feat(S2S): first doc

Author: RoRoJ

pages/site-to-site-vpn/index.mdx

@@ -0,0 +1,63 @@
+---
+meta:
+  title: Site-to-Site VPN Documentation
+  description: Explore Scaleway Site-to-Site VPN. Connect your Scaleway VPC to your remote infrastructure, via an encrypted, private VPN tunnel. 
+---
+
+<Alert
+  sentiment="info"
+  title="Site-to-Site VPN is in Private Beta"
+>
+  Site-to-Site VPN is currently in Private Beta, and available to selected testers only via the Scaleway API. [Request an invitation](https://www.scaleway.com/en/betas/#site-to-site-vpn).
+  </Alert>
+
+
+<ProductHeader 
+   productName="Site-to-Site VPN"
+   productLogo="sns"
+   description="Securely connect your Scaleway VPC to your remote infrastructure, enabling encrypted data exchange over a private tunnel."
+   url="/site-to-site-vpn/reference-content/understanding-s2svpn/"
+   label="Understanding Site-to-Site VPN"
+/>
+
+## Getting Started
+
+<Grid>
+    <SummaryCard
+        title="Understanding Site-to-Site VPN"
+        icon="rocket"
+        description="Learn how to start using Site-to-Site VPN"
+        label="View Doc"
+        url="/site-to-site-vpn/reference-content/understanding-s2svpn/"
+    />
+    <SummaryCard
+        title="Concepts"
+        icon="info"
+        description="Core concepts that give you a better understanding of Site-to-Site VPN."
+        label="View Concepts"
+        url="/site-to-site-vpn/concepts/"
+    />
+        <SummaryCard
+        title="TODO"
+        icon="book-open-outline"
+        description="TODO"
+        label="TODO"
+        url="TODO"
+    />
+</Grid>
+
+
+<ClickableBanner
+    productLogo="cli"
+    title="Site-to-Site VPN APIs"
+    description="Manage Site-to-Site VPN using the Scaleway API."
+    url="https://www.scaleway.com/en/developers/api/s2s-vpn/"
+    label="Go to Scaleway Site-to-Site VPN API"
+/>
+
+## Changelog
+
+<ChangelogList
+    productName="site-to-site-vpn"
+    numberOfChanges={3}
+/>

pages/site-to-site-vpn/reference-content/assets/scaleway-s2svpn-conceptual.webp

@@ -0,0 +1,8 @@
+---
+meta:
+  title: InterLink - Additional content
+  description: InterLink additional content
+content:
+  h1: InterLink - Additional content
+  paragraph: InterLink additional content
+---

pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-one-tunnel-both.webp

@@ -0,0 +1,38 @@
+---
+meta:
+  title: Site-to-Site VPN security proposals
+  description: Find out what the different encryption and authentication ciphers available with Scaleway Site-to-Site VPN, and how to to choose the best algorithm for your use case.
+content:
+  h1: Site-to-Site VPN security proposals
+  paragraph: Find out what the different encryption and authentication ciphers available with Scaleway Site-to-Site VPN, and how to to choose the best algorithm for your use case.
+tags: vpn connection encryption authentication security cipher security-proposal
+categories: 
+  - site-to-site-vpn
+  - network
+dates:
+  validation: 2025-06-03
+  posted: 2025-06-03
+---
+
+<Message type="note">
+Site-to-Site VPN is currently in Private Beta, and available to selected testers only via the Scaleway API. [Request an invitation](https://www.scaleway.com/en/betas/#site-to-site-vpn).
+</Message>
+
+When creating a VPN [connection](/site-to-site-vpn/reference-content/understanding-s2svpn/#connection), you must define a security proposal (aka IPSec proposal). The security proposal defines the encryption and authentication methods used to secure the IPSec VPN tunnel.
+
+There are two parts to a security proposal:
+
+- **IKEv2** (Internet Key Exchange): Establishes a secure connection between the VPN gateway and the customer gateway
+- **ESP** (Encapsulating Security Payload): Encrypts and authenticates the payload of the IP data packets traveling through the tunnel.
+
+When defining your Site-to-Site VPN security proposal, you need to define the options to be used for the following elements:
+
+| Protocol        | Element         | Description                                        | Options  |
+|-----------------|-----------------|----------------------------------------------------|--------------------|
+| **IKEv2**       | **Encryption**  | Algorithm to encrypt IKE negotiation messages | `aes` (AEAD and non-AEAD) |
+| **IKEv2**       | **Integrity**   | HMAC-based algorithm to verify IKE negotiation messages have not been tampered with | `sha`   |
+| **IKEv2**       | **Key Exchange Method** | DH group to define strength of key exchange | `ecp`, `curve`, `modp` |
+| **ESP**       | **Encryption**  | Algorithm to encrypt traffic's data payloads  | `aes` (AEAD and non-AEAD)  |
+| **ESP**         | **Integrity**   | Only set an HMAC-based algorithm to verify integrity of data payloads if **not** using an AEAD algorithm for ESP encryption. Otherwise, integrity is built-in, and this option does not need to be set. | `sha`   |
+ 
+?? Pseudorandom function ??

