It is not supported to install the horizon agent on a domain controller. The agent has a pre-check to see if the server is a domain controller.
Horizon is a not a VPN therefore you're not going to be able to tunnel traffic between the client and agent. You need a VPN solution in your case. As for a vpn solution, I'm not going to give you the best answer. Only thing I can suggest is you may be able to accomplish a connection using Hamachi (vpn.net) if you cannot open up any more external connections.