No need to advertise subnet routes on the Pi, but I suppose you can if you want.
I haven't seen your Beryl AX shown on the Tailscale Machines page yet. You will need to proper subnets advertised there for it to work. The default IP of GL.iNet routers uses 192.168.8., so if it's still the same then the you need to SSH into the Beryl AX and advertise 192.168.8.0/24.
I advertised the routes on the raspberry pi to allow access to its clients on its LAN that can't install a Tailscale client. If that is incorrect, I will revert that change.
I think your Firewall Zones are wrong. They look very modified and not like the default. I think your best bet is going to be resetting the travel router and following the steps I provided (and wrote) earlier: Digital Nomad VPN Tutorial using Wireguard or Tailscale
For example, you should have WAN -> Reject, but I'm not seeing that.
Thank you a ton @AdamK, you sent me on the right path to get this solved!
I also see in your guide that this is mentioned under Recommended DNS Settings.
I never got far enough in the guide to test that step out, may I recommend having a link to it earlier in the guide just in case someone else has the same issue?