You will need to NAT the IPv6 into the VPN tunnel. The packets you are sending still have the source IP derived from your ISP's GUI. Without NAT, the VPN provider does not know how to return traffic to you.
In later versions of OpenWrt, IPv6 NAT is simply done by adding option masq6 '1' to the firewall zone that contains the VPN tunnel, the same as masq works for v4. That functionality was recently added, so older scripts and instructions probably access the nftables / iptables system directly. Since OpenWrt changed from iptables to nftables, if you are using really old installation scripts / instructions, they may be broken on newer OpenWrt.
This hideme script has really taken over the router by adding additional system scripts or programs to define a whole new network protocol. This is something that is not a good idea unless the third party is maintaining the whole OS build to be sure it does not break when a new version is released. And it's not necessary here as setting up a Wireguard connection is not that complicated.
You need from the provider:
- your private key, or (more secure) they allow you to generate your own private key then submit the corresponding public key to them to register in the configuration of your account.
- your tunnel IP address. For a VPN it is usually a ULA (starts with
fd). - their public key
- the pre-shared key, if used. Pre-shared keys are optional, but if one end of the connection uses it, the other end must also use the same matching key.
- their server's hostname / IP and port that accepts encrypted packets from you.