When I manually set the gateway option for route6 config, it works fine, however, when I omit it I got the Destination unreachable: Address unreachable error on clients (using ping -6).
ip -6 r
default from 2001:570:2f4c:931::/64 via fe80::d6ca:6dff:fe31:bf67 dev eth0.2 proto static metric 512 pref medium
local ::1 dev lo proto kernel metric 256 pref medium
2001:470:1f1c:931::/64 dev eth0.2 proto static metric 256 pref medium
2001:db8::/32 dev veth0 proto kernel metric 256 pref medium
2000::/3 dev eth0.2 proto static metric 1 pref medium
dd45:8215:7b57::/64 dev br-lan proto static metric 1024 pref medium
unreachable dd45:8215:7b57::/48 dev lo proto static metric 2147483647 error -148 pref medium
fe80::/64 dev veth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev wlan0-1 proto kernel metric 256 pref medium
Ummm...you do know there is no such thing as NAT in IPv6, right???
What are you trying to solve?
Every host must have a Public IPv6 address to be reachable form the Internet. You also need to properly firewall your IPv6 for security purposes. IPv6 was designed with enough addresses that it would be inconceivable to run out before IPv8 needs to be released (odd numbering tends to be for test IP protocols).
WHAT!?!?
...nowhere did you mention this router is downstream of your border...it helps to know information regarding your config if you want assistance.
LOL...
Please explain how you make a static route on a router, without specifying a gateway???
How often do you relocate a router?
Did you set up DHCPv6 on the upstream router (that should fix it)?
I'm almost certain the specs you wish to hand out (i.e. a gateway you specify to the downstream OpenWRT's WAN port), you'll need DHCPv6...since you don't want to set it statically.
If I understand correctly, you want to do something with respect to a VPN on what is essentially a travel router?
If you can explain the topology that you have, and the actual final goal, i'm sure we could help you a bit more both to determine whether NAT is even needed, and then, to determine how to achieve the ultimate goal.
EDIT: for example I use ipv6 NAT to rewrite DNS requests and force LAN clients to use my DNS server, but this is one of the very few instances where I'd recommend NAT66. I also use NAT64 to give ipv4 connectivity to my ipv6 only LAN clients... but that's a separate type of NAT. Some people use NPT6 to rewrite the network prefix so that they can control the situation where their ISP changes the network numbering on them... like if there's a power outage, there are some limited cases like this where NAT is applicable but the default should always be to see if you have a solution that doesn't involve any NAT at all.
For what it is worth, IMHO as long as one does not re-map the port numbers everything should be sort of acceptable... re-mapping the IP address itself should be relatively free of undesired side effects (I guess it will not work nicely with IPSEC)
One of the great things about VOIP over ipv6 is the lack of NAT. Even 1-1 NAT such as NPT would potentially break VOIP since it sends the ip address bare inside the messages. My general feeling is seek any solution at all that doesn't involve NAT, and only then start to think about NAT.