pages/site-to-site-vpn/reference-content/assets/scaleway-vpn-one-tunnel-one-type.webp

@@ -0,0 +1,47 @@
+---
+meta:
+  title: Understanding Site-to-Site VPN statuses
+  description: Find out what the different possible statuses of your Site-to-Site VPN gateways and connections mean, and how to take action based on these statuses when necessary.
+content:
+  h1: Understanding Site-to-Site VPN statuses
+  paragraph: Find out what the different possible statuses of your Site-to-Site VPN gateways and connections mean, and how to take action based on these statuses when necessary.
+tags: vpn gateway customer remote connection status
+categories: 
+  - site-to-site-vpn
+  - network
+dates:
+  validation: 2025-06-03
+  posted: 2025-06-03
+---
+
+<Message type="note">
+Site-to-Site VPN is currently in Private Beta, and available to selected testers only via the Scaleway API. [Request an invitation](https://www.scaleway.com/en/betas/#site-to-site-vpn).
+</Message>
+
+## VPN gateway statuses
+
+An VPN gateway always has a **status**, which can be retrieved via the API using the **Get a VPN gateway** call.
+
+This section explains the different statuses possible for a VPN gateway, and how to understand them.
+
+| **Status**             | **Description**                         | 
+|------------------------|-----------------------------------------|
+| **Provisioning**       | The **create** action has been triggered, and Scaleway is provisioning the gateway. This status should be momentary: if it persists, contact support. |
+| **Active**             | The VPN gateway has been created successfully, and is now operational. |
+| **Failed**             | Scaleway was unable to create the VPN gateway. Wait a few seconds and refresh to check the status does not change. If the problem persists, contact support. |
+| **Configuring**        | The gateway is configuring and is in a transient state. No user actions can be carried out. This status generally occurs while a new configuration is being applied, e.g. you have modified its settings. This status should be momentary: if it persists, contact support. |
+| **Locked**             | The gateway has been locked by the Trust and Safety team. You cannot carry out any actions on the gateway. Open a support ticket. |
+| **Deprovisioning**     |The **delete** action has been triggered, and Scaleway is deprovisioning the gateway. This status should be momentary: if it persists, contact support. |
+
+## Connection statuses
+
+A Site-to-Site VPN connection also always has a **status**, separate to that of the VPN gateway which can be retrieved via the API using the **Get a connection** call.
+
+This section explains the different statuses possible for a connection, and how to understand them.
+
+| **Status**             | **Description**                         | 
+|------------------------|-----------------------------------------|
+| **Active**             | The connection has been created, and the BGP session(s) between the two gateways are both up. Traffic can flow through the connection's tunnel(s). |
+| **Limited connectivity**   | The connection has been created, but IP connectivity is limited. This may be the case if the connection is configured to route both IPv4 and IPv6 traffic, but only one of the two associated BGP sessions is up. |
+| **Down**       | The connection has been created, but either a) the customer gateway device is not yet successfully configured and the tunnel(s) cannot be established, or b) no BGP sessions (neither IPv4 not IPv6) are up, and without route announcements no traffic can flow through the tunnel.|
+| **Locked**             | The connection has been locked by the Trust and Safety team. You cannot carry out any actions on the connection. Open a support ticket. |