Testing MySQL Database Service without VPN – part 2

In a recent article, I explained how to test MySQL Database Service (aka MDS) on OCI without having to setup a VPN.

A VPN is the recommended way and of course using some man-in-the-middle exposing the MySQL Classic and X Protocol port is something you should absolutely avoid !

So, in this article we will see another way to test or use MDS without VPN but using a more secure option.


The solution uses a SSH tunnel between your machine (laptop, etc..) and OCI.

How does it work ?

We have a MDS instance (, and a compute instance ( The compute instance is in the public subnet and has a public IP assigned to it.

Then we open a SSH tunnel to the compute instance’s public IP that forward all traffic to a certain port on localhost (we will use 3406) to the port 3306 of the MDS instance (and 34060 for port 33060, X protocol).

Security List

Of course connections to the MySQL ports need to be allowed between the Public Subnet and the Private Subnet:

SSH Tunnel

When you created the compute instance to use as jump host, you also specified a SSH public key. Usually you connect using SSH to that host with the opc user.

This time we will use the same user, the same key but we will also create a tunnel that will stay open as long as the ssh session is open:

We use the -L option of ssh to create the tunnel. We say to listen on local port 3406 and to redirect that traffic using this ssh session to the server (the MDS instance) on port 3306. And we do the same for X protocol.

Now we can use MySQL Shell an try to connect on both ports using the MDS credentials:

MySQL Workbench

If you only need to use MySQL Workbench, it’s possible to create a similar tunnel directly in Workbench to connect to MDS:

As you can see, we use the same information.

Let’s test the connection:

Wooohooo, it works \o/


This is another way to test the new MySQL Database Service without a VPN but in a safer way.

This is also a nice way if you prefer to access your MySQL Database using a GUI interface like MySQL Workbench.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

As MySQL Community Manager, I am an employee of Oracle and the views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

You can find articles I wrote on Oracle’s blog.