Putting IPv6 and Wireguard DNS leaking to bed

I’d like to see if I understand this correctly.

There are essentially two scenarios I see:

  1. You are unable to disable IPv6 on your client device and/or you actually want to use IPv6 all the way back to your home ISP/router.

  2. You are able to disable IPv6 on your client device or IPv6 is already disabled (by employer I.T. dept).

In scenario 1, we are forced to enable IPv6 on GL.iNet router and let Wireguard tunnel the IPv6 traffic (assuming the client-side ISP has a public IPv6 address). My question here is, do we still have to add “::0/0” to the Allowed IPs in Wireguard config or does GL.iNet handle this when you enable IPv6 in the menu?

In scenario 2, we have the option to either enable IPv6 on GL.iNet router or disable IPv6 on both the GL.iNet router and the client device.

Is this correct? Of course, assuming only Wireguard as the VPN being used.

OK, I realize now that enabling IPv6 on the GL.iNet router is unrelated to Wireguard, and so, yes, I will still need to add “::0/0” to the Allowed IPs.