For this scenario I would recommend a gateway with VPN capabilities built-in.
You need one VPN gateway in each office. In each office the local network must use a different network number (I mean, 192.168.1.0/24 for Berlin, 192.168.2.0/24 for Hamburg - the real numbers doesn't matter, they just need to be different).
With this kind of setup, one in Berlin can open a windows share in Hamburg just using a network resource like "\\192.168.2.1\share". Other services will work as expected, you just need to use the IP of the server of the remote office.
AFAIK, application that rely on broadcast/multicast of IP does not work in this setup. For instance, you need a DHCP server for each office. Auto discovery of devices and services in several programs will not work too.
You don't need to configure anything in any server or client in the local networks. This is very similar to the regular routing. Think on VPN gateway as a router that knows the local network in the remote end, routing packets from/to in a secure way. So the communication between the branchs are very "transparent" for the computers and servers on the local network.
I use for this setup an opensource software-based gateway named Smoothwall (www.smoothwall.org
) that I think is very good. It has the Inter-Office VPN feature built-in.
They have a commercial version too, with several support plans that your company may appreciate (like 24h support, phone support, etc). There is a appliance too. Please, check www.smoothwall.com
I never used the commercial version, don't take my advice as a strong recommendation, just as a suggestion based on what I know of the software-based opensource/community version.
The market is full of similar solutions, most are appliances. Names that come to my mind are SonicWall, Watchguard, Check Point Firewall One, among others.