pfSense

Hello,

I have an IPSec tunnel between a PFSense and another firewall. Behind the other firewall, there's a PXE server that handles DHCP and everything related.
I want to relay DHCP requests from behind the PFSense to the PXE server, 10.10.10.5. The thing is, if I select a CARP Status VIP in the DHCP Relay menu, the packets get forwarded to the PXE server, the PXE server issues a reply, the reply ends up in PFSense but doesn't go out to the LAN interface (behavior observed by running tcpdump -ni enc0 port 67 or port 68 -e -vv and tcpdump -ni vtnet1 port 67 or port 68 -e -vv).
When CARP Status VIP is set to None, everything works as expected.
P.S. using Kea as the DHCP server (don't know if the relay is also using Kea, but I guess so). Changed from the old isc-dhcp since that one wasn't working either :D

Thank you!