Stangri's VPN Policy Routing package is a mainstay of my OpenWRT builds. It works great for IPv4, but I couldn't, for the life of me, get it working with IPv6. Instead, I had to faux-implement PBR as follows.
My VPN provider only gave me a single IP address with a /128 prefix, so I was forced to use NAT6. This left me with a stanza in my firewall config that looks like this; note the masq6 option
config zone
option name 'wan_vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wg_vpn'
option masq6 '1'
option masq6_privacy '1'
With that in-place, I had to ignore my ISP's prefix delegation on those interfaces where I wanted IPv6 traffic to be directed over the VPN:
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.1'
option ifname 'eth1 eth2'
option ip6assign '64'
option ip6hint 'AA'
list ip6class 'local'
Finally, I created a route:
config route6
option target '::/0'
option interface 'wg_vpn'
It's not pretty - there should be no need to use NAT with IPv6 - and I'm sure there's a better way; but it works. Perhaps one day my VPN provider will give me something like a /48; or at least a /60. In the meantime, if anybody knows how to get IPv6 PBR working with Stangri's package, please let me know!
Just curious, I'm a noob regarding IPv6, when routing through a VPN, we have to get IPv6 address from the VPN right? Can we just use ISP delegated IPv6 through the VPN tunnel?
My VPN has a /48, but I haven't got the time to test it with pbr.
EDIT: after some experimenting I now have the following understanding: (I'm not an expert so do take it with grain of salt)