Sounds like a DNS/routing issue.
DNS should resolve the target machines names to the required IP and the IP to the required name.
It should also resolve the NetChk consoles IP and name correctly.
This can be performed using;
nslookup X.X.X.X (target machines IP)
nslookup Y.Y.Y.Y (consoles IP)
The VPN should route the required traffic for the required network segment.
Once the VPN routes the required traffic back through the VPN to the required machine, it should work fine with agents or Agentless.
Agents would be recommended as the VPN encryption will use some of the bandwidth which will slow down agentless scans.
The weird thing is that an agentless scan works fine - but when I try to deploy the patches from the machine view it says it cannot connect to the PC with the 10.x.x.x address in parenthesis.
nslookup doesn't return the computer name - we are using Log Me In Hamachi for the VPN client - so it can only access our Shavlik console, it does not have access to our DNS server.
I'll try to investigate this a little more but if you have any other ideas please let me know.
I have a similar problem.
I have a computer that has VMWare Workstation installed. The main computer (not one of the VMs) has an ip address on our network, as well as a "VMWare Virtual Ethernet Adapter" which has another address not on our network (used internally by VMware)
Even with all the VMs powered down I can scan it, and its agent reports via the main IP address, but if I try to deploy to it, Shavlik tries to deploy it to one of the virtual adaper addresses. DNS only knows about the main address, not sure why it wouldn't deploy to it....