Page 1 of 1

Force wildcard domain route via vpn

Posted: Tue Jun 16, 2020 3:22 pm
by omer
Hi

I am using mongo atlas cloud service.
And I have an openvpn access server in AWS.

Mongo Atlas setup the cluster nodes with a public and private ip while counting on internal vpc dns resolution.

When I connect to vpn is still resolving to the public up of the nodes and I’m not being routed via vpn.

Can I enforce that all traffic going to *.mongo.net via the vpn and not the public ips that I’m resolving from public dns?

Re: Force wildcard domain route via vpn

Posted: Thu Jul 16, 2020 8:16 pm
by novaflash
Hello omer,

If you use the Amazon AWS DNS resolver on the VPC that has access to MongoDB, you can get internal IP addresses in a specific range. I run a MongoDB setup on AWS too and it's peered to my VPC, so mongo's DNS records resolved through Amazon AWS give me private IP addresses that I can reach from within my VPC and also through VPN.

So the solution is that you need to have this peering setup with MongoDB (you probably already have this if your apps are in Amazon AWS VPC) and then configure OpenVPN Access Server to push the AWS VPC DNS server to your VPN clients, so they will use that DNS server too and get private IP addresses to connect to as well, and then give your VPN clients access to those private IP addresses through your VPN server.

Re: Force wildcard domain route via vpn

Posted: Thu Jul 16, 2020 8:16 pm
by novaflash
Usually the AWS VPC DNS resolver is on the second IP in the AWS VPC subnet. For example if your VPC is 10.0.0.0/8 it should be on 10.0.0.2.