No, you're not wrong, and this does makes sense. The fundamental problem is that IPv6 address autoconfiguration relies on the Neighbor Discovery Protocol (NDP), which requires multicast addressing. Wireguard doesn't really support multicasting, and I have yet to see a de facto solution for this. Some possible ways around this:
- Create a distinct Wireguard interface for each device, then tell OpenWrt to delegate a prefix for each. This is explained in more detail in this OpenWrt forum post.
- Run a script on the roving devices that periodically contacts the OpenWrt router for prefix information and reconfigure the interface as required. Basically do what NDP does but "out-of-band" without multicasting.
- Run a layer 2 tunnel such as VXLAN through the layer 3 Wireguard tunnel. This transports entire Ethernet frames through the tunnel, so NDP should "just work" at the cost of extra overhead for every packet.
- Use some kind of NDP proxy so roving devices appear on the same link as non-roving devices.
- Assign ULAs to the roving devices as I've described before and use network prefix translation (NPTv6). While it is a form of NAT, the mapping is one-to-one which has far less problems than one-to-many NAT as used in IPv4.
- Have your roving devices connect to an OpenWrt travel router and let the router take care of this on behalf of the devices. Of course, the router itself needs to implement some kind of solution for itself, but you'd only need to do this once (and OpenWrt is far more amenable to this than smartphones).
If I was you, I would try suggestion #1. I personally haven't tried it but it looks like the path of least resistance. Do note that most solutions I've described (including #1) requires that the ISP gives you a prefix smaller than /64. ISPs seem to default to giving you a /64, but you can tell OpenWrt's DHCP client to request a smaller prefix like /56.