Force wildcard domain route via vpn

Post Reply
omer
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 16, 2020 3:17 pm

Force wildcard domain route via vpn

Post by omer » Tue Jun 16, 2020 3:22 pm

Hi

I am using mongo atlas cloud service.
And I have an openvpn access server in AWS.

Mongo Atlas setup the cluster nodes with a public and private ip while counting on internal vpc dns resolution.

When I connect to vpn is still resolving to the public up of the nodes and I’m not being routed via vpn.

Can I enforce that all traffic going to *.mongo.net via the vpn and not the public ips that I’m resolving from public dns?

novaflash
OpenVPN Inc.
Posts: 1055
Joined: Fri Apr 13, 2012 8:43 pm

Re: Force wildcard domain route via vpn

Post by novaflash » Thu Jul 16, 2020 8:16 pm

Hello omer,

If you use the Amazon AWS DNS resolver on the VPC that has access to MongoDB, you can get internal IP addresses in a specific range. I run a MongoDB setup on AWS too and it's peered to my VPC, so mongo's DNS records resolved through Amazon AWS give me private IP addresses that I can reach from within my VPC and also through VPN.

So the solution is that you need to have this peering setup with MongoDB (you probably already have this if your apps are in Amazon AWS VPC) and then configure OpenVPN Access Server to push the AWS VPC DNS server to your VPN clients, so they will use that DNS server too and get private IP addresses to connect to as well, and then give your VPN clients access to those private IP addresses through your VPN server.

novaflash
OpenVPN Inc.
Posts: 1055
Joined: Fri Apr 13, 2012 8:43 pm

Re: Force wildcard domain route via vpn

Post by novaflash » Thu Jul 16, 2020 8:16 pm

Usually the AWS VPC DNS resolver is on the second IP in the AWS VPC subnet. For example if your VPC is 10.0.0.0/8 it should be on 10.0.0.2.

Post Reply