Created a Google Cloud SQL instance.
Authorized my public IP to access the instance.
Created user with a password to use it.
Assigned IPv4 address to it.
I'm able to connect with the IPv4 address,
but not able to connect with the default IPv6 address.
I'm on Mac OSX Yosemite, 10.10.5 and my MySQLWorkbench is 6.2.4 (also tried with 6.3).
Any possible reason why I'm able to connect with IPv4 but not IPv6?
Just like you connect IPv4-to-IPv4 addresses, you need to connect IPv6-to-IPv6 addresses. Your ISP needs to support IPv6 and issue you an IPv6 prefix from which your IPv6 addresses originate. If you have IPv6 Privacy Extensions enabled on your Macintosh, your source IPv6 address will periodically change, and that could be a problem for your connection. Don't try to use Link-Local IPv6 addresses (start with fe80:). You will need Global IPv6 addresses (start with 2xxx: or 3xxx:).
Related
Is there a way to proxy/ port forward GCP Cloud SQL so that we can connect to it via the internet?
I don't want to do an SSH port forward via a Virtual Machine. Instead, I'm looking for a way such that we could connect to CloudSQL from a public IP of either a Virtual Machine or a Kubernetes service.
I don't want to connect directly from the public IP of the CloudSQL instance as it requires us to whitelist the user's IP address. We have also tried the Cloud SQL proxy but faced speed and performance issues.
Hence, now I'm looking for a solution to proxy the CloudSQL connection from a VM or Kubernetes service
I have tried using Stunnel to proxy the connection as described in this documentation.
output=/tmp/stunnel.log
CAfile=/tmp/mysql-server-ca.pem
client=yes
pid=/var/run/stunnel.pid
verifyChain=yes
sslVersion=TLSv1.2
[mysqls]
accept=0.0.0.0:3307
connect=private-ip:3306
But, I get an error while connecting to the MySQL server:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 104
Edit:
Stunnel runs on a Virtual Machine on Google Cloud
Stunnel connects to CloudSQL via Private IP (Both VM and CloudSQL share the same subnet)
MySQL can be connected from the VM using the private IP
Stunnel Logs:
2022.09.22 10:53:17 LOG5[2]: Service [mysqls] accepted connection from 127.0.0.1:37014
2022.09.22 10:53:17 LOG5[2]: s_connect: connected <mysql-private-ip>:3306
2022.09.22 10:53:17 LOG5[2]: Service [mysqls] connected remote server from 10.128.0.53:53302
2022.09.22 10:53:17 LOG3[2]: SSL_connect: ../ssl/record/ssl3_record.c:331: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2022.09.22 10:53:17 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
To access a Cloud SQL from a Compute Engine VM try the following, you can use either the Cloud SQL Auth proxy (with public or private IP), or connect directly using a private IP address
From the client machine or Compute Engine VM instance, use What's my
IP to see the IP address of the client machine.
Copy that IP address. In the Google Cloud console, go to the Cloud
SQL Instances page.
Go to Cloud SQL Instances
To open the Overview page of an instance, click the instance name.
Select Connections from the SQL navigation menu.
In the Authorized networks section, click Add network and enter the
IP address of the machine where the client is installed. Note: The IP
address of the instance and the MySQL client IP address you authorize
must be the same IP version: either IPv4 or IPv6
Click Done. Then click Save at the bottom of the page to save your
changes. Connect to your instance, either with SSL or without SSL.
To access a Cloud SQL instance from an application running in Google Kubernetes Engine, you can use either the Cloud SQL Auth proxy (with public or private IP), or connect directly using a private IP address. To connect to Cloud SQL you must have:
A GKE cluster, with the kubectl command-line tool installed and
configured to communicate with the cluster. For help getting started
with GKE, see the Quickstart.
Check the document for steps on how to configure without SSL
For Public IP-configured instances, a public-facing IPv4 address may
be enabled, allowing users outside the GCP project and VPC network to
connect to the instance.
Check the similar example here.
I want to configure mysql 5.7 on linux machine which is having IPV6 ip address. How can I connect server machine by client machine which is having IPV4 address. And which configuration parameters which I need to change to configure IPV6 connectivity.
If your server only has IPv6 and your client has only IPv4 then they cannot communicate without help from a third system. The most common ways are SIIT-DC gateways, server side reverse proxies to make the server reachable over IPv4, or client side proxies to allow the client to connect to IPv6 services.
IPv4 and IPv6 connectivity both depend on the network provider. You can set up tunnels, but native connectivity is strongly preferred.
Background
I'd like to connect Wordpress docker container to a Google Could SQL instance. By default Google Cloud SQL only expose an IPv6 address and preferably I'd like to connect Wordpress to this address but I can't find a way to do so (see my other stackoverflow post for details).
Question
I'd like to know if it's possible to connect to an IPv6 address from a pod running in Kubernetes (GKE)? If so how?
Currently, Google Cloud Platform Networks only support IPv4, so connecting to IPv6 addresses from GKE is not possible.
Google CloudSQL says the IPv4 is priced but IPv6 is free. So we can use the IPv6 to connect to CloudSQL instance without purchasing the IPv4 address. So when tried to connect from Google Compute Engine VM cant able to find IPV6 for that debian instance. How to connect CloudSQL from ComputeEngine using IPv6?
The problem is that currently Compute Engine does not support IPv6 (Yes, this is unfortunate). You can connect to your Cloud SQL instance using IPv6 from any host that supports it (for example, if you have an IPv6 at home).
I've setup my VM to use a network only allowing a whitelist of IP addresses on the SSH protocol on port 22.
If I try to SSH into my instance via the web browser within the developer console the connection is correctly refused, as it isn't originating from one of my permitted IP addresses.
I'm curious if there is a way to have my whitelist of IP addresses and still SSH into the VM via the browser. I know I can still connect using gcutil, and it would obviously work if I had the IP address.
Looking at the documentation, it isn't listed as a known issue.
When connecting from Developer Console SSH tool the instance receives connection from Google IP range, I made a test and it was from 74.125.0.0/16 range. You could try to temporary white list this range and see if you can access.
Regards
Paolo