I need more details on your setup however your theory is correct, and you’re likely encountering issues because of a mismatch in the IPv6 prefix delegation and subnetting setup in your network. Heres what I think is basically happening
IPv6 Prefix Delegation from Spectrum probably differs from what you expect. A quick google search tells me Spectrum is likely providing you a /56 prefix, which means you have 256 available /64 subnets (2^(64-56) = 256). However if you arent setup to handle this you wont get a prefix. Also each /64 subnet has 2^64 individual IPv6 addresses.
Also the Asus router appears to allocate a single /64 for its LAN, which is fine for devices connected directly to the Asus router. However, it doesn’t seem to be further delegating additional subnets to downstream devices (like your OPNsense firewall). So you probably need to configure it as a forwarder or slave
Now OPNsense is requesting a /64 prefix for its WAN side, but if the Asus router has already consumed the only available /64, there’s nothing left for OPNsense to assign to its LAN side. So you need to be able to tell opnsense to delegate multiple prefixs or you need to have the asus router defer or relay the dhcp requests to opnsense upstream
IPv6 addressing requires every layer to be configured correctly for PD
The ISP provides a /56.
The Asus router is supposed to delegate a smaller prefix (e.g., a /60 or /62 or /64) to downstream devices like OPNsense.
OPNsense then further splits its allocation for its own LANs. If the Asus router doesn’t support proper PD or doesn’t have the feature enabled, OPNsense won’t receive any usable prefix if the opnsense is downstream of the asus router. If its the other way around. Then you need to configure opnsense properly to do this.
Heres what I suggest you do
Verify the Prefix Delegation Size from Spectrum. Log in to your Asus router and check the IPv6 WAN settings. Look for the exact prefix length Spectrum is delegating (it should show /56 or /64).
Now configure the Asus Router or OPNSense for Prefix Delegation whichever is upstream. You state asus so lets go with that.
In the Asus router settings:
Ensure IPv6 Prefix Delegation is enabled.
Check if it supports allocating smaller subnets to downstream devices (like OPNsense). Some consumer-grade routers don’t allow this, which can be a limitation.
AGAIN i do not know your setup. Im just making the example
Now adjust OPNsense IPv6 Settings
Navigate to Interfaces > WAN > DHCPv6.
Ensure it’s set to request a prefix (PD size should match what the Asus router can provide, like /60).
Navigate to Interfaces > LAN > Track Interface and set the interface to track the WAN prefix.
Now heres the thing. Maybe the asus router is limited… If the Asus router doesn’t delegate prefixes:
Configure OPNsense to operate with a static IPv6 configuration using one of the unused subnets from the /56 that is received by the router and handle your routing manually. Manually assign an unused /64 for OPNsense LAN (e.g., if the Asus router uses 2001:db8:1:0::/64, assign 2001:db8:1:1::/64 to OPNsense).
Make sense?
Also be careful. You could end up DOUBLE NATTING your net