0

I configured Cloud SQL instance with privateIP and the VM with service account credentials configured.

I could successfully connect to SQL server from VM instance to SQL instance(privateIP) using cloud proxy as follows,

./cloud_sql_proxy -instances=proj:us-central1:test-sql=tcp:5353 -credential_file=service.json

and from VM,

sqlcmd -S tcp:127.0.0.1,5353 -U sqlserver

All these working from VM and inside Google cloud. How to archive the same connectivity from Local SSMS studio, and i have tried downloading cloud-sql-proxy for windows system, and calling with same,

cloud_sql_proxy.exe -instances=proj:us-central1:test-sql=tcp:5353 -credential_file=service.json

using credential file for authentication; email=test@proj.iam.gserviceaccount.com
Listening on 127.0.0.1:5353 for proj:us-central1:test-sql
Ready for new connections

And i try to connect the SSMS using below connection params, enter image description here

Error from cloud_sql_proxy CMD: couldn't connect to "proj:us-central1:test-sql": dial tcp <PRIVATE_IP>:3307: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Any idea whats the problem and why am not able to connect from local machine with proper credentials file using SSMS? or do i missing any configurations?

Satscreate
  • 495
  • 12
  • 38
  • Have you tried using SQL Server's default port 1433? Here are the relevant [MS docs](https://learn.microsoft.com/en-us/sql/sql-server/install/configure-the-windows-firewall-to-allow-sql-server-access?view=sql-server-ver15#BKMK_ssde) referring to ports and port config (check if you don't have any specific firewall rules in your Windows computer blocking those ports). Initiating the proxy by running the following command from the Windows Powershell: `./cloud_sql_proxy -instances=[Instance-connection-name]=tcp:1433 -credential_file=service.json` should work. – Daniel Ocando Feb 10 '21 at 19:30
  • If they don't work post the specifics of the OS, SSMS version, Cloud SQL Proxy version and any other details pertaining the environment from when you are running the proxy. – Daniel Ocando Feb 10 '21 at 19:33
  • Have tried that but not working. @Dan – Satscreate Feb 11 '21 at 06:10

1 Answers1

0

As this documentation says, "When you configure a Cloud SQL instance to use private IP, you use private services access. Private services access is implemented as a VPC peering connection between your VPC network and the underlying Google services VPC network where your Cloud SQL instance resides". That means that only the Google network can access to the Private IP. However, you can use private services access to connect to Cloud SQL resources from external sources over a VPN tunnel or Cloud Interconnect to your VPC network. The topology should be like this

ON-PREMISE ----- VPN ----- Your GCP Project

So, have you checked if your VPN tunnel or your Cloud interconnect settings are right?

I would recommend you to take a look at here and be sure you have followed this:

1.- Ensure your VPC network is connected to the external network using a Cloud VPN tunnel or a VLAN attachment for Dedicated Interconnect or Partner Interconnect.

2.- Identify the peering connections produced by the private services connection:

  * cloudsql-mysql-googleapis-com
  * cloudsql-postgres-googleapis-com
  * servicenetworking-googleapis-com

3.- Update all of the peering connections to enable Export custom routes.

4.- Identify the allocated range used by the private services connection.

5.- Create a Cloud Router custom route advertisement for the allocated range on the Cloud Routers managing BGP sessions for your Cloud VPN tunnels or Cloud Interconnect attachments (VLANs).

Samuel Romero
  • 1,233
  • 7
  • 12