Set access to mongoDB on my VPN

Hi,
We are using a VPN to access our company cloud.
This VPN works on split mode. So only traffic to our subnets is handled by the VPN.

I want to add to the VPN a new route to our M60 replica set cluster on Atlas.
This way, all the VPN-connected users can access Atlas using the same IP.
(when a user tries to access the DB on her machine, the DNS will resolve the IP, and the VPN will route it via our NAT server)

What is the IP range I need to route to the VPN?
I can route the IPs of the current cluster instances. But not sure if they will change over time.
Our cluster is on AWS (one region only)
I don’t mind routing all of my VPN user’s traffic for any of Atla’s IPs in that region. This way, even if the IP changes, we will still route the new IP (as long as the cluster stays in the same AWS Region)

Where can I find the list of Atlas external IPs?
Do I have any other solution?

Hi @Izack_Varsanno - Welcome to the community :wave:

Perhaps the details on the FAQ: Networking documentation, specifically the “Do Atlas clusters’s public IPs ever change?” section, will help you here. From a network perspective, could you use the hostname as opposed to the IP address?

Regards,
Jason

Hi @Jason_Tran ,
Thanks, I reviewed the FAQ before; I’m sorry for not mentioning it.
My cluster is an NVMe-backed cluster. And I have the feeling that the FAQ might ignore a few scenarios.
A server failing in AWS will force it to build on a different host.
They are not talking about this scenario at all.
And since the IP might change even on scaling the cluster (NVME), I think forwarding all the Atlas subnets for that AWS region via my VPN would be better. None of my team members should access other Atlas DBs while connected to our company VPN.

Thanks for the confirmation Izack - As mentioned before, does using the hostname as opposed to IP work for your scenario? In a scenario where the IP changes, I would think that the hostname would then just resolve to the new IP.

Hi @Jason_Tran,
I need to set the routing table for the open VPN.
It should get an IP-Range. No reverse proxy is available as part of the config.

With only the current IPs data, I will need to update the VPN configuration each time new IP is assigned and then ask the user to reconnect to the VPN.
This is not a big deal, but since such a change will rarely happen, I’m afraid that no one will remember the needed steps :wink:

1 Like

Ah gotcha. Hmm, guess it’ll be a bit tough in this case since there is still a chance IP changes could occur.

Perhaps other members will have some network suggestions that may work for this use case.

Hi,
I decided to choose a different path.
I added a VPC Peering between our Atlas cluster and our VPN-VPC at AWS.
Now all the VPN users are accessing MongoDB using private IPs only, and the routing is simple.

2 Likes

Perfect - thanks for providing the update here Izack. Sounds like that route works for your use case / requirements :slight_smile:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.