Are you also using docker-compose to start Home Assistant? If you are, then you are running Home Assistant Container (which is Home Assistant Core distributed as a docker container).
The definition of the term ‘remote-access’ tends to vary a bit. For example, WireGuard is a VPN solution that can provide remote-access to Home Assistant. However, it requires client software to establish the connection to Home Assistant. As a result, it cannot be used by services like Amazon Alexa and Google Assistant which require a public-facing IP address.
Like Wireguard, Zerotier and Tailscale use client software to establish a connection to your local machine (so they won’t meet your requirement for supporting the Google Assistant service). However, all offer a fairly easy way to establish a remote-connection to Home Assistant.
FWIW, I only recently learned about Tailscale from reading openHAB’s documentation. The company was formed by ex-Google staff and their product is based on WireGuard’s communication protocol but provides a service more similar (at first glance) to Zerotier.