I'm using IPv4 and IPv6 ranges supplied by extraip.com. (Available in The Netherlands only.)

Unfortunately the UDM Pro has no UI for setting up the required tunnels. I had to write a script, which I'm sharing below.

My Use Case

The script configures dnsmasq to distribute the IPv6 subnet using SLAAC. If you prefer, you could comment this section out and use the DHCPv6 server in the UI instead.

It also omits the traditional use of an IPv4 network-, gateway- and broadcast- address, allowing us to use all 8 IP addresses for clients or servers.

Prerequisites

The instructions assume you have udm-utilities installed.

Disable IPv6 in UI

To prevent unexpected behavior created by the UI, we disable IPv6 on both WAN and LAN interfaces.

WAN

Open the Network application and navigate to Internet. Now edit your WAN interface to disable its IPv6 Connection.

LAN

Open the Network application and navigate to Settings > Networks. Edit the relevant network, scroll down to IPv6, and switch it to Disable.

The Script

Place the script below in /mnt/data/on_boot.d and call it extraip.sh.

Replace the necessary values with those provided to you by extraip.com.

#!/bin/sh

#####################
### CONFIGURATION ###
#####################

LAN_INTERFACE=br0

# IPv6 "Interconnect" subnet (/64)
IPV6_WAN_ENDPOINT=185.40.xx.xx
IPV6_WAN_IP=2a03:10c3:xx:xx::2/64

# IPv6 routed subnet (/48)
IPV6_LAN_SUBNET=2a03:10c3:xx::
IPV6_LAN_IP_ADDRESS=2a03:10c3:xx::1/48

# Actual IPv4 subnet
IPV4_WAN_ENDPOINT=185.40.xx.xx
IPV4_LAN_SUBNET=37.148.xx.xx/29

###################
### IPv6 TUNNEL ###
###################

ip l set dev sit0 down

ip t a sit1 mode sit ttl 64 remote ${IPV6_WAN_ENDPOINT} 
ip a a ${IPV6_WAN_IP} dev sit1
ip l set dev sit1 up
ip -6 r r ::/0 dev sit1 

################
### IPv6 LAN ###
################

ip a a ${IPV6_LAN_IP_ADDRESS} dev ${LAN_INTERFACE}

cat > /run/dnsmasq.conf.d/slaac.conf <<EOF
interface=${LAN_INTERFACE}
dhcp-range=${IPV6_LAN_SUBNET},ra-stateless,ra-names
enable-ra
EOF

start-stop-daemon -K -q -x /usr/sbin/dnsmasq
sleep 1
start-stop-daemon -S -q -x /usr/sbin/dnsmasq

###################
### IPv4 TUNNEL ###
###################

ip t del tun_extra_ip > /dev/null 2>&1
ip t add tun_extra_ip mode gre remote ${IPV4_WAN_ENDPOINT} ttl 225  
ip l set dev tun_extra_ip up

################
### IPv4 LAN ###
################

ip r a ${IPV4_LAN_SUBNET} dev ${LAN_INTERFACE} table 911
ip r a default dev tun_extra_ip table 911
ip ru d from ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a from ${IPV4_LAN_SUBNET} lookup 911
ip ru d to ${IPV4_LAN_SUBNET} lookup 911 > /dev/null 2>&1
ip ru a to ${IPV4_LAN_SUBNET} lookup 911

Don't forget to make the script executable:

chmod +x /mnt/data/on_boot.d/extraip.sh

You may now manually run the script, to see if it works:

/mnt/data/on_boot.d/extraip.sh

If you run the script multiple times in a row, you will see some errors. This is expected as you are creating thing that already exist:

add tunnel "sit0" failed: No buffer space available
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists

HE.net Tunnelbroker

If you don't need an IPv4 subnet and just want to add IPv6 to your network, I recommend checking out tunnelbroker.net.

In my experience the HE.net tunnelbroker is occasionally congested but works well >99% of the time.