Cannot connect MySql Workbench to an Azure Database for MySql Flexible Server, with private access

Question

I'm trying to connect MySql Workbench to an Azure Database for MySql Flexible Server, with private access, and get this error: "Unable to connect to localhost".

Here are the steps I took when creating the various resources on Azure:

I created an Azure Database for MySql Flexible Server, with private access (so it's behind a VNET). I did this from Azure Portal. It automatically created a VNet for me, with a default address space of 10.0.0.0/24 (delegated to the MySql server), and a private DNS zone, with an A record to the MySql server, at IP 10.0.0.4.

I then created a gateway to the VPN to allow me to connect to it from my local PC. For the gateway, I added a second address space to the VNet of range 10.0.1.0/24.

I then configured the point-to-site configuration on the Gateway to address pool "10.0.2.0/24", tunnel type "OpenVPN (SSL)", authentication type to "Azure certificate", and used Powershell to generate a root certificate, which I exported to Base-64 encoded X.509 (.CER), and copy-and-pasted the Base64 part to the "Public certificate data" (I gave it the name "P2SRootCert").

I then downloaded the VPN client configuration file and imported it into Azure VPN Client. I was then able to successfully establish a VPN connection to the Azure VNet. If I open Terminal and do an "ipconfig/all", I get this:

PPP adapter mysql-flexible-server-resource-group-vnet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : mysql-flexible-server-resource-group-vnet
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.2.130(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

I then created a new connection on MySql Workbench, with my server in the Hostname field (pw.mysql.database.azure.com), username (it's "pwuser", but I also tried "pwuser@pw"), password, and I set "Use SSL" to "Require", and set the path to the CA file (DigiCertGlobalRootCA.crt.pem) that I downloaded "Networking" link of the MySql server.

However, as I mentioned, when I try to connect, MySql Workbench gives this error: "Unable to connect to localhost". Why localhost, when I'm specifying a hostname of "pw.mysql.database.azure.com"?

I tried connecting using the MySql Server IP address instead of URL. so, while connected to the VNet, I did a "nslookup pw.mysql.database.azure.com" and got this:

Server:  UnKnown
Address:  192.168.8.1

*** UnKnown can't find propworx-mysql-flex.mysql.database.azure.com: Non-existent domain

I guess that could be because the MySql Server is configured for private access, therefore I cannot do an nslookup.

I've spent two days on this. I've deleted everything and recreated everything, following the documentation as best I could, but still not working. I would really appreciate any hints or pointers!

Thank you.

Answer 1

Looks like I need to set up a DNS forwarder. To do this I'd have to create a virtual machine on Azure. I will probably do that eventually, but for now I've simply added an entry into my hosts file to take care of the mapping from the domain name (pw.mysql.database.azure.com) to the IP address (10.0.0.5)