How-to | Access data sources through a VPN server#

You can configure an OpenVPN tunnel between Dataiku Cloud and your network to access your private data sources. The OpenVPN server is under your control and it exposes your data sources. Dataiku uses an OpenVPN client to establish the VPN connection and reach them.


  • VPN is not available in all Dataiku plans. You may need to reach out to your Dataiku Account Manager or Customer Success Manager.

  • Dataiku Cloud only supports OpenVPN servers.

  • The private subnets exposed by your OpenVPN server should not overlap the following CIDR ranges:,, or

To configure the VPN:

  1. Go to Launchpad’s Extensions panel.

  2. Add the VPN extension.

  3. Provide an OpenVPN configuration file for clients.

You can choose between:

Routing all traffic

If this option is selected, all outgoing traffic from Dataiku will go through the VPN tunnel. In this case, ensure that all your data sources are accessible from your VPN server, and that your VPN server can also route traffic to the internet so your Cloud instance can function properly.

Routing the traffic to a list of IP ranges

If you deselected the all traffic option, you must list all addresses or ranges for which the traffic will be routed through the VPN.

Optionally, a private DNS server can be used. This let you use your own DNS server to resolve the domains of your private data sources that are accessed through the VPN. You have to fill in the IP address of this DNS server, and the list of domains that should be resolved using this DNS server. The other domains will still be resolved by the regular Dataiku DNS servers.


To enable VPN tunneling, the Dataiku instance needs to be restarted. This operation could take up to 15 minutes.