Since you are using the term workgroup instead of domain I'm assuming you are not running a windows domain controller in your environment ?
Each LAN will (semi random) elect one computer as master browser for the workgroup using local broadcast messages (which will not be routed). You therefore end up with two computers (one on each site) that each firmly believe to have the authoritative list of all computers in the workgroup.
Your problem isn't really VPN specific, you will encounter it with routed subnets within a single facility as well.
There are many ways around this issue each with its own pros and cons.
One way to fix it is by setting up an explicit WINS
server that every computer will use (the unicast messages to the WINS server are routed across the VPN). This is not ideal from a performance standpoint so you may want to have a WINS server on each side of the VPN that are kept in sync (a separate challenge).
There are some advantages to keeping a workgroup contained to a single LAN so depending on your needs you might want to change the workgroup name for one of the sites.
A very crude way to fix the problem is to use bridging instead of routing for the VPN connection. While that eliminates the need for a WINS server, you may experience performance issues with broadcast traffic across the VPN link.--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!