If you have a MS SQL Server that is reachable in the local network (from remote machines) but it is not accessible if you connect via VPN (you get error 26), then the reason is that the UDP package on port 1434 is not routed by your VPN (which is a good idea to improve security).
Solutions
- Since this only happens with named instances and named instances usually use dynamic ports, you can disable this feature and pin the instance to a specific port. Go to the SQL Server Configuration Manager, expand Server Protocols, select TCP and clear all(!) dynamic port fields (even remove zeros). Then, define a specific port for the whole instance and make sure to open this port in the firewall. Connect via this port but omit the instance name from the connection string. The last bit is important, as otherwise the client will still try to ask the server via UDP first.
- Ask your network admin to open UDP 1434 to VPN connections.
Technical Background
Named instances are identified by host/IP and, well, their name. But at that time, the client has no port information. So what happens is that the client asks the SQL Server browser, a separate application on the server, via port 1434 UDP to provide the port details for an instance on the same host running with that specific name. Afterwards, the client can connect to the named instance. Since dynamic ports are, again, dynamic, you cannot know them before without fixing them in the configuration file.