1

I have a MongoDB AWS instance inside a VPC that uses a private IP. The MongoDB is more secure this way because there are no public IP references to the database. I am running a VPN server using OpenVPN. If I have to access the MongoDB remotely, I just us the OpenVPN Connect Client with the IP address, 10.0.0.95. In my code, I reference the MongoDB url with the AWS private DNS name, ip-10-0-0-95.ec2.internal. No issue when the code is running on an AWS instance within the VPC. However, when I run the same code on my local machine it does not find the DNS address. Like I said, I am running a VPN client that is properly connected to the VPN. If I change my code url reference to 10.0.0.95 everything works fine both locally and running on an AWS instance within the VPC. Clearly, this is a correct solution and I could just move on. However, is there a way to run the code locally? Obviously, my local machine is not resolving the DNS address. Is there some way that I can locally resolve the VPC DNS address with my VPN client?

skmansfield
  • 1,413
  • 3
  • 19
  • 41
  • If your VPC's CIDR supernet is 10.x.x.x/xx, then you'll find that there's a DNS server inside your VPC at 10.0.0.2. You *may* be able to access it over the VPN, so from your workstation, try `$ dig @10.0.0.2 ip-10-0-0-95.ec2.internal`. If that works, you can specify that in the openvpn config as the DNS server. This will depend on your VPN config. If it does not work, your openvpn server's `iptables` will need to be configured to NAT your VPN-sourced requests to the DNS server using its address or you'll need a DNS proxy installed on it. Try the above and let us know if that works. – Michael - sqlbot Apr 01 '17 at 18:52
  • Is there anything else equivalent to Dig? Trying to download it. Want's to download a C++ execution environment and then re-boot my machine. Tried it 3 times with no luck. The real pain is 3x windows re-boot and then stare into space waiting for windows to finish. – skmansfield Apr 01 '17 at 19:37
  • try `nslookup 10-0-0-95.ec2.internal. 10.0.0.2` – Dusan Bajic Apr 01 '17 at 21:22
  • I tried nslookup 10-0-0-95.ec2.internal. I got "*** cdns01.comcast.net can't find 10-0-0-95.ec2.internal: Non-existent domain". Also tried 10.0.0.2 and got the same error. It's pretty clear my desktop is using the internet connection dns, in my case 'comcast', to try to resolve the dns address. – skmansfield Apr 03 '17 at 18:30
  • try adding `push "dhcp-option DNS 10.0.0.2"` to your server openvpn .conf file – Dusan Bajic Apr 06 '17 at 14:32
  • See answer to this question, https://stackoverflow.com/questions/67050384/cant-connect-client-vpn-endpoint-to-rds-in-a-vpc?rq=1 – Edward Olamisan Mar 03 '23 at 20:36

1 Answers1

1

You need to forward your desktop DNS requests through the VPC and they will resolve the private DNS address. So you basically need to setup a DNS forwarder. I had the same issue - please try this solution - VPN clients to resolve private DNS hostnames in AWS Let me know how it goes

Antonio Gomez Alvarado
  • 1,842
  • 2
  • 13
  • 24