So I've read through this a couple times. I guess one thing I'm stuck on is that you state "You can create a private Edge Router hosted on the NAS, but the route I took, which is even easier, was to host a Ziti Tunnel which avoids the configuration setup for an Edge Router"
Specifically what does that mean? Are you running a tunneler app as say a docker container on the synology? or another computer on the network?