Could you not just change to l2tp/IPSec and have an EoIP tunnel?
This is how I have setup mine in order to allow AirPrint to remote sites as it cannot be routed (well not easily without avachi)
I’ve got 3 vlans running through three sites like this and have no issues