I'm operating a few IPv6-only VPNs at work, for access to internal infrastructure.
The biggest problem so far is that Windows and macOS clients need a v6 DNS server.
Otherwise, they won't even try to resolve v6onlyhost.vpn.example.com.
Because the client may or may not be in a v6-enabled network, I have to run a DNS server inside the VPN and push that to the client, which can lead to all kinds of problems when the VPN disconnects but the Wireguard app for some reason fails to reset the DNS to the original one.
I've found that using my v4 only network from my ISP and macOS can do v6 only without requiring a DNS server like you have been doing. I don't remember the details now, but after some digging a few years ago I realized macOS will happily work like that as long as it has a v6 address. I can put a ULA address on my host, and it's good to go. Granted this relies on users knowing how to do that. or depending on the VPN application to get to the v6 only network, you may be able to script adding a ULA (any kind even made up). You don't want to leave it wIth a made up ULA because that could screw things up if the user moves to a v6 capable network.