Understanding Site-to-Site VPN statuses
VPN gateway statuses
An VPN gateway always has a status, which can be retrieved via the API using the Get a VPN gateway call.
This section explains the different statuses possible for a VPN gateway, and how to understand them.
| Status | Description |
|---|---|
| Provisioning | The create action has been triggered, and Scaleway is provisioning the gateway. This status should be momentary: if it persists, contact support. |
| Active | The VPN gateway has been created successfully, and is now operational. |
| Failed | Scaleway was unable to create the VPN gateway. Wait a few seconds and refresh to check the status does not change. If the problem persists, contact support. |
| Configuring | The gateway is configuring and is in a transient state. No user actions can be carried out. This status generally occurs while a new configuration is being applied, e.g. you have modified its settings. This status should be momentary: if it persists, contact support. |
| Locked | The gateway has been locked by the Trust and Safety team. You cannot carry out any actions on the gateway. Open a support ticket. |
| Deprovisioning | The delete action has been triggered, and Scaleway is deprovisioning the gateway. This status should be momentary: if it persists, contact support. |
Connection statuses
A Site-to-Site VPN connection also always has a status, separate to that of the VPN gateway which can be retrieved via the API using the Get a connection call. The connection status is based on the tunnel status, BGP session status, and attachment of a routing policy.
This section explains the different statuses possible for a connection, and how to understand them.
| Status | Description |
|---|---|
| Ready | The connection has been created and is ready to connect. The tunnel cannot be established because the customer gateway device is not yet successfully configured. |
| Active | The connection has been created, and all expected BGP session(s) between the two gateways are up. Traffic can flow through the connection's tunnel. |
| Limited connectivity | The connection has been created, but IP connectivity is limited. This may be the case if the connection has both an IPv4 and an IPv6 routing policy attached, but only one of the two associated BGP sessions is up. |
| Down | The connection has been created, but no BGP sessions (neither IPv4 not IPv6) are up, and without route announcements no traffic can flow through the tunnel. |
| Locked | The connection has been locked by the Trust and Safety team. You cannot carry out any actions on the connection. Open a support ticket. |
Tunnel statuses
Within a Site-to-Site VPN connection, the connection's tunnel also has its own status.
This section explains the different statuses possible for a connection's tunnel, and how to understand them.
| Status | Description |
|---|---|
| Up | The VPN tunnel is active and ready to route traffic. |
| Down | The VPN tunnel is not able to route traffic. The customer gateway is probably not configured correctly. |
BGP session statuses
A Site-to-Site VPN connection has at least one associated BGP session.
A BGP session is a protocol-based connection between the customer gateway and a VPN gateway, where the two gateways automatically exchange routing information to facilitate communication across the VPN tunnel.
A connection has one BGP session for each attached routing policy, up to a maximum of two - one for IPv4 and one for IPv6.
This section explains the different statuses possible for a BGP session, and how to understand them.
| Status | Description |
|---|---|
| Up | The BGP session between the VPN gateway and the customer gateway is running as normal. |
| Down | The BGP session between the VPN gateway and the customer gateway is not successfully running. The customer gateway is probably not configured correctly. |
| Disabled | No routing policy for the corresponding IP type is attached to the VPN connection, so no BGP session can be launched. |