The basic support of the functionlity is done here: https://vyos.dev/T2518
That means the only thing to do here is to extend the functionality to capture a prefix from a given interface which is then used in vise versa manner in the source and destination rules.
Thats are the basic rules from T2518.
set nat66 source rule <ruleid> description <description> set nat66 source rule <ruleid> disable set nat66 source rule <ruleid> log set nat66 source rule <ruleid> outbound-interface <interface> set nat66 source rule <ruleid> source prefix <prefix> set nat66 source rule <ruleid> translation address <prefix>
set nat66 destination rule <ruleid> description <description> set nat66 destination rule <ruleid> disable set nat66 destination rule <ruleid> log set nat66 destination rule <ruleid> inbound-interface <interface>|any set nat66 destination rule <ruleid> destination address <ipv6-address>|<ipv6-network> set nat66 destination rule <ruleid> translation address <ipv6-address>|<ipv6-network>
Thats are the rules with the extends:
The only extends are the "dynamic" phrases in the translation and destination section.
set nat66 source rule <ruleid> description <description> set nat66 source rule <ruleid> disable set nat66 source rule <ruleid> log set nat66 source rule <ruleid> outbound-interface <interface> set nat66 source rule <ruleid> source prefix <prefix> set nat66 source rule <ruleid> translation address <prefix>| dynamic
set nat66 destination rule <ruleid> description <description> set nat66 destination rule <ruleid> disable set nat66 destination rule <ruleid> log set nat66 destination rule <ruleid> inbound-interface <interface>|any set nat66 destination rule <ruleid> destination address <ipv6-address>|<ipv6-network>| dynamic set nat66 destination rule <ruleid> translation address <ipv6-address>|<ipv6-network>
You see here that changes are very small. The capture interface could be always the outbound and inbound interface in the source and destination section.
If the "dynamic" mode is used the inbound and outbound interface must be captured for prefix changes, but i don´t know how that could be done. That means the config is always static. But the rules that do the job are changed dynamic in background.
If the feature works as expected, the internal network could always use ULAs if vyos is used on wan networks where the prefix always change after some time.
With this feature you could give a computer a static ULA-IP and open some Ports for this address from WAN in the firewall. The only thing to make service then available via a DNS-Name would be to extend the DynDNS functionality to update the real public address. This could be always done, because the firewall know the public prefix and the internal adress with the ULA-IP but this could be another feature request. Then you can use the always changing prefix like you don´t have something like this.