I have a CosmosDB instance that allows connections originating from a virtual network (let's call it "online-vnet"), in an address space 10.0.0.0/16. In the tenant there is a VPN defined ("online-vpn") and connected to a subnet of the virtual network ("ONLINE-VNET/GatewaySubnet"), with an address pool of 172.16.0.0/24.
In order for developer workstations to connect to CosmosDB, I have to whitelist their public IP addresses, or else they get errors like this:
Request originated from IP 197.123.45.67 through public internet. This is blocked by your Cosmos DB account firewall settings.
According to ipconfig, I have an IP address of 172.16.0.4 on the PPP adapter.
I want to enable workstations (starting with my own) that connect to the VPN to be able to query CosmosDB. How do I go about configuring this?
I have tried to add the VNET again to try specify a different address range, but Azure doesn't allow it.
