Forest trust relationship between WAN and LAN through Pfsense
Solution 1:
I'd say you'd first need to establish a VPN tunnel between the two sites first, and then set up the trust, that way you're not exposing critical AD infrastructure to the Internet directly. IPSec/IKEv2 is the current best practice for a site-to-site VPN-tunnel.