I have setup a mongodb atlas. Also, I have configured a VPC peering from mongodb atlas to my AWS VPC. I have allowed VPC CIDR in the IP access list on mongodb atlas and it’s working fine.
I also have a client VPN endpoint Which I am using to connect AWS VPC via secure tunnel. I have also allowed my client VPN private ip range on mongodb atlas IP access list but I am unable to connect to mongodb atlas endpoint.
I tried to dig down further and performed these steps:
-
resolve hostname from SRV record:
nslookup -type=SRV _mongodb._tcp.clusterx.xxxxxxxxxx.mongodb.net
-
ping the hostname
ping clusterx-shard-xx-xx.xxxxxx.mongodb.net
When trying the ping from AWS VPC, it resolves to the private ip of that hostname but when I try to ping the hostname from local, it resolves to public ip of that hostname. That was the reason I was unable to connect to mongodb atlas endpoint from my local.
Is there any way to make mongodb connection work with private ip from my local? Any suggestion/help is appreciated.
2
Answers
You’re most probably missing the route to the Atlas instance within your VPN connection.
AWS is aware of the destination IP address (therefore, it is resolvable), but doesn’t route your traffic to it (therefore, ping fails).
To resolve, you need to add the route to the Atlas instance – or add a default route that brings all the traffic through your VPN (which I do not recommend). You can find out how to do it in more detail in AWS documentation.
You need bi-directional routing – your packets have to get from your machine to Atlas and packets from Atlas have to be able to get back to your machine. I am unsure if you can modify the routing table on the Atlas side to send the packets back.
Assuming it’s not possible to modify the routing table on the Atlas side you will need to ensure that your outbound packets appear to come from an IP in the peered VPC instead of an external IP range.
The two easiest ways of doing that are: