Connect databases via VPN

While we recommend you connect your databases using an SSH tunnel, you can also use an encrypted VPN connection to keep things secure. A VPN can be used for any of our database integrations and, to keep things simple, the process is just about the same as setting up an SSH tunnel:

  1. Create an MBI database user
  2. Create an MBI VPN user
  3. Allow access to the MBI IP address
  4. Enter the connection and VPN user info into MBI

In addition to database credentials, you will have to enter credentials for a VPN user to wrap things up. Any VPN user will work, but we recommend you create an MBI user - it makes it easier for you to keep track of the users on your account.

Let us get started.

Creating a database user for MBI

The process for creating a database user will vary depending on the database type you are connecting. To see the instructions for each database type, click the links below.

Creating a VPN user for MBI

As we mentioned before, any valid VPN user will work - but we strongly recommend you create a user solely for MBI use.

Allow access to the MBI IP addresses

For the connection to be successful, your must configure your firewall to allow access from our IP addresses. They are 54.88.76.97 and 34.250.211.151, but it is also on the credentials page for any database integration:

MBI_Allow_Access_IPs.png

Entering the connection and VPN user info into MBI

To wrap things up, we need to enter the connection and user info into MBI. Did you leave the database credentials page open? If not, go to Manage Data > Connections and click Add New Data Source, then the icon for the database you are connecting. do not forget to change the Encrypted toggle to Yes.

Enter the following info into this page, starting with the Database Connection section:

  • Username: The username for the MBI database user
  • Password: The password for the MBI database user
  • Port: The database’s port on your server. Defaults are:
  • MicrosoftSQL: 1433
  • MongoDB: 27017
  • MySQL: 3306
  • PostgreSQL: 5432
  • Host: By default, this will be localhost 127.0.0.1, but it could also be your server’s public IP address or a local area network address.
  • Database Name (optional): If you only allowed access to one database (this is specified during the database user creation step), enter the name of that database here.

Under the Encryption Connection section:

  • Encryption Type: Set this to Cisco IPsec VPN
  • Gateway Address: The IP address of the VPN server
  • Group Name: The name of the group used for group authentication
  • Group Secret: The password corresponding to the group.
  • Username: The MBI VPN username
  • Password: The MBI VPN user password

That is it! When you are finished, click Save & Test to complete the setup.

On this page