Currently I have setup my home network with two routers: A FRITZ!Box that provides internet connectivity and an OpenWrt-Box that acts as VPN-Server (WireGuard), local DNS-server and DHCP-server.
This is how I configured things for IPv4:
OpenWrt LAN and FRITZ!Box LAN share one private /24 network.
FRITZ!Box provides WAN-connectivity. It has the static LAN-IP 10.111.252.2. DHCP on the FRITZ!Box is disabled.
OpenWrt LAN is configured with static IP 10.111.252.1, default gateway 10.111.252.2 and DNS-server 10.111.252.2.
In OpenWrt, DHCP ist enabled for the LAN interface, telling clients to use the Fritz!Box as default gateway (DHCP options: "3,10.111.252.2") and OpenWrt as DNS-Server.
In the FRITZ!Box, IPv4 Routes are configured so that the OpenWrt router (10.111.252.1) is used as Gateway for subnets that are reachable over VPN.
Now I try to extend this configuration to IPv6, but I'm not sure how to do it right.
The FRITZ!Box WAN has IPv4 and IPv6 connectivity. It gets a public IPv6-address and a public IPv6-prefix (/62).
The FRITZ!Box is configured to not serve ULA addresses and to not announce a DNSv6 server over router advertisement. It does advertise itself as default internet gateway. DHCPv6 is disabled while enabling M- and O- flags in router advertisement messages and allowing SLAAC.
In OpenWrt, I added a DHCPv6 client interface for the @lan alias. This interface gets a public IPv6 address (/128) as well as a public /64 subnet, both from the range of the /62-sized prefix in the FRITZ!Box.
To this point, things seem to be working ok. However, it looks like the OpenWrt DHCPv6 client also receives messages from the OpenWrt DHCPv6 server which both operate on the LAN interface. In addition, Windows 10 clients in the network receive the FRITZ!Box as well as the OpenWrt IPv6 address as default gateways - where it should only be the FRITZ!Box. And I do not know how to configure OpenWrt as IPv6 gateway for the VPN-subnets - can/should this be done with router advertisement or should static IPv6 routes be added to the FRITZ!Box router.
Remove the lan6 interface you created. They are in the same broadcast domain so there is no point to have both Fritz and OpenWrt advertising as router. Disable SLAAC/DHCPv6 from OpenWrt, let Fritz do everything. Create separate network if you want to force hosts to use the VPN.
The reason why I want to use the DHCP server of the OpenWrt router and not the one from the Fritz!Box is that OpenWrt allows to change the local domain and to add DNS forwardings to other DNS servers for specific Domains. This cannot be done with the FRITZ!Box.
Your IPv6 network needs the same demarcation as an IPv4 network needs.
Unfortunately, your IPv4 routers is the Fritz and your desired IPv6 router is on LAN, receiving an IP and PD from this same LAN via the upstream Fritz. I assume you want to choose the OpenWrt for IPv6 routing...and hence the lack of demarcation and issue your're describing.
This seems to be the easiest choice...
Couldn't you try adding only the OpenWrt as a DNS IP on the Fritz?
Thats what I tried first. The problem with this setup is, that my OpenWrt device (another FRITZ!Box, model 7362 SL) is not fast enough when handling WAN->LAN, it limits the internet download speed to about 1/3 of what is possible. Is it so uncommon what I try to do in the IPv6 world - having multiple routers on the same network segment, where one is the default?
No it is not uncommon, in fact it is a perk of IPv6 to have multiple routers in the same lan. The thing is that your 7362 doesn't have anything to advertise. Its prefix is already advertised by the master Fritzbox.
Since you have configured the master Fritz not to serve nameservers over DHCPv6, then your hosts will resolve based on the ns they receive from the DHCPv4 server of the 7362 and according to your liking.
I don't see why is there a problem there.
Name resolution is working fine with my current configuration.
My main points are:
How do I prevent the OpenWrt box from announcing it's IPv6 address as a default gateway?
What is the correct/best way to make the OpenWrt box known as gateway for specific subnets (the VPN subnets)? (Static IPv6 route in FRITZ!Box or some way of router advertisement?)
How can I make sure no undesirable effects arise from having OpenWrt as DHCPv6-server and -client on the same interface?
The reason that I have DHCPv6-client enabled in OpenWrt is to get a public IPv6-address for the OpenWrt-Box itself and to get a public IPv6-subnet that can be used by the DHCPv6-server in the OpenWrt-Box.
The reason that I have DHCPv6-server enabled in OpenWrt is to be able to assign static DHCPv6 leases to specific network devices.