Hi friends!
I installed a connector in my private network and configured access to all resources. Works perfectly! But, my database is not in this network but in the MongoDB Atlas cloud. Can I access it with the help of my connector? I specified the DB as a resource of my private network and specified the public address of the connector in Atlas, but there is no connection. Can you tell me what I need to do to access my DB only through Twingate (is it possible)?
Thank you!
hi @alex.zabyshny,
great stuff! Yes, you can protect a publicly hosted resource behind Twingate and it sounds like you configured it well (IP whitelisting on the Connector’s egress IP). The only thing I can think of is that your mongodb resource in Twingate blight not be intercepting all of the traffic needed for it to work. Try adding another resource for cloud.mongodb.com. From what I remember, it is also used for mongodb traffic.
Unfortunately it didn’t help. I get the following error when trying to connect (using MongoDB Compass):
1254142743296:error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR:../../third_party/boringssl/src/ssl/tls_record.cc:592:SSL alert number 80
This is the link provided by the MongoDB support bot:
Is it possible that my connector does not support TLS connections?
Weird. In the admin console I can see that the connection is established:
But I still get an error from my side without any connection (MongoDB Compass)
the connector definitely supports TLS.
Interesting that the connection is established as per the Admin Console, usually when that happens, it means there is an application side issue but not sure what could be interfering with the traffic?
Would you consider doing a packet capture while you are trying to connect via Twingate? With it, we can take a look at all domain requests and see if there is a missing resource definition (that would cause not all the right traffic to go through Twingate).
I added another resource but it didn’t help (not sure if this is the correct syntax tho).
Maybe there is some way to route all user traffic through the connector? To test that at least in this case it will work
UPD: tried solution (to route all traffic) from this topic How to route all traffic through my infra and it works
Resolved by adding this
instead of adding cluster0.*******.mongodb.net.
I think it works because the Mongo cluster has 3 nodes and it looks like Compass needs a connection to each of them. And such nodes have addresses like: ac-*******-shard-00-00.*******.mongodb.net
Nicely done!! Glad you got it sorted out.