It can be done fairly easily.
You will have to use Mikrotiks at the main office and at the branch offices and use EoIP with security (through SSTP or IPSec) for the transparent L2 bridging.
For road warriors you will have to setup separate L2TP/IPSec tunneling for use with Windows/Android/iToy devices.
All will be compatible with dynamic IPs and NAT on the client side, the server side has to have static IPs.