Where you run the client is less important then to register the raspberrry's GUA... with a static interface identifier once you know the prefix, you can construct the GUA and hence register it even from the router... but then having the raspberry do the registering itself is fine as well.
Not sure but I am sure this is not witchcraft...
Do not use a Port Forward. IPv6 does not NAT the address or remap the port, so use an ordinary Traffic Rule.
As mk24 stated a traffic rule should do.
I run a WG server in my network (on an EA8500) I have given that a static IP address, the hostid uses the prefix and adds 06 (it is hex but I use this to be the same as the IPv4 address):
config host
option dns '1'
option name 'EA8500'
option mac 'C0:56:27:XX:XX:XX'
option ip '192.168.0.6'
option leasetime '6h'
option duid '00030001a0562713278d'
option hostid '06'
The traffic rule uses a negative mask so that if the prefix changes it does not matter:
config rule
option name 'wg-server6-6'
list proto 'udp'
option src 'wan'
option dest 'lan'
option dest_port '51810'
option target 'ACCEPT'
option family 'ipv6'
list dest_ip '::6/-64'
This configuration is done at openwrt side? What file? Can this also be done via LUCI?
So I was continuing playing with IPv6 and found that I am not able to ssh to my oracle cloud instance via ssh (port is not standard 22, I changed it for security reasons)
Then I disable IPv6 completely in openwrt following this, then I was able to ssh.
Any logical explanation for this?
The static leases in: /etc/config/dhcp
The traffic rules in: /etc/config/firewall
Can also be done in LuCi, if you add the rules you can see them in LuCi 
So this file is modified as below to add a static ipv6 address to the raspberry pi where I want to host the website, is that correct?
config host
option dns '1'
option name 'pi2b'
option mac '<MAC ADDRESS OF RPI>'
option ip '192.168.0.240'
option leasetime '6h'
option duid '00030001a0562713278d'
option hostid '06'
Where can I get duid? I tried
root@OpenWrt:~# cat /etc/config/network | grep duid
root@OpenWrt:~#
But comes empty. Could it be because I disabled IPv6 completely earlier?
IPv6 must be enabled and functional before you can hand out a static lease.
You can find the DUID on Status > Overview under Active DHCPv6 Leases.
Of course the device must also have IPv6 enabled and active and connected to your router to see it
Got it, re-flashing openwrt and starting fresh
Let me get it back to yesterday state.
At least that part, I got it clearly documented.
Got it back to yesterday state, found the duid from Active DHCPv6 Leases.
Now adding below entry to /etc/config/dhcp
config host
option dns '1'
option name 'pi2b'
option mac '<MAC ADDRESS OF RPI>'
option ip '192.168.0.6'
option leasetime '6h'
option duid '<duid I found>'
option hostid '06'
And then when I power on rpi and do ifconfig, should I expect to see an IPv6 address and that stays same on every reboot of pi/openwrt?
Edit: one more question, this duid I found is not of rpi, it was of some other device( I think my ipad's) is that fine?
I did this and tested,
Now every time rpi get 192.168.0.6 IPv4 address,
There are many IPv6 addressed on rpi (i.e. expected I head from this thread)
However, all of them don't stay same always. Some do.
Below stays same,
inet6 fd04:f743:e44a:0:2ef4:d0f1:4998:4167 prefixlen 64 scopeid 0x0<global>
inet6 fd04:f743:e44a::6 prefixlen 128 scopeid 0x0<global>
inet6 fe80::dc04:fdf9:d894:680f prefixlen 64 scopeid 0x20<link>
Below get changed,
inet6 2406:7400:51:275d:5f4d:d648:beff:da25 prefixlen 64 scopeid 0x0<global>
inet6 2406:7400:51:275d::6 prefixlen 128 scopeid 0x0<global>
Is this expected?
I also added, the rule as below,
config rule
option name 'rpi-website'
list proto 'udp'
option src 'wan'
option dest 'lan'
option dest_port '80'
option target 'ACCEPT'
option family 'ipv6'
list dest_ip '::6/-64'
and restarted router.
