ok i found solution. 
for correct name resolution in remote vpn tunnel fw i have insert as a secondary dns the ip of my primary fw
in samba server i have added ip subnet of vpn tunnel into the trusted network
now domain authentication work right with DOMAIN\username over vpn tunnel
hoping they will 