Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions pages/site-to-site-vpn/concepts.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ A customer gateway device is a real physical or software-based networking device

Dynamic routing allows routers to automatically exchange reachability information using protocols such as BGP, rather than requiring an administrator to manually configure every individual route.

## High availability

A high availability (HA) setup is an infrastructure without a single point of failure. It prevents a server failure by adding redundancy to every layer of your architecture.

## IPsec

**I**nternet **P**rotocol **Sec**urity (IPsec) is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet in a data stream. In the context of Scaleway Site-to-Site VPN, IPsec provides end-to-end security for traffic flowing through the VPN tunnel between a VPN gateway and a customer gateway.
Expand Down
6 changes: 6 additions & 0 deletions pages/site-to-site-vpn/faq.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ Site-to-Site VPN lets you securely connect your Scaleway VPC to your remote infr

Site-to-Site VPN connections are secured with Internet Protocol security (IPsec). When creating a VPN [connection](/site-to-site-vpn/reference-content/understanding-s2svpn/#connection), you are prompted to define a **security proposal** (aka IPSec proposal) which defines the precise encryption and authentication methods to secure the tunnel. Read more about security proposals and encryption in our [dedicated documentation](/site-to-site-vpn/reference-content/security-proposals/).

### Does Site-to-Site VPN offer high availability (HA) or multi-site capabilities?

Yes, you can easily set up a high availability and/or multi-site deployment by creating VPN gateways in different Availability Zones of a Region for a given Private Network.

Refer to the [dedicated documentation](/site-to-site-vpn/reference-content/ha-multisite-configurations) for reference HA/multi-site configurations.

## Compatibility and integration

### Can I use Site-to-Site VPN to connect two Scaleway VPCs?
Expand Down
4 changes: 4 additions & 0 deletions pages/site-to-site-vpn/menu.ts
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@ export const siteToSiteVpnMenu = {
label: 'Establishing a Site-to-Site VPN between Scaleway and AWS with Terraform',
slug: 'configure-site-to-site-vpn-aws-scw-terraform',
},
{
label: 'High availability and multi-site configurations',
slug: 'ha-multisite-configurations',
},
{
label: 'Site-to-Site VPN Security proposals',
slug: 'security-proposals',
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
title: Site-to-site VPN high availability and multi-site configurations
description: This page provides additional information to deploy high availability and multisite setups using Scaleway Site-to-site VPN.
tags: s2s vpn multisite ha resiliency redundancy setup deployment
dates:
validation: 2026-05-06
posted: 2026-05-06
---

import singleNoHA from './assets/scaleway-vpn-single-no-ha.webp'
import singleHA from './assets/scaleway-vpn-single-ha-2-1.webp'
import singleCrossHA from './assets/scaleway-vpn-single-cross-ha-2-2.webp'
import multiHA from './assets/scaleway-vpn-multi-2-2-2.webp'

Site-to-site VPN allows you to set up high availability and multi-site deployments by letting you deploy VPN gateways across multiple Availability Zones within a Region, all attached to the same Private Network.

Adding redundancy with a second VPN gateway eliminates single points of failure for critical infrastructure. You can then connect several distinct infrastructures to set up large-scale multi-site deployments.

## Single site configuration without redundancy

In this configuration, a VPN gateway in a single Availability Zone connects to a customer gateway in a single remote infrastructure.

<Lightbox image={singleNoHA} alt="A schema of a simple Site-to-Site VPN configuration without redundancy." />

## Single site configuration with redundancy on Scaleway side

The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, and connected to a customer gateway in a single remote infrastructure. This setup offers high availability on the Scaleway side.

<Lightbox image={singleHA} alt="A schema of a single customer site configuration with redundancy provided by two VPN gateways in different AZs for the same Private Network on Scaleway side." />

## Single site configuration with crossed redundancy on both Scaleway and customer sides

The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, each connected to two customer gateways in a single remote infrastructure. This setup offers high availability on both the Scaleway and customer sides, with crossed redundancy for the connections.

<Lightbox image={singleCrossHA} alt="A schema of a dual customer gateway configuration in a single remote infrastructure with redundancy provided by two VPN gateways in different AZs for the same Private Network on Scaleway side." />

## Multi-site configuration with crossed redundancy on both sides

The schema below represents a Site-to-Site VPN configuration between two VPN gateways in two AZs, attached to a single Private Network in a single VPC on the Scaleway side, each connected to four customer gateways across two remote infrastructures. This setup offers high availability on the Scaleway side, and each site on the customer side, with crossed redundancy for the connections.

<Lightbox image={multiHA} alt="A schema of two separate customer remote infrastructure containing two customer gateways each, with redundancy provided by two VPN gateways in different AZs for the same Private Network on Scaleway side." />
Loading