Hi there,
I just started a new job and it is required that I connect to a server locating in the office from home. I don’t know much about how all this works but here are the facts:
I have to connect to a L2TP over IPSec vpn connection in order to access the files on the SMB server, which when connected works fine.
In order for this to work properly I have to have the vpn at the top of the service order in my network settings. When I do this I am unable to connect to the internet at all as I assume it is blocking my home WiFi, and send all traffic over VPN is already turned off.
I’ve tried troubleshooting but am not super knowledgeable about this so I really need some help. I’m on an M1 Mac Mini running Sonoma 14.4.1
Edit: the company is very small and we do not have an IT department. The other folks at the company are not knowledgeable enough either to find a solution.
I’ll edit my post with this info as well, but it’s a very small marketing company and we do not have an IT department. I’m not sure who even set up the server.
Put VPN connection at the bottom of the service order.
Under the VPN settings, turn off “Options > Send all traffic over VPN connection.”
Under the VPN settings, set “DNS > DNS Servers” to my own. You can also use Google (8.8.8.8) or CloudFlare (1.1.1.1).
The downside of using non-work DNS servers is that you’ll have to access the SMB server by its IP address vs. its name. But I’d rather do that than have my DNS requests for reddit.com, pornhub.com, etc. routed through the office network.
There’s one more necessary step, because with these settings alone, NONE of your traffic will be routed the VPN connection. And it’s a bit of a pain because I don’t think it’s doable in the GUI. Here’s what I enter in Terminal:
Swap “Office L2TP” and the numbers with the appropriate ones for your VPN. If you don’t know the numbers, ask around. And if there’s nobody to ask, well, I suppose you could guess by pinging the SMB server and using the first 3 numbers (in 192.168.170 in my case).
And then I can mount the SMB server in Finder by its IP address.
Another quick question. Is there a way for me to find the server IP from the domain I have without asking someone? This is a super small company and the CEO and other folks are not very technologically savvy so I know it would be a huge pain if I asked them for the IP directly. They probably wouldn’t have an idea of where to get it from.
Ok, try this. These steps work on my work L2TP network. Let’s call the VPN connection “My Work L2TP” and the SMB server “myworksmbserver.”
Connect to your work network with “Send all traffic over VPN connection” enabled so that you can access the SMB server as you’re currently doing.
Go to Terminal and enter smbutil status myworksmbserver. This should give you the IP address of the SMB server. Take note of this and test whether it works by entering ping192.168.69.102 or whatever you see.
In the VPN tab on system settings, click the little “i” button next to the active “My Work L2TP” connection and then select “TCP/IP.” There, you should see “Router.” Let’s say that the address you get 192.168.9.6. Note: for some reason, I needed to close System Settings and reopen it for this information to show up.
While you’re at it, go to the “DNS” tab and add your preferred DNS servers. If you don’t have any, you can just use CloudFlare (1.1.1.1 and 1.0.0.1).
Now, disconnect from the VPN and uncheck “Send all traffic over VPN connection.” Then reconnect to the VPN.
Try ping192.168.69.102 again to reach the SMB server. This should not work, because at this moment, none of your traffic is getting sent over the VPN connection.
Now, enter networksetup -setadditionalroutes "My Work L2TP" 192.168.69.102 255.255.255.255 192.168.9.6 into Terminal. This should set it up so that only traffic to the SMB server gets sent over the VPN, but nothing else.
Try ping192.168.69.102 again to reach the SMB server. This should work this time, hopefully.
Finally, you can mount the SMB server in finder the usual way at smb://[email protected]. Note that doing it by name like smb://yourusername@myworksmbserver will not work any more.
Hopefully this stuff will just work. For reference, I also work for a very small company and, well, the IT guy happens to be me even though officially my role right now is product/marketing. So, I (at least) have the ability to poke around our VPN/router settings and get these settings for my coworkers.
Yeah, that’s something I didn’t really figure out yet.
If it helps, pressing the up arrow key in Terminal brings up previous things you entered, so at least you won’t have to type that mess of numbers every time.
I’ll also add that, with this setup, it’s “safe” for you to stay connected all day while you’re browsing Reddit, watching YouTube, etc. Your employer won’t be able to see that you’re doing that because the networksetup stuff (along with disabling the “route all traffic” thing and the changes to DNS) will prevent any of that traffic from going over the VPN. In other words, you won’t need to disable the connection any time you want to do something personal on your computer.
