Skip to main content

Site-to-Site VPN

Learn about the CoreWeave Site-to-Site VPN Server.


In cases where infrastructure is hosted across different Cloud platforms or on a mix of on-premise infrastructure and Cloud platform infrastructure, but both need to be able to communicate with one another, Site-to-Site VPNs are leveraged for networking across platforms.


On CoreWeave Cloud, Site-to-Site VPNs are provided by instantiating a Virtual VPN in a Layer 2 VPC (L2VPC). Each workload that requires access to the Site-to-Site VPN should be placed in the VPC in addition to the regular CoreWeave network.

CoreWeave provides guides for setup and usage both on CoreWeave Cloud as well as other Cloud platforms and firewalls.

Configurations must be completed for both sides of the Site-to-Site VPN.

Learn more in our Cloud-specific endpoint configuration examples:


The IPSec VPN that CoreWeave uses has been benchmarked to over 4Gbps (with proposalaes128gcm16-sha256-modp2048). Most enterprise on-premise firewalls and Cloud firewalls on other Cloud providers are rarely rated over 1Gbps of IPSec performance!

Basic IPSec VPN usage

After initial installation, VPN status and troubleshooting can be conducting by accessing the VPN Gateway directly.

To get the current status of your VPN tunnel, you will need to SSH into the VPN server on its VPC IP, or attach to the console.

sudo ipsec statusallDisplay information about your tunnel(s).
sudo ipsec restartRestart the IPSec service.

Updating VPN configuration

After changes have been made to your VPN configuration via the CoreWeave Cloud UI, the VPN server must be restarted for the new configuration to take effect.

virtctl restart vpn02


To troubleshoot your connection, first issue sudo ipsec status.

The output should be similar to:

vpn02[1]: CONNECTING,[%any]...[%any]
Additional Resources

Additional information can be found in the strongSwan documentation.