macOS VPN can reach internet, but not corporate servers

I posted this over on /r/Meraki, but I think I've isolated this to be a macOS issue.

We have a user who uses our Meraki client VPN (MX64) to access/modify files on our office's Apple server when they work from home. We're fairly sure that we have their MacBook Pro set up with the VPN properly, as it worked as expected during testing (and we followed the Meraki doc). The problems start when our user tries to connect to the Apple server from home. They have the afp:// address correct, but the connection seems to time out with no info besides a dialog box saying "There was a problem connecting to the server x.x.x.x. Contact your system administrator for more information". We also can't ping the server, alternating between timing out, "no route to host", and "host is down" messages. Console doesn't look to provide any useful info on the connection failure.

The first time the user reported the problem I immediately tried connecting the VPN and Apple server from my home PC, no problems. Tried again using my Mac, still fine. I've also tried to reproduce while the user's in the office, using my phone's hotspot to keep it off of the office network. Of course connecting the server works perfectly over the VPN using my hotspot, which means I can't reproduce that way.

I asked a coworker to try from their home setup since they have a Mac there, and they *were* able to reproduce the problem. However, they didn't take any troubleshooting steps...

I should also add that the user had no problems connecting to the server from home for the first half of their first day trialing the VPN. Problems started after they took their lunch break and let the laptop idle on the VPN, which makes this a little more confusing to me.

My suspicion (gathered from /r/Meraki) is that problems are caused by the user and office being on the same subnet. I tried changing my subnet at home to 192.168.1.0/24. Connected VPN on my PC and connected the Apple server without issue. Opened up my Mac, suddenly it can't connect the server on the other end. I feel like this might be a clue, but I tried that solution with no success.

So, PCs don't care about the subnet on either end of the VPN but Macs seem to be sensitive when the subnets on both ends match. The obvious solution is to change our corporate subnet; but I'd be interested in seeing if there's a solution that doesn't involve touching subnets.

Our setup is as follows:

-Meraki MX64 running in NAT mode

-Main network is on the 192.168.1.0/24 subnet

-Client VPN assigns IPs on the 192.168.2.0/24 subnet

-User has a 2016 MacBook Pro running macOS 10.12.2

-Their home network is also on the 192.168.1.0/24 subnet

-Apple server is a 2014 Mac Mini running OS X 10.9.5

Feel free to request any critical info I may have left out

I did spend some time both on the phone and in chats with Apple support, but they only had me try basic troubleshooting steps (remove/add network configs, try a different user account, reinstall macOS). I don't know that they're prepared to help with network issues.

Thanks!