I am trying to connect to an azure sql server database but am hitting a majour issue.
I have setup a connector and added the fqdn to the azure sql server as a resource and assigned users to the resource.
I have rtied the following:
- Whitelist the connector IPs on the Azure SQL Server
- Create a private endpoint for the sql server and peer the twingate connector vnet to the sql server vnet.
In both instances SQL server sees my client IP and not the connector.
I can see in the twingate logs that when I query the database domain (the resource), that that connection is being picked up and routed to the connector. However SQL server still sees my original client IP and blocks the connection.
Any thoughts on how to resolve this?
Did you manage to resolve this? Running into exactly the same issue.
I did yes.
If you are peering between vnets you also have to setup a DNS resolver between the resources. It is dug away in their docs.
In our case and for simplicity we just made PE directly to the same vnet that the connector is attached to.
For anyone facing this issue here is some more detailed instructions.
When you create a vnet with a private endpoint a private dns service is setup and private domains specifically named based on the resource being linked is setup. The DNS zone is linked to the vnet where the private endpoint resised.
Now when you peer one vnet to that vnet you also have to link the DNS zone to the peered vnet so that it can resolve the private link FQDN.
There is a bunch of ways to do this but I just linked the 1 DNS zone to the peered vnets.
There are additional articles here