OK, so I've worked through all my NAT rules and confirmed that it's the srcnat rule "fixing" the source IP for traffic passing over the IPSec tunnel that's causing the problem.
Traffic flow is:
DHCP Server (10.0.0.5/16) <--> Switch <--> Router A <--> IPSec <--> Router B <--> Switch <--> DHCP Client (supposed to be 10.6.0.0/16)
So I have a rule on "Router B"
Source: Public IP of PPPoE Client interface
src-nat to 10.5.0.254
This means that any traffic arriving at the other end of the IPSec tunnel is always seen as 10.5.0.254, even when being sourced from 10.6.0.0/16
Therefore, DHCP Relay packets that should be going via 10.6.0.254 are actually seen as 10.5.0.254, therefore the return traffic being correctly sent by the DHCP server with a destination of 10.6.0.254 is being dropped/ignored.
The one subnet/VLAN that is working for DHCP Relay on Router B is 10.5.0.0/16, since that is covered by the src-nat rule above.
I do NOT have a corresponding rule on Router A. It has been a long time since I set up the IPSec and Firewall/NAT rules, so my memory on why exactly the rule exists on Router B is sketchy, but previous posts make reference to another forum post and wiki article detailing the same/similar issue.
Any thoughts on a fix (can I do the src-nat rule a better way that I'm missing) or will I have to live with it not working?
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD