diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-create-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-create-usage.golden
new file mode 100644
index 0000000000..9bc3944a35
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-create-usage.golden
@@ -0,0 +1,38 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Create a connection.
+
+USAGE:
+  scw s2s-vpn connection create [arg=value ...]
+
+ARGS:
+  [project-id]                          Project ID to use. If none is passed the default project ID will be used
+  name                                  Name of the connection
+  [tags.{index}]                        List of tags to apply to the connection
+  [is-ipv6]                             Defines IP version of the IPSec Tunnel
+  initiation-policy                     Who initiates the IPsec tunnel (unknown_initiation_policy | vpn_gateway | customer_gateway)
+  [ikev2-ciphers.{index}.encryption]     (unknown_encryption | aes128 | aes192 | aes256 | aes128gcm | aes192gcm | aes256gcm | aes128ccm | aes256ccm | chacha20poly1305)
+  [ikev2-ciphers.{index}.integrity]      (unknown_integrity | sha256 | sha384 | sha512)
+  [ikev2-ciphers.{index}.dh-group]       (unknown_dhgroup | modp2048 | modp3072 | modp4096 | ecp256 | ecp384 | ecp521 | curve25519)
+  [esp-ciphers.{index}.encryption]       (unknown_encryption | aes128 | aes192 | aes256 | aes128gcm | aes192gcm | aes256gcm | aes128ccm | aes256ccm | chacha20poly1305)
+  [esp-ciphers.{index}.integrity]        (unknown_integrity | sha256 | sha384 | sha512)
+  [esp-ciphers.{index}.dh-group]         (unknown_dhgroup | modp2048 | modp3072 | modp4096 | ecp256 | ecp384 | ecp521 | curve25519)
+  [enable-route-propagation]            Defines whether route propagation is enabled or not.
+  vpn-gateway-id                        ID of the VPN gateway to attach to the connection
+  customer-gateway-id                   ID of the customer gateway to attach to the connection
+  [bgp-config-ipv4.routing-policy-id]   
+  [bgp-config-ipv4.private-ip]          
+  [bgp-config-ipv4.peer-private-ip]     
+  [bgp-config-ipv6.routing-policy-id]   
+  [bgp-config-ipv6.private-ip]          
+  [bgp-config-ipv6.peer-private-ip]     
+  [region=fr-par]                       Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for create
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-delete-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-delete-usage.golden
new file mode 100644
index 0000000000..608d5a9efc
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-delete-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Delete an existing connection, specified by its connection ID.
+
+USAGE:
+  scw s2s-vpn connection delete <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id     ID of the connection to delete
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for delete
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-detach-routing-policy-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-detach-routing-policy-usage.golden
new file mode 100644
index 0000000000..3e53c83a70
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-detach-routing-policy-usage.golden
@@ -0,0 +1,21 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Detach an existing routing policy from a connection, specified by its connection ID.
+
+USAGE:
+  scw s2s-vpn connection detach-routing-policy <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id         ID of the connection from which routing policy is being detached
+  [routing-policy-v4]   ID of the routing policy to detach from the BGP IPv4 session
+  [routing-policy-v6]   ID of the routing policy to detach from the BGP IPv6 session
+  [region=fr-par]       Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for detach-routing-policy
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-disable-route-propagation-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-disable-route-propagation-usage.golden
new file mode 100644
index 0000000000..00a48143c6
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-disable-route-propagation-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Prevent any prefixes from being announced in the BGP session. Traffic will not be able to flow over the VPN Gateway until route propagation is re-enabled.
+
+USAGE:
+  scw s2s-vpn connection disable-route-propagation <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id     ID of the connection on which to disable route propagation
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for disable-route-propagation
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-enable-route-propagation-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-enable-route-propagation-usage.golden
new file mode 100644
index 0000000000..80c1c00351
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-enable-route-propagation-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Enable all allowed prefixes (defined in a routing policy) to be announced in the BGP session. This allows traffic to flow between the attached VPC and the on-premises infrastructure along the announced routes. Note that by default, even when route propagation is enabled, all routes are blocked. It is essential to attach a routing policy to define the ranges of routes to announce.
+
+USAGE:
+  scw s2s-vpn connection enable-route-propagation <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id     ID of the connection on which to enable route propagation
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for enable-route-propagation
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-get-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-get-usage.golden
new file mode 100644
index 0000000000..acfee7db17
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-get-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Get a connection for the given connection ID. The response object includes information about the connection's various configuration details.
+
+USAGE:
+  scw s2s-vpn connection get <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id     ID of the requested connection
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-list-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-list-usage.golden
new file mode 100644
index 0000000000..344393b5c7
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-list-usage.golden
@@ -0,0 +1,28 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+List all your connections. A number of filters are available, including Project ID, name, tags and status.
+
+USAGE:
+  scw s2s-vpn connection list [arg=value ...]
+
+ARGS:
+  [order-by]                       Order in which to return results (created_at_asc | created_at_desc | name_asc | name_desc | status_asc | status_desc)
+  [project-id]                     Project ID to filter for
+  [name]                           Connection name to filter for
+  [tags.{index}]                   Tags to filter for
+  [statuses.{index}]               Connection statuses to filter for (unknown_status | active | limited_connectivity | down | locked)
+  [is-ipv6]                        Filter connections with IP version of IPSec tunnel
+  [routing-policy-ids.{index}]     Filter for connections using these routing policies
+  [route-propagation-enabled]      Filter for connections with route propagation enabled
+  [vpn-gateway-ids.{index}]        Filter for connections attached to these VPN gateways
+  [customer-gateway-ids.{index}]   Filter for connections attached to these customer gateways
+  [region=fr-par]                  Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-renew-psk-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-renew-psk-usage.golden
new file mode 100644
index 0000000000..8e0622ad6b
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-renew-psk-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Renew pre-shared key for a given connection.
+
+USAGE:
+  scw s2s-vpn connection renew-psk <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id     ID of the connection to renew the PSK
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for renew-psk
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-set-routing-policy-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-set-routing-policy-usage.golden
new file mode 100644
index 0000000000..d2a811b831
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-set-routing-policy-usage.golden
@@ -0,0 +1,21 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Set a new routing policy on a connection, overriding the existing one if present, specified by its connection ID.
+
+USAGE:
+  scw s2s-vpn connection set-routing-policy <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id         ID of the connection whose routing policy is being updated
+  [routing-policy-v4]   ID of the routing policy to set for the BGP IPv4 session
+  [routing-policy-v6]   ID of the routing policy to set for the BGP IPv6 session
+  [region=fr-par]       Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for set-routing-policy
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-update-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-update-usage.golden
new file mode 100644
index 0000000000..67bffe1402
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-update-usage.golden
@@ -0,0 +1,28 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Update an existing connection, specified by its connection ID.
+
+USAGE:
+  scw s2s-vpn connection update <connection-id ...> [arg=value ...]
+
+ARGS:
+  connection-id                        ID of the connection to update
+  [name]                               Name of the connection
+  [tags.{index}]                       List of tags to apply to the connection
+  [initiation-policy]                  Who initiates the IPsec tunnel (unknown_initiation_policy | vpn_gateway | customer_gateway)
+  [ikev2-ciphers.{index}.encryption]    (unknown_encryption | aes128 | aes192 | aes256 | aes128gcm | aes192gcm | aes256gcm | aes128ccm | aes256ccm | chacha20poly1305)
+  [ikev2-ciphers.{index}.integrity]     (unknown_integrity | sha256 | sha384 | sha512)
+  [ikev2-ciphers.{index}.dh-group]      (unknown_dhgroup | modp2048 | modp3072 | modp4096 | ecp256 | ecp384 | ecp521 | curve25519)
+  [esp-ciphers.{index}.encryption]      (unknown_encryption | aes128 | aes192 | aes256 | aes128gcm | aes192gcm | aes256gcm | aes128ccm | aes256ccm | chacha20poly1305)
+  [esp-ciphers.{index}.integrity]       (unknown_integrity | sha256 | sha384 | sha512)
+  [esp-ciphers.{index}.dh-group]        (unknown_dhgroup | modp2048 | modp3072 | modp4096 | ecp256 | ecp384 | ecp521 | curve25519)
+  [region=fr-par]                      Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for update
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-usage.golden
new file mode 100644
index 0000000000..652ceb2f7d
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-connection-usage.golden
@@ -0,0 +1,29 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+A connection represents the IPsec tunnel between VPN gateway and customer gateway.
+
+USAGE:
+  scw s2s-vpn connection <command>
+
+AVAILABLE COMMANDS:
+  create                    Create a connection
+  delete                    Delete a connection
+  detach-routing-policy     Detach a routing policy
+  disable-route-propagation Disable route propagation
+  enable-route-propagation  Enable route propagation
+  get                       Get a connection
+  list                      List connections
+  renew-psk                 Renew pre-shared key
+  set-routing-policy        Set a new routing policy
+  update                    Update a connection
+
+FLAGS:
+  -h, --help   help for connection
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn connection [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-create-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-create-usage.golden
new file mode 100644
index 0000000000..9a66ff9fc2
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-create-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Create a customer gateway.
+
+USAGE:
+  scw s2s-vpn customer-gateway create [arg=value ...]
+
+ARGS:
+  [project-id]      Project ID to use. If none is passed the default project ID will be used
+  name              Name of the customer gateway
+  [tags.{index}]    List of tags to apply to the customer gateway
+  [ipv4-public]     Public IPv4 address of the customer gateway
+  [ipv6-public]     Public IPv6 address of the customer gateway
+  asn               AS Number of the customer gateway
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for create
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-delete-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-delete-usage.golden
new file mode 100644
index 0000000000..cfbfb2bd93
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-delete-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Delete an existing customer gateway, specified by its customer gateway ID.
+
+USAGE:
+  scw s2s-vpn customer-gateway delete <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the customer gateway to delete
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for delete
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-get-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-get-usage.golden
new file mode 100644
index 0000000000..057f1ffcce
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-get-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Get a customer gateway for the given customer gateway ID.
+
+USAGE:
+  scw s2s-vpn customer-gateway get <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the requested customer gateway
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-list-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-list-usage.golden
new file mode 100644
index 0000000000..28c647c174
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-list-usage.golden
@@ -0,0 +1,22 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+List all your customer gateways. A number of filters are available, including Project ID, name, and tags.
+
+USAGE:
+  scw s2s-vpn customer-gateway list [arg=value ...]
+
+ARGS:
+  [order-by]        Order in which to return results (created_at_asc | created_at_desc | name_asc | name_desc)
+  [project-id]      Project ID to filter for
+  [name]            Customer gateway name to filter for
+  [tags.{index}]    Tags to filter for
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-update-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-update-usage.golden
new file mode 100644
index 0000000000..7402d3c624
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-update-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Update an existing customer gateway, specified by its customer gateway ID. You can update its name, tags, public IPv4 & IPv6 address and AS Number.
+
+USAGE:
+  scw s2s-vpn customer-gateway update <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the customer gateway to update
+  [name]            Name of the customer gateway
+  [tags.{index}]    List of tags to apply to the customer gateway
+  [ipv4-public]     Public IPv4 address of the customer gateway
+  [ipv6-public]     Public IPv6 address of the customer gateway
+  [asn]             AS Number of the customer gateway
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for update
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-usage.golden
new file mode 100644
index 0000000000..2514634a5d
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-customer-gateway-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.
+
+USAGE:
+  scw s2s-vpn customer-gateway <command>
+
+AVAILABLE COMMANDS:
+  create      Create a customer gateway
+  delete      Delete a customer gateway
+  get         Get a customer gateway
+  list        List customer gateways
+  update      Update a customer gateway
+
+FLAGS:
+  -h, --help   help for customer-gateway
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn customer-gateway [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-create-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-create-usage.golden
new file mode 100644
index 0000000000..9d0f044794
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-create-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Create a routing policy. Routing policies allow you to set IP prefix filters to define the incoming route announcements to accept from the customer gateway, and the outgoing routes to announce to the customer gateway.
+
+USAGE:
+  scw s2s-vpn routing-policy create [arg=value ...]
+
+ARGS:
+  [project-id]                  Project ID to use. If none is passed the default project ID will be used
+  name                          Name of the routing policy
+  [tags.{index}]                List of tags to apply to the routing policy
+  [is-ipv6]                     IP prefixes version of the routing policy
+  [prefix-filter-in.{index}]    IP prefixes to accept from the peer (ranges of route announcements to accept)
+  [prefix-filter-out.{index}]   IP prefix filters to advertise to the peer (ranges of routes to advertise)
+  [region=fr-par]               Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for create
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-delete-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-delete-usage.golden
new file mode 100644
index 0000000000..d9e13ff3ce
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-delete-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Delete an existing routing policy, specified by its routing policy ID.
+
+USAGE:
+  scw s2s-vpn routing-policy delete <routing-policy-id ...> [arg=value ...]
+
+ARGS:
+  routing-policy-id   ID of the routing policy to delete
+  [region=fr-par]     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for delete
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-get-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-get-usage.golden
new file mode 100644
index 0000000000..0e33442b48
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-get-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Get a routing policy for the given routing policy ID. The response object gives information including the policy's name, tags and prefix filters.
+
+USAGE:
+  scw s2s-vpn routing-policy get <routing-policy-id ...> [arg=value ...]
+
+ARGS:
+  routing-policy-id   ID of the routing policy to get
+  [region=fr-par]     Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-list-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-list-usage.golden
new file mode 100644
index 0000000000..9c6ec7ab2c
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-list-usage.golden
@@ -0,0 +1,23 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+List all routing policies in a given region. A routing policy can be attached to one or multiple connections (S2S VPN connections).
+
+USAGE:
+  scw s2s-vpn routing-policy list [arg=value ...]
+
+ARGS:
+  [order-by]        Order in which to return results (created_at_asc | created_at_desc | name_asc | name_desc)
+  [project-id]      Project ID to filter for
+  [name]            Routing policy name to filter for
+  [tags.{index}]    Tags to filter for
+  [ipv6]            Filter for the routing policies based on IP prefixes version
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-update-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-update-usage.golden
new file mode 100644
index 0000000000..3d1e852358
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-update-usage.golden
@@ -0,0 +1,23 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Update an existing routing policy, specified by its routing policy ID. Its name, tags and incoming/outgoing prefix filters can be updated.
+
+USAGE:
+  scw s2s-vpn routing-policy update <routing-policy-id ...> [arg=value ...]
+
+ARGS:
+  routing-policy-id             ID of the routing policy to update
+  [name]                        Name of the routing policy
+  [tags.{index}]                List of tags to apply to the routing policy
+  [prefix-filter-in.{index}]    IP prefixes to accept from the peer (ranges of route announcements to accept)
+  [prefix-filter-out.{index}]   IP prefix filters for routes to advertise to the peer (ranges of routes to advertise)
+  [region=fr-par]               Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for update
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-usage.golden
new file mode 100644
index 0000000000..03471bb875
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-routing-policy-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.
+
+USAGE:
+  scw s2s-vpn routing-policy <command>
+
+AVAILABLE COMMANDS:
+  create      Create a routing policy
+  delete      Delete a routing policy
+  get         Get routing policy
+  list        List routing policies
+  update      Update a routing policy
+
+FLAGS:
+  -h, --help   help for routing-policy
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn routing-policy [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-usage.golden
new file mode 100644
index 0000000000..ed87fd2790
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+This API allows you to manage your Site-to-Site VPN.
+
+USAGE:
+  scw s2s-vpn <command>
+
+AVAILABLE COMMANDS:
+  connection       A connection represents the IPsec tunnel between VPN gateway and customer gateway.
+  customer-gateway A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.
+  routing-policy   By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.
+  vpn-gateway      A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.
+  vpn-gateway-type VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.
+
+FLAGS:
+  -h, --help   help for s2s-vpn
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-create-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-create-usage.golden
new file mode 100644
index 0000000000..7f51099450
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-create-usage.golden
@@ -0,0 +1,28 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Create VPN gateway.
+
+USAGE:
+  scw s2s-vpn vpn-gateway create [arg=value ...]
+
+ARGS:
+  [project-id]                   Project ID to use. If none is passed the default project ID will be used
+  name                           Name of the VPN gateway
+  [tags.{index}]                 List of tags to apply to the VPN gateway
+  gateway-type                   VPN gateway type (commercial offer type)
+  [public-config.ipam-ipv4-id]   
+  [public-config.ipam-ipv6-id]   
+  private-network-id             ID of the Private Network to attach to the VPN gateway
+  [ipam-private-ipv4-id]         ID of the IPAM private IPv4 address to attach to the VPN gateway
+  [ipam-private-ipv6-id]         ID of the IPAM private IPv6 address to attach to the VPN gateway
+  [zone]                         Availability Zone where the VPN gateway should be provisioned. If no zone is specified, the VPN gateway will be automatically placed.
