Most likely your missing a open FW port. Only durring adding a Host the vCenter use 22,443 to activate the VPXA on the Host and than it waits for that VPXA responding. Not sure which ports is used but my network guy figured it within seconds. We managed a couple of Hosts at ROBO sites trough VPN.
https://kb.vmware.com/servlet/fileField?entityId=ka134000000YAekAAG&field=Attachment_1__Body__s
Regards
Joerg