fix(pgw): add more troubleshooting (#3862)

* fix(pgw): add more troubleshooting

* Apply suggestions from code review

Co-authored-by: Benedikt Rollik <[email protected]>

* Update compute/instances/troubleshooting/cant-connect-ssh.mdx

---------

Co-authored-by: Benedikt Rollik <[email protected]>

Author: 2 people

compute/instances/troubleshooting/cant-connect-ssh.mdx

@@ -133,4 +133,8 @@ You must upload the content of the public part of the SSH key pair to the Scalew
   If you have any difficulties connecting to an Instance after uploading a new public SSH key to your Project, try the following:
     - If you cannot connect to your Instance at all via SSH, reboot your Instance from the console and try again.
     - If you can connect to your Instance using a previously uploaded SSH key but not the new one, go ahead and connect to your Instance with the old key. Once connected, run the `scw-fetch-ssh-keys --upgrade` command, which launches a script on your Instance to update your SSH keys. You can then check that the new key has been added to the `authorized_keys` file (`~/.ssh/authorized_keys`). Note that this command works only for Instances.
-</Message>
+</Message>
+
+## Timeout when trying to connect
+
+You may find the SSH connection attempt times out without connecting. This may be expected behavior if the Instance is attached to a Private Network on which there is also a Public Gateway advertising the default route. See our [dedicated troubleshooting](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/) page for more help with this issue.

network/public-gateways/concepts.mdx

@@ -18,6 +18,10 @@ The Public Gateway can advertise a default route to resources on an attached Pri
 
 You can choose to activate the advertisement of the default route when attaching a Private Network to a Public Gateway. The default route is propagated through DHCP.
 
+<Message type="important">
+After activating the default route, all outbound and inbound traffic for resources attached to the Private Network is directed through the Public Gateway. This includes SSH traffic destined for Instances, which means you will need to [manage SSH connections differently](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/).
+</Message>
+
 ## DHCP
 
 DHCP was previously a functionality of Scaleway Public Gateways, but has now been moved and is integrated directly into Private Networks. [Read more about DHCP on Private Networks](/network/vpc/concepts#dhcp).

network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway.mdx

@@ -1,24 +1,29 @@
 ---
 meta:
-  title: I cannot connect to my Instance using SSH after attaching it to a Private Network which has a Public Gateway
+  title: I cannot connect to my Instance using SSH after attaching it to a Private Network with a Public Gateway
   description: This page explains how troubleshoot connection problems after attaching an Instance to a Private Network which has a Public Gateway
 content:
-  h1: I cannot connect to my Instance using SSH after attaching it to a Private Network which has a Public Gateway
+  h1: I cannot connect to my Instance using SSH after attaching it to a Private Network with a Public Gateway
   paragraph: This page explains how troubleshoot connection problems after attaching an Instance to a Private Network which has a Public Gateway
 tags: troubleshoot error private-network private network vpc public-gateway
 dates:
-  validation: 2024-05-24
+  validation: 2024-10-21
   posted: 2021-05-26
 categories:
   - network
 ---
 
-<Macro id="requirements" />
+If you are having trouble [connecting to your Instance via SSH](/compute/instances/how-to/connect-to-instance/), when the Instance is attached to a Private Network which also has an attached Public Gateway, read on for help and solutions.
 
-- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+The action to take depends on whether:
 
-The action to take depends on whether the Private Network(s) your Instance is on have DHCP enabled, and whether your Public Gateway is set to advertise a default route (true by default).
+- The Private Network(s) attached to your Instance have [DHCP enabled](/network/vpc/how-to/activate-dhcp/), and 
+- Your Public Gateway is set to [advertise a default route](/network/public-gateways/concepts/#default-route) (true by default).
 
-If it is not the case, disconnect the Instance from the Private Network, as there may be other factors impacting your Instance, like one of your Instances running a DHCP server.
+If the above two conditions are not true, there may be other factors impacting your Instance, like one of your Instances running a DHCP server. Try disconnecting and reconnecting the Instance from the Private Network. 
 
-If DHCP is activated and your Public Gateway is set to advertise a default route, this is expected behavior as all the traffic towards your Instance now goes through the Public Gateway. To access your Instance using SSH, first create a static NAT association between a port of your Public Gateway (eg 2222) and the private IP assigned to your Instance, on the SSH port (22 by default). Then, SSH to the Public Gateway's IP on port 2222.
+If DHCP **is** activated and your Public Gateway **is** set to advertise a default route, not being able to connect to your Instance via SSH is **expected behavior**. All the traffic towards your Instance now goes through the Public Gateway. 
+
+To access your Instance using SSH, either:
+- Use [SSH bastion](/network/public-gateways/how-to/use-ssh-bastion/), or
+- Create a static NAT association between a port of your Public Gateway (eg 2222) and the private IP assigned to your Instance, on the SSH port (22 by default). Then, SSH to the Public Gateway's IP on port 2222.