Setting up IPv6 wg tunnel

[z411 <z411%omaera.org@localhost>]

Hi,

I'm a new NetBSD user and I've been loving it so far. I need your
guidance setting up an IPv6 wg tunnel.

I've set up a VPS abroad running NetBSD with a wg tunnel so I can use it
as a VPN from home. I'd like to be able to tunnel IPv6 traffic as well
since my home ISP doesn't support IPv6 natively.

IPv4 works great, but IPv6 doesn't work. I get this at home with the VPN
tunnel enabled:

z411@ruby ~ % ping -6 google.com
PING google.com (2404:6800:400b:c006::71) 56 data bytes
From fd00:2::1 icmp_seq=1 Destination unreachable: Address unreachable

It seems the ICMP packets are reaching the NetBSD server's wg interface
but they don't seem to be going anywhere from there.

The NetBSD machine itself has working IPv6 connectivity.
I'm setting my wg interface like this on the server:

wg_if="wg1"
ifconfig $wg_if create
ifconfig $wg_if inet 10.2.0.1/24
ifconfig $wg_if inet6 fd00:2::1/64
wgconfig $wg_if set private-key /etc/wg/wg1.key
wgconfig $wg_if set listen-port 51822
wgconfig $wg_if add peer ruby [pubkey] \
        --preshared-key=/etc/wg/wg1.psk \
        --allowed-ips=10.2.0.2/32,fd00:2::2/128
ifconfig $wg_if up

And like this on the client (relevant parts only):

[Interface]
Address = 10.2.0.2/24, fd00:2::2/64
DNS = 1.1.1.1, 2606:4700:4700::1111

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

And these are the relevant npf.conf parts:

$ext_if = ifaddrs(wm0)
$vpn_if = ifaddrs(wg1)

map wm0 dynamic 10.2.0.0/24 -> $ext_if
map wm0 dynamic fd00:2::/64 -> $ext_if # I also tried typing the address

group "vpn" on $vpn_if {
        pass stateful in final all
        pass stateful out final all
}

I'm surely tripping on something basic, any help is appreciated. Thanks.