To be honest I never tried something like that before, BUT let's write my thoughts:
The most important thing is that you need to reach the FQDN of your DC. Which is blocked not only by the firewall, but also by the DNS itself. If you want to resolve this issue, you MUST change some settings which will expose your network to a giant security hole, for example zone transfer.
Now, the VPN.
Teorically you should be able to accomplish this without problems, but as said before, I'm not sure...
I found this article which refers to ISA server, but the informations may be useful:
http://support.microsoft.com/kb/303503/en-us
Let me know.