Now trying to access the site as http://[< IPv6-PD>] from external network just like yesterday but page not opening.
No the DUID is specific for each device just as your MAC address (it is actually derived from the MAC address) you cannot use the DUID of another device!
The ip address 192.168.0.6 must be in the subnet of your router so it works only if your routers IP br-lan address is 192.168.0.X with subnet 255.255.255.0 (or /24 if CIDR notation is used)
Most providers use dynamic IPv6 prefixes so the first 64 bits can change.
I think someone else already gave you the advice to remove the ULA address as that is not needed if you have GUA addresses and therefore might be confusing.
IPv6 is a different beast than IPv4, if you want to use it you better read up on it.
Got it, I grabbed the duid of rpi itself from DHCP and DNS -> Static leases page
Yes, my router ip is in same subnet (router ip is 192.168.0.2). I ssh in to 192.168.0.2 and confirmed that I can ping 192.168.0.6 (rpi) successfully.
In the rules, I used proto as tcp instead of udp (as I am just hosting website via tcp port 80)
From external network, should I use the IPv6_PD address to access the website hosted on rpi?
The prefix can change (the prefix is the first 64 bits), that is where the negative netmask (/-64) comes in, it basically states do not care about the first 64 bit but use ::6 as address (which is :00:00:00:06)
So this takes care of the changing prefix
But to access your Pi you have to use the full GUA address (e.g. 2406:7400:51:275d::6 ) and as the prefix (2406:7400:51:275d) can change you need DDNS to keep track of a changing prefix
Ok finally, I was able to reach my website (hosted on raspberry pi in my home lan) from outside network without any port forward.
in /etc/config/dhcp,
config host
option dns '1'
option name 'pi2b'
option mac 'XX:XX:XX:XX:XX:XX'
option ip '192.168.0.6'
option leasetime '6h'
option duid 'xxxxxxxxxxxxaxxxaxxxxxxxxxxxx'
option hostid '06'
Note: First I noted down duid without above change and connecting pi to network and going to DHPC and DNS->Static Leases
config rule
option name 'rpi-website'
option src 'wan'
option dest 'lan'
option dest_port '80'
option target 'ACCEPT'
option family 'ipv6'
list dest_ip '::6/-64'
list proto 'tcp'
After this, I power cycled router and pi.
In pi when I do ifconfig, I got below IPv6 addresses,
inet6 2406:7400:51:26cc:3448:2c3d:b0e3:aa0 prefixlen 64 scopeid 0x0<global>
inet6 fd04:f743:e44a:0:2ef4:d0f1:4998:4167 prefixlen 64 scopeid 0x0<global>
inet6 fd04:f743:e44a::6 prefixlen 128 scopeid 0x0<global>
inet6 fe80::dc04:fdf9:d894:680f prefixlen 64 scopeid 0x20<link>
inet6 2406:7400:51:26cc::6 prefixlen 128 scopeid 0x0<global>
In above, second, third and fourth never changes. But I am not able to reach the website using them from outside network. Within lan they work.
Only with last one, I am able to access the website from outside.
I noticed that, that is same as my wan_6's IPv6-PD but suffixed with '6'
So now, if I can get ddnsns client setup on rpi and some how update the hostname with that above address I should be all set.
Then also need to understand how above is done.
Of course that is why we are using that as static lease and opening up the firewall for that address
The local fe80 is just that for local use, and consider getting rid of the ULA addresses, they have no purpose as you now can use the GUA addresses and they might be confusing.
Under Network > Interfaces > Global Network options delete the ULA prefix
If i do this, and restart pi, will it get rid of below addresses from ifconfig?
inet6 fd04:f743:e44a::6 prefixlen 128 scopeid 0x0<global>
inet6 fd04:f743:e44a:0:2ef4:d0f1:4998:4167 prefixlen 64 scopeid 0x0<global>
Exactly the fd04 addresses are ULA addresses:
That worked, it removed those ip addresses.