Hey sorry that article is assuming the gateway node is a cloud VM with a public IP address. You should be able to use Masquerade instead of DNAT on your Pi’s iptables, but then you’ll be “double nat’ed” (the pi and then your internet router) when you use full tunnel mode. Which may cause annoyances depending on what you’re doing.
Ideally you could install zerotier on your house’s internet gateway, or use a cheap VPS as your gateway. I should have mentioned this stuff.
If I remember correctly, there’s a package called iptables-persistent.
good idea