Turns out the above worked pretty badly for what i wanted, so went with ospfv3 instead, that however is working exactly like I wanted it now.
Still using the same Linux VM as above, with the same tunnel conf, but installed quagga with a simple zebra/ospf6d conf (ens192 is what's connected to the palo alto interface/vlan, ens160 is only used for ipv4 for the tunnel), moved the fde4:8dba:82e1::1 to ens192 instead, this is main parts of the quagga conf:
!
interface ens192
ip address 10.10.90.1/24
ipv6 nd suppress-ra
ipv6 ospf6 network broadcast
!
interface he-ipv6
ipv6 nd suppress-ra
ipv6 ospf6 network point-to-point
ipv6 ospf6 passive
!
router ospf6
router-id 10.10.90.1
interface ens192 area 0.0.0.0
interface he-ipv6 area 0.0.0.0
!
ipv6 route 2001:470:xxxx::/48 ens192
!
ipv6 forwarding
!
I wanted to use different /56 on varies different interfaces/vlans on the palo alto fw, so this is how i configured it:
On the Palo Alto firewall, created a new (sub)interface on the same vlan as ens192 on the Linux VM, gave it an fde4:8dba:82e1::2 address, added 10.10.90.2/24, enabled ipv6 on the interface (L3), assigned the default virtual router to the interface, then went to ospfv3 on the default virtual router config, set the router id to 10.10.90.2, ticked enable, added a new 0.0.0.0 area, added the interfaces i wanted to use the different /56 networks on (default settings), on the main ospfv3 settings page, unticked "Reject default route", then went to "Static routes" -> IPv6, added a new default route for IPv6, dest = ::/0, interface = the interface the linux vm is connected to, next hop, IPv6 address = fde4:8dba:82e1::1.
Added firewall rules as needed (looked at the monitor tab).
Just posting in case anyone else is having issues getting it to work on the palo alto fws, it's not the easiest thing to find help on, and this is in no way best practices for anything, just pushing different things until it works
