In fact, in my home network only my firewall has access to my private zerotier network as well as my iphone/laptop. With this I do not need to add clients to any other server in my home. They are all accessible via OPNSense firewall rules, pretty standard.
Before that I used this guide from zerotier and I was able to access my lan. I set it up in a way, that only my iPhone was able to do so, to minimize risk. All others (family) were able to remotely access only nodered dashboard. This guide is still a lot easier to apply than a VPN ... IMHO