+  [region=fr-par]                Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for create
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-delete-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-delete-usage.golden
new file mode 100644
index 0000000000..d4dae1419b
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-delete-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Delete an existing VPN gateway, specified by its VPN gateway ID.
+
+USAGE:
+  scw s2s-vpn vpn-gateway delete <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the VPN gateway to delete
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for delete
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-get-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-get-usage.golden
new file mode 100644
index 0000000000..b525f01209
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-get-usage.golden
@@ -0,0 +1,19 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Get a VPN gateway for the given VPN gateway ID.
+
+USAGE:
+  scw s2s-vpn vpn-gateway get <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the requested VPN gateway
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-list-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-list-usage.golden
new file mode 100644
index 0000000000..2c7056b33d
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-list-usage.golden
@@ -0,0 +1,25 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+List all your VPN gateways. A number of filters are available, including Project ID, name, tags and status.
+
+USAGE:
+  scw s2s-vpn vpn-gateway list [arg=value ...]
+
+ARGS:
+  [order-by]                      Order in which to return results (created_at_asc | created_at_desc | name_asc | name_desc | type_asc | type_desc | status_asc | status_desc)
+  [project-id]                    Project ID to filter for
+  [name]                          VPN gateway name to filter for
+  [tags.{index}]                  Tags to filter for
+  [statuses.{index}]              VPN gateway statuses to filter for (unknown_status | configuring | failed | provisioning | active | deprovisioning | locked)
+  [gateway-types.{index}]         Filter for VPN gateways of these types
+  [private-network-ids.{index}]   Filter for VPN gateways attached to these private networks
+  [region=fr-par]                 Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-list-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-list-usage.golden
new file mode 100644
index 0000000000..fd7a73b719
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-list-usage.golden
@@ -0,0 +1,18 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+List the different VPN gateway commercial offer types available at Scaleway. The response is an array of objects describing the name and technical details of each available VPN gateway type.
+
+USAGE:
+  scw s2s-vpn vpn-gateway-type list [arg=value ...]
+
+ARGS:
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all)
+
+FLAGS:
+  -h, --help   help for list
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-usage.golden
new file mode 100644
index 0000000000..f66aae0fc4
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-type-usage.golden
@@ -0,0 +1,20 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.
+
+USAGE:
+  scw s2s-vpn vpn-gateway-type <command>
+
+AVAILABLE COMMANDS:
+  list        List VPN gateway types
+
+FLAGS:
+  -h, --help   help for vpn-gateway-type
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn vpn-gateway-type [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-update-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-update-usage.golden
new file mode 100644
index 0000000000..d4aaeca4b9
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-update-usage.golden
@@ -0,0 +1,21 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Update an existing VPN gateway, specified by its VPN gateway ID. Only its name and tags can be updated.
+
+USAGE:
+  scw s2s-vpn vpn-gateway update <gateway-id ...> [arg=value ...]
+
+ARGS:
+  gateway-id        ID of the VPN gateway to update
+  [name]            Name of the VPN gateway
+  [tags.{index}]    List of tags to apply to the VPN Gateway
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for update
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
diff --git a/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-usage.golden b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-usage.golden
new file mode 100644
index 0000000000..3b555da0d2
--- /dev/null
+++ b/cmd/scw/testdata/test-all-usage-s2s-vpn-vpn-gateway-usage.golden
@@ -0,0 +1,24 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.
+
+USAGE:
+  scw s2s-vpn vpn-gateway <command>
+
+AVAILABLE COMMANDS:
+  create      Create VPN gateway
+  delete      Delete a VPN gateway
+  get         Get a VPN gateway
+  list        List VPN gateways
+  update      Update a VPN gateway
+
+FLAGS:
+  -h, --help   help for vpn-gateway
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use
+
+Use "scw s2s-vpn vpn-gateway [command] --help" for more information about a command.
diff --git a/cmd/scw/testdata/test-main-usage-usage.golden b/cmd/scw/testdata/test-main-usage-usage.golden
index 06efce5ab6..c05daf87c3 100644
--- a/cmd/scw/testdata/test-main-usage-usage.golden
+++ b/cmd/scw/testdata/test-main-usage-usage.golden
@@ -53,6 +53,7 @@ NETWORK COMMANDS:
   interlink     This API allows you to manage your InterLink services
   ipam          This API allows you to manage your Scaleway IP addresses with our IP Address Management tool
   lb            This API allows you to manage your Scaleway Load Balancer services
+  s2s-vpn       This API allows you to manage your Site-to-Site VPN
   vpc           This API allows you to manage your Virtual Private Clouds (VPCs) and Private Networks
   vpc-gw        This API allows you to manage your Public Gateways
 
diff --git a/commands/commands.go b/commands/commands.go
index 6b27036253..85e87766fc 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -43,6 +43,7 @@ import (
 	"github.com/scaleway/scaleway-cli/v2/internal/namespaces/rdb/v1"
 	"github.com/scaleway/scaleway-cli/v2/internal/namespaces/redis/v1"
 	"github.com/scaleway/scaleway-cli/v2/internal/namespaces/registry/v1"
+	s2s_vpn "github.com/scaleway/scaleway-cli/v2/internal/namespaces/s2s_vpn/v1alpha1"
 	secret "github.com/scaleway/scaleway-cli/v2/internal/namespaces/secret/v1beta1"
 	serverless_sqldb "github.com/scaleway/scaleway-cli/v2/internal/namespaces/serverless_sqldb/v1alpha1"
 	"github.com/scaleway/scaleway-cli/v2/internal/namespaces/shell"
@@ -112,6 +113,7 @@ func GetCommands() *core.Commands {
 		mongodb.GetCommands(),
 		audit_trail.GetCommands(),
 		interlink.GetCommands(),
+		s2s_vpn.GetCommands(),
 	)
 
 	if beta {
diff --git a/docs/commands/s2s-vpn.md b/docs/commands/s2s-vpn.md
new file mode 100644
index 0000000000..4289ff6755
--- /dev/null
+++ b/docs/commands/s2s-vpn.md
@@ -0,0 +1,665 @@
+<!-- DO NOT EDIT: this file is automatically generated using scw-doc-gen -->
+# Documentation for `scw s2s-vpn`
+This API allows you to manage your Site-to-Site VPN.
+  
+- [A connection represents the IPsec tunnel between VPN gateway and customer gateway.](#a-connection-represents-the-ipsec-tunnel-between-vpn-gateway-and-customer-gateway.)
+  - [Create a connection](#create-a-connection)
+  - [Delete a connection](#delete-a-connection)
+  - [Detach a routing policy](#detach-a-routing-policy)
+  - [Disable route propagation](#disable-route-propagation)
+  - [Enable route propagation](#enable-route-propagation)
+  - [Get a connection](#get-a-connection)
+  - [List connections](#list-connections)
+  - [Renew pre-shared key](#renew-pre-shared-key)
+  - [Set a new routing policy](#set-a-new-routing-policy)
+  - [Update a connection](#update-a-connection)
+- [A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.](#a-customer-gateway-represents-a-scaleway-client's-device-that-communicates-with-a-vpn-gateway.)
+  - [Create a customer gateway](#create-a-customer-gateway)
+  - [Delete a customer gateway](#delete-a-customer-gateway)
+  - [Get a customer gateway](#get-a-customer-gateway)
+  - [List customer gateways](#list-customer-gateways)
+  - [Update a customer gateway](#update-a-customer-gateway)
+- [By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.](#by-default,-all-routes-across-the-site-to-site-vpn-(between-vpn-gateway-and-customer-gateway)-are-blocked.-routing-policies-allow-you-to-set-filters-to-define-the-ip-prefixes-to-allow.)
+  - [Create a routing policy](#create-a-routing-policy)
+  - [Delete a routing policy](#delete-a-routing-policy)
+  - [Get routing policy](#get-routing-policy)
+  - [List routing policies](#list-routing-policies)
+  - [Update a routing policy](#update-a-routing-policy)
+- [A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.](#a-vpn-gateway-is-an-ipsec-peer-managed-by-scaleway.-it-can-support-multiple-connections-to-customer-gateways.)
