HA Thinks All IPv6 Login Attempts are Remote, How to Fix?

I’ve recently enabled IPv6 on my home network, and most everything seems to be working, except a couple of probably related HA issues. My HA runs on a Synology NAS in Docker and using the host network adapter.

If I login using the IPv4 address, all is fine. If I try and login using the IPv6 address, HA shows me the login screen but after the login attempt I get an error saying, “Error: Login blocked: User cannot authenticate remotely.” I can “fix” this by letting the account login remotely, but while I feel pretty good about the firewall on the UDM, I’d rather not have remote user access enabled just as a matter of principle.

How does HA decide what a “local” IPv6 address is (since there is technically no such thing)? Is there a configuration somewhere that will allow me to enter my /53 address pool from my ISP (or even a couple /64s for the two subnets I have defined ion my Ubiquiti Dream Machine SE) and define those as “local” addresses?

This isn’t actually a huge deal, as I can get into HA using the IPv4 address, except for the other issue. On my Mac, if I try and make an API call using a long lived token using the dns .local name, the originating computer uses the IPv6 address in the background, so the API call fails because it’s trying to connect from a “remote” address. The only solutions to that is to turn off IPv6 on the Synology, the afore mentioned disabling of the “local login only” for the user with the long lived token, or connecting using the IPv4 address instead of the DNS name.

Well, you still have routed and not routed ipv6, like you had “192.168.x.x” or “10.x.x.x” in ipv4.
I’m definitely not as good in ipv6 as I am in ipv4, but I got that “fe…” and “fd…” adresses are local, while the “2a…” adresses I have are routed, so I guess are considered “external” by HA.