VPN or Overlay?

I have 2 sites
My home in Austin TX and an Apartment in the Philippines.
I want to have a site to site connection
My home in Austin TX.
UDM pro connected to Spectrum ISP cable modem, bridged… UDM pro is setup with DDNS for ipv4. ipv6 is configured and working.
My apartment in the Philippines.
ISP supplied fiber device, has 4 ethernet ports and wifi. The device is essentially equivalent to a consumer grade wifi router with a web ui. The WAN side does not have a public ipv4 address, the ISP does not offer a public ipv4. ipv6 is not offered.
I am bringing an old Netgate SG-2440 running pf-sense+ 23.05

I have a free tier cloudflair zero trust teams account. I don’t currently don’t have a tailscale account

Since I don’t have a public ipv4 address in the PI apartment, can I setup a reliable site to site VPN if the pfsense device would have a non-public WAN ip address?
Would an overlay, like cloudflair tunnel or tailscale be a more reliable option?

Some context
I previously had a somewhat reliable ipsec site to site with a EdgerouterX in the PI to my pfsense in Austin. I was a newbie at networking and eventually stumbled on a working setup.
I moved, both in the PI and in Austin and did not re-setup.

The connection was rather awful with a 200-250ms latency, but otherwise worked.

I have a Unifi Protect setup in Austin, and I would like to extend it to include a camera and/or doorbell in the PI.

That is my use case.

Overlay networks are most effective when you can load the client on the device, Cloudflare tunnel is not really a VPN but a reverse proxy to expose specific services. The latest updates to the UDM offers OpenVPN and since you have it in bridge more that is probably the best option.