * /bin/bash /root/IPv6/IPv6-prefix.sh > /dev/null 2>&1

# IPv6 Maintenance
@reboot sleep 30 && /bin/bash /root/IPv6/IPv6-System-Startup.sh > /dev/null 2>&1

Let me know if you have any comments or if there is any error in this guide.