Reputation: 1691
While configuring an Azure managed Postgres service, I am trying to configure connecting from local machines through VPN.
I can connect to the DB when white-listing IPs in Connection Security. I have added the subnet the VPN-gateway is connected to to the VNET Rules – this doesn't seem to make a difference.
I can connect to VMs through the VPN from my local machine.
However to make that work, I added the VMs' (private IP, Azure URL)-pairs to my local machines hosts
-file.
I can't find any IP for the DB-service (which seems to make sense for a managed service), so I can't make the same trick.
The error I'm getting, when trying to connect to the DB, is similar to the ones I got before adding hosts
mappings.
This all leads me to believe I need some way of having Azure resolve the URL (which might also preempt the need for hosts
-mappings in general).
From this article, I tried setting my DNS for 168.63.129.16, but that doesn't work at all (nothing at all is resolved).
Is there a way (and if so, how) to connect from a local machine to an Azure Database for Postgresql service through a VPN gateway?
Upvotes: 3
Views: 2849
Reputation: 1
using a internal load balancer within (layer 4) a VNET ? https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-overview VPN Clients point to LB, then LB redirects to Posgresql
Upvotes: 0
Reputation: 28304
I don't think there is a way to do this as your desired. You want to map an Azure database logical server private IP to your local hosts
file, then access it via VPN gateway.
You only know the public IP for the Azure database server. The public IP addresses of Azure services change periodically. You could find an IP address list by filtering your region. It does not recommend to use such a dynamic IP address. Refer to this blog.
Since Azure database is a fully managed Platform as a Service (PaaS) Database Engine not IaaS like Azure virtual machines, It's public and does not expose the database server private IP address. We only could access the database via Azure database server name over the Internet.
Furthermore, if you want to restrict its access only from a private network with virtual Network service endpoints. However, this works to allow resources like Azure VM in the authorized subnet to access directly your Azure database in a private network, could not guarantee that if you could access the Azure database from your local machine via VPN. This seems no on-premise route to your Azure database.
Upvotes: 2