Using OpenVPN with MySQL Database Service

I’ve already provided some solutions to connect to your MDS instance, using MySQL Router, SSH tunnel, … but one of the best way if you have multiple instance to manage, is to use a VPN.

This post summarize the steps on how to deploy Open VPN and configure your VCN to use it.

So, in OCI, we have already some MDS & Compute instances deployed, this is how the dashboard looks like:

OpenVPN Deployment

We can start by deploying our OpenVPN instance using OCI’s Marketplace:

And you follow the wizard by adding your administrator username and password:

An important step is to use the existing VCN and place the OpenVPN in the public subnet:

And you create the instance:

After clicking the “Create” button, Terraform will enter in action and when everything will be deployed, at the end of the log, you will find the url you must use to configure your OpenVPN and create the vpn users:

Paste the url in your browser and accept the risk of using a self-signed certificate:

OpenVPN Configuration

Then log in with your admin credentials and select the “VPN Settings”:

And in routing, change from NAT to Routing and add the two subnets used in the VCN:

It’s time to create a VPN user and configure again the routing (no idea why it’s needed to do it twice):

And don’t forget to update the server:

VCN modification

We also need to ensure that the servers in our VCN (private and public subnets), can find their route to the OpenVPN client.

We do this by adding new routes, the destination is

Connecting to VPN

It’s time to connect your machine (laptop, desktop) to your VPN, the first thing is the download the configuration by connecting to the web interface (same url with /admin):

OpenVPN on Fedora

Just for info, this is how I add the VPN to Network Manager on Fedora:

$ nmcli connection import type openvpn file client.ovpn

And you add the credentials on it and rename it:

Now you can enable the VPN from the network settings:

Connection to MDS

And now that your are connected, you can use MySQL Shell to connect to your MDS instance’s private IP:


This is the more secure and easy way to connect to all your services deployed in OCI and particularly a MySQL Database Service instance that will never get a public IP assigned to it.

You can connect with MySQL Classic client, MySQL Shell, Workbench and any other tool that needs to connect to MySQL with the Classic or X protocol.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

As MySQL Community Manager, I am an employee of Oracle and the views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

You can find articles I wrote on Oracle’s blog.