I tried enabled rds from my twingate connectors, initially I follow this guide which says only 443 TPC, UDP, and some relay ports are required - Best Practices | Docs
But when I was trying to login using psql it was failing. To debug this I tried telnet with same port 1411, and that was working.
Next I do open port 1411 from connector ec2 machine egress along with above mentioned ports and it’s start working. For now, things are working for me but wanted to understand, do I need to open port from connector egress each time I am adding new port based resource.
Any guide, document will be helpful
Couple of things to clarify:
- Connectors only require outbound access yes, and that is the correct guide to look at for that. They need to be able to reach out on TCP ports 443, 30000-31000, and any UDP port (the latter is used for peer-to-peer connectivity)
- Internally within your environment the Connector will need to be able to access any machine and port that you set up as a Resource, as it is acting as a local proxy for the Client
What this means is if you create a Resource defined as 10.0.0.1 with port 1411 for the system you’re trying to access, then the Connector needs to be able to get to that. If that system is in a different VPC and you have some sort of security group setup with rules to prevent access, then the connection will fail.
When you look at the activity logs inside of the Admin Console, do you see entries on that Resource when you try to connect? If so does it show that you’re able to connect to the Connector, and that the Connector just can’t get to the system in question? If so then there’s a local network routing issue between the Connector and the Resource, but if there’s no entry at all then there’s more likely something blocking the Connector from even getting out to our system.