Mac to Windows server via VPN

My partner's company requires her to access company documents on a server over a VPN and she wants to use her MacBook Pro (running High Sierra) rather than the old and sluggish Windows laptop that her company offered. The remote server is a Windows machine and is managed by a rather Windows-centric IT service company. But all should be pretty straight-forward, you'd think. Macs talk to Windows servers every day over VPNs, right? For us the connection persistently failed, despite all settings details being available, and despite those settings working fine when used in Windows desktops and laptops.

Hours of investigation later I found the problems and now all is running fine. Bear in mind that the tips below apply to connecting to a VPN using the common L2TP protocol. OpenVPN and other protocols may have different settings. 

Connection steps for a VPN are outlined here - macOS Sierra: Set up a connection to a virtual private network- and in other places on the web. The persistent connection failure we experienced was due to a non-ASCII character in the password. Make sure all characters are drawn from the ASCII range and it should work. Once the password had been reset at the server end the connection was immediately established.

Note: The supplied account name included a back-slash, which is unusual in Mac file paths but does work for the VPN setup so make sure you use that if your username includes one.

To be sure that the VPN is given priority when connected, click the little cog wheel at the bottom of the list of Network options in System Preferences and select Set Service Order. Drag the VPN to the top of the list and then click OK. You'll then see the VPN move dynamically to the top of the options when it is connected.

Once the VPN was working the next challenge was to see the files on the server. It's not obvious how to do this, and again I experienced numerous connection failures until I found the solutions. 

You will need the DNS/IP number of the server and file path to the volume on the server. I got this from the techs that administer the server. You may also find the number by looking at the DNS tab in the Advanced settings of the VPN in System Preferences/Network (it appears there once the VPN has established the connection). You will need the server address in numeric format ie 123.123.1.1 - if entered as a name (ie Server01) it would not resolve and the connection fails if you try to use it that way. Also, being Windows based, the full path supplied to me used back-slashes. They do not work for this purpose on the Mac - change back-slash to forward-slash in all instances. 

With the VPN running type Command+K or go to Finder/Go/Connect To Server. A window opens into which you can type the address of the file. In my case this was smb://192.168.1.X/VolumeName(replace the number with your server address and VolumeName with name of your destination folder/volume). Click Connect and if all goes well you will bring up the login details pane and after filling that out you should be able to see the files on the server.

In our case the connection persistently failed again, saying the server was not available. Turns out that the supplied IP address of the server volume is in the same IP 192.168.x range as the default setup in my BT router. This causes a conflict and the server cannot be found. I had to log in to my router via a browser, typing in its IP address into the URL field - your router supplier or instruction manual should have those details.

Once logged in, go to Advanced Settings and choose an alternative IP range - in the BT router there is a ready to use alternative 172.16.0.X range. Ignore the warnings and agree the change to move to that. Then go back to System Preferences/Network on the Mac, choose the connection you are using for the router (Ethernet or Wi-Fi) and click on the Advanced button. In the TCP/IP tab click on Renew DHCP Lease, then Ok, and then Apply in the main window. That should re-establish the connection to the router. 

I was immediately able to connect with Connect To Server, the login pane came up and the server became visible in the Shared devices area in the left column of the Finder window.

Apparently this IP range conflict is a more and more common issue and really should be considered by IT admins when setting up remote servers. Using the stock 192.168.1.X range for the server is going to conflict with thousands of routers and it's not reasonable to expect everybody to know how to reset their routers to avoid the conflict. 

Anyway, thanks to all those whose posts I read around the internet in pursuit of the solutions to the problems I encountered. Hopefully this post will help others towards solving potential issues with their connections.