VPN

Virtual Private Network (VPN)

Virtual Private Network (VPN) in CloudRaya allows you to securely access your cloud resources through a private, encrypted connection.

Unlike consumer VPN services, CloudRaya VPN is designed to provide secure private access to your CloudRaya infrastructure, such as Virtual Machines and Kubernetes clusters, without exposing services to the public internet.

What CloudRaya VPN Is (and Is Not)

What CloudRaya VPN Is

CloudRaya VPN enables you to:

Securely access Virtual Machines inside a VPC
Access Kubernetes clusters
Manage infrastructure using private IP connectivity
Create an encrypted connection between your device and CloudRaya resources

This is ideal for:

System administrators
Internal application access
Secure infrastructure management

What CloudRaya VPN Is Not

CloudRaya VPN is not a consumer VPN service.

It does not provide:

Anonymous internet browsing
IP masking or location spoofing
Public VPN exit nodes (such as NordVPN or ExpressVPN)

CloudRaya VPN functions as a secure access gateway to your cloud resources, not as a general-purpose internet VPN.

How VPN Works in CloudRaya

CloudRaya VPN operates through a VPN gateway with a public IP, which acts as the entry point to cloud resources.

Connection flow:

User Device
   ↓ (Encrypted VPN Tunnel)
VPN Gateway (Public IP)
   ↓
CloudRaya Resources
   ↓
- Virtual Machines (VPC)
- Kubernetes Clusters (Platform-managed)

Once connected, your device behaves as if it is inside the CloudRaya private network.

VPN and Resource Networking Model

CloudRaya VPN supports access to different types of cloud resources, even though they use different underlying networking models.

Virtual Machines

Virtual Machines run inside a Virtual Private Cloud (VPC)
VPN enables access to VMs using private IP addresses
VM traffic follows VPC networking and access control rules

Kubernetes Clusters

Kubernetes clusters are managed by the CloudRaya platform
Kubernetes networking is handled internally by the platform
VPN provides secure access to Kubernetes clusters, without requiring VPC attachment or user-managed networking

Users do not need to configure or manage Kubernetes networking to use VPN access.

VPN Availability and Region Behavior

VPN availability in CloudRaya is region-based.

When a VPN Profile Appears

A VPN profile appears when the selected Cloud Zone (region) contains at least one supported resource:

A Virtual Machine, or
A Kubernetes cluster

Kubernetes clusters will appear in the VPN list as long as they are deployed in the same region as the selected VPN, even though they do not run inside a VPC.

Even if multiple VPCs exist in the same region, only VPCs with active resources will appear in the VPN list.

Example

Selected VPN region: Denpasar
Resources in Denpasar:
- No Virtual Machines
- One Kubernetes cluster

Result:

The Kubernetes cluster appears in the VPN list and is accessible via VPN.

VPN Scope and Limitations

VPN access is Cloud Zone-based
VPN users:
- Can be used across multiple VPCs
- Must remain within the same Cloud Zone
VPN access must be enabled before:
- Adding VPN users
- Removing VPN users
VPN connectivity uses a site-to-cloud model, not site-to-site