Not able to connect Mongo ATLAS over "OpenVPN Connect" hosted on AWS EC2 Machine

Kumar_Narottam · July 14, 2021, 7:24pm

Hi Team,

We have created ALTAS cluster on Azure cloud.

We have our entire set up of micro services hosted on AWS EC2 machines, we are able to connect from micro services.

Since this lockdown for WFH, to connect to database we were using “Open VPN connect” deployed on AWS EC2 , which was acting as tunnel between user machine and EC2 machine.

Now we have whitelisted VPN machine’s Public and Private IP over Network access on ALTAS cluster but still i am not able to connect to ATLAS from local machine. I cannot let cluster be public and accessible over 0.0.0.0/0 .

Andrew_Davidson · July 15, 2021, 8:54pm

Hi Kumar,

To confirm, you’ve got the EC2 instance connecting via VPN to a VPN/or Azure expressroute to Azure before it then connect to Atlas, right? If so you may need to leverage Atlas with Private Endpoints (Azure Private Link) which offers transitive connectivity.

If I misunderstood and there’s no connectivity via Azure before Atlas and you just need to connect directly form an EC2 instance on AWS to an Atlas cluster on Azure: then you should only need to add the public IP of that EC2 instance to the Atlas IP Access List so surprising if it’s not working.

-Andrew

Kumar_Narottam · August 2, 2021, 9:21am

Hi Team,

We are trying to connect Mongo ATLAS deployed on Azure via OpenVPN connect/ FortiNet VPN client. Unfortunately FortiNet is able to resolve “Mongo dot com” but not able to resolve “Mongo dot net”. Is there any special settings to resolve “Mongo dot net”.
Steps done so far

We have whitelisted FortiNet VPN IP on Mongo cluster and Mongo cluster IP on Vpn Client.
Telnet from FortiNet VPN is failing.

ATLAS Cluster Information:
Our Mongo ATLAS cluster information:
onsatlascloud-shard-00-00.2elw7.mongodb.net:27017

Forti Net Information:
FortiNet is installed on Azure Cloud cluster only.

Christopher_Shum · August 2, 2021, 4:55pm

Hey Kumar,

Inability to resolve “mongodb dot net” may be clueing into a DNS problem - is Fortinet set up to be able to resolve public DNS records?

Separately, depending on how your configuration is set up, a direct connection to your Atlas cluster via VPN may not be possible without a bastion host. This is why my colleague Andrew was referencing Private Link which offers transitive connectivity.

Our live Atlas Support team will be able to troubleshoot this issue further for you. Can I ask you to go to:

mongodb.com
Click the green bubble in the right hand corner
Start a chat by selecting “Send us a message”
Select “I am a customer, and I need help” to speak with Support.

Best,
Chris

Diego_Canales · April 17, 2024, 10:43pm

I’m also trying to ensure my Mongo cluster can only be accessed via VPN (OpenVPN). I tried setting up VPC peering, and was able to connect from within my AWS VPC. However, I’m unable to connect from my VPN (I tried a bunch of different settings). This thread seems to indicate that I will be unable to connect via VPN if I’m using VPC peering, and that I need to use AWS Private Link

is this correct
if i set up a private endpoint, can I still use the existing .net mongo url for connectivity? i want to ensure that creating a private endpoint is not a breaking change