How can I enable access to database through my private VPN?
I don’t want to disable VPN every time I want yo use your services, which is a lot of downtime for my VPN secured connection.
I rly cannot youse your services for development and I am considering alternatives…
Hi Michal,
Generally speaking if you wish you connect via a VPN you will want to either transitively connect via an AWS DirectConnect or Azure ExpressRoute through an Atlas Private Endpoint or if your VPN is more of a stand-alone set-up, you would want to add the public IP address of whatever your VPN reaches out to the public internet with to your Atlas IP Access List
Let us know if that helps
-Andrew
Hi Andrew,
Thank you for response. I’m using proton VPN, I’ve allowed 0.0.0.0/0 IP address, this is not a problem. The problem is that I receive timeouts though VPN and can not connect at all.
For now I’m using docker mongo cluster locally, and I’m seriously considering using my own setup for dev and prod environments instead of atlas because of this.
Regards,
Mike
1 Like
Please cut-n-paste the exact error message that you get.
Just a timeout.
The same command works without VPN in multiple locations (IPs)
mongosh "mongodb+srv://cluster0.ibXXXX.mongodb.net/test" --apiVersion 1 --username MY_USERNAME
Enter password: ****************
Current Mongosh Log ID: 640XXXXXXXXXXXXX
Connecting to: mongodb+srv://<credentials>@cluster0.ibXXXX.mongodb.net/test?appName=mongosh+1.7.1
MongoServerSelectionError: Server selection timed out after 30000 ms
I would contact the VPN provider.
But before try to enforce the VPN to use Google’s DNS 8.8.8.8 and/or 8.8.4.4.
Hi I was having this issue too (I am actually also using ProtonVPN), and I got the answer.
When connecting to mongodb Atlas, we can see that mongodb Atlas opens dynamic ports in our local machine in order to communicate.
In the screenshot, you can see that the servers in mongodb Atlas that opened the 27017 ports, are opening dynamic ports to our local machine (i.e. 10.0.0.102) that are probably necessary for communication.
In our case, it is known that ProtonVPN is blocking all ports through their firewall by default, thus they are not allowing mongodb Atlas to open the dynamic ports it wants for establishing the communication. And this results with a connection timeout, and a failure.
So unfortunately, because there is no option for ProtonVPN to open dynamic ports, there is no option to connect to mongodb Atlas through ProtonVPN.
I’m having the same issue, also connecting with ProtonVPN. Is there anything that can be done to workaround this @Andrew_Davidson?
All the above text about have to open dynamic ports to established an outgoing connection to port 27017 shows a lack of networking knowledge. The port that needs to be open is 27017. Do the same netstat/findstr with https. You will see a bunch of 10.* dynamic port ESTABLISHED to what ever IP:https web site you have. ProtonVPN does not open each and everyone of what you call dynamic port, it opens https.
So
The issue is the VPN provider. It is not a mongodb issue.
I got the following from ProtonVPN support on the issue:
Please be informed that outgoing connections to some database-related ports are currently being blocked on most of our servers for anti-abuse reasons, so this could be the reason you are experiencing such an issue. Normally, any user connected to the same ProtonVPN server would have the same authorization to access the database you are willing to connect to unless there are additional security measures in place, so this is not recommended and is insecure. Even if you whitelist some ProtonVPN IP addresses with your firewall, that is still not enough because any user would still be able to reach your database through the very same ProtonVPN IP address.
So they basically tell you to use another VPN provider or not to use their VPN to access your database.
While it is absolutely true that anyone using the same VPN exit point that is white listed will be able to access your database, they will only be able to do it if they have the appropriate credentials. That is
But since they won’t accommodate you despite the fact that MongoDB has additional security measures.
Conclusion
This really looks like a dead-end, as it looks like it’s not possible to change the default port of an Atlas cluster 
It’s either change VPN provider, or DB provider, or manage deployment in a self-managed instance where one could change the DB ports, any of which is painful enough.
Why do you think that it would work? What you share with us is clear:
Why would you think they block MongoDB port and not other DB provider?
By
I understand that some of their servers are not blocked and will let you connect. May be you can try that before changing VPN or DB.
By
I understand that rather than trying to take care of the abusers, they prefer to block all legitimate users. The sad part is that they do not seem to be inclined to help you.
But networking wise, can’t you simply create a different IP route that bypass your VPN for what ever IP network your cluster is using?