> A Tor onion address is a 8 byte base32 encoded string (80 bits).

Not for v3 onion services. They base32 encode the entire ed25519 pub key and a few bytes of metadata (35 bytes total). Won't quite fit into IPv6 space :-)

Really neat, nice work!

Worth pointing out explicitly that this inserts Ben Jojo as a MITM on every connection, but it's still a really cool project.

If your protocol is secured with TLS or SSH (and you don't have the SSH first use concern) this MITM can't of course meddle with the connection, only sever it if they wish.

However, because the service contacted is spelled out in the IPv6 address this does lose you most metadata privacy you'd get from Tor

Is ip6tables really necessary for this; wouldn't AnyIP work?

namely:

ip rou add local 2001:db8::/48 dev lo

That would require you to bind on star, and doesnt solve the bind on all ports problem