+  - [Create VPN gateway](#create-vpn-gateway)
+  - [Delete a VPN gateway](#delete-a-vpn-gateway)
+  - [Get a VPN gateway](#get-a-vpn-gateway)
+  - [List VPN gateways](#list-vpn-gateways)
+  - [Update a VPN gateway](#update-a-vpn-gateway)
+- [VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.](#vpn-gateways-come-in-various-shapes,-sizes-and-prices,-which-are--described-by-vpn-gateway-types.-they-represent-the-different-commercial--offer-types-for-vpn-gateways-available-at-scaleway.)
+  - [List VPN gateway types](#list-vpn-gateway-types)
+
+  
+## A connection represents the IPsec tunnel between VPN gateway and customer gateway.
+
+A connection represents the IPsec tunnel between VPN gateway and customer gateway.
+
+
+### Create a connection
+
+Create a connection.
+
+**Usage:**
+
+```
+scw s2s-vpn connection create [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| project-id |  | Project ID to use. If none is passed the default project ID will be used |
+| name | Required | Name of the connection |
+| tags.{index} |  | List of tags to apply to the connection |
+| is-ipv6 |  | Defines IP version of the IPSec Tunnel |
+| initiation-policy | Required<br />One of: `unknown_initiation_policy`, `vpn_gateway`, `customer_gateway` | Who initiates the IPsec tunnel |
+| ikev2-ciphers.{index}.encryption | One of: `unknown_encryption`, `aes128`, `aes192`, `aes256`, `aes128gcm`, `aes192gcm`, `aes256gcm`, `aes128ccm`, `aes256ccm`, `chacha20poly1305` |  |
+| ikev2-ciphers.{index}.integrity | One of: `unknown_integrity`, `sha256`, `sha384`, `sha512` |  |
+| ikev2-ciphers.{index}.dh-group | One of: `unknown_dhgroup`, `modp2048`, `modp3072`, `modp4096`, `ecp256`, `ecp384`, `ecp521`, `curve25519` |  |
+| esp-ciphers.{index}.encryption | One of: `unknown_encryption`, `aes128`, `aes192`, `aes256`, `aes128gcm`, `aes192gcm`, `aes256gcm`, `aes128ccm`, `aes256ccm`, `chacha20poly1305` |  |
+| esp-ciphers.{index}.integrity | One of: `unknown_integrity`, `sha256`, `sha384`, `sha512` |  |
+| esp-ciphers.{index}.dh-group | One of: `unknown_dhgroup`, `modp2048`, `modp3072`, `modp4096`, `ecp256`, `ecp384`, `ecp521`, `curve25519` |  |
+| enable-route-propagation |  | Defines whether route propagation is enabled or not. |
+| vpn-gateway-id | Required | ID of the VPN gateway to attach to the connection |
+| customer-gateway-id | Required | ID of the customer gateway to attach to the connection |
+| bgp-config-ipv4.routing-policy-id |  |  |
+| bgp-config-ipv4.private-ip |  |  |
+| bgp-config-ipv4.peer-private-ip |  |  |
+| bgp-config-ipv6.routing-policy-id |  |  |
+| bgp-config-ipv6.private-ip |  |  |
+| bgp-config-ipv6.peer-private-ip |  |  |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Delete a connection
+
+Delete an existing connection, specified by its connection ID.
+
+**Usage:**
+
+```
+scw s2s-vpn connection delete <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection to delete |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Detach a routing policy
+
+Detach an existing routing policy from a connection, specified by its connection ID.
+
+**Usage:**
+
+```
+scw s2s-vpn connection detach-routing-policy <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection from which routing policy is being detached |
+| routing-policy-v4 |  | ID of the routing policy to detach from the BGP IPv4 session |
+| routing-policy-v6 |  | ID of the routing policy to detach from the BGP IPv6 session |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Disable route propagation
+
+Prevent any prefixes from being announced in the BGP session. Traffic will not be able to flow over the VPN Gateway until route propagation is re-enabled.
+
+**Usage:**
+
+```
+scw s2s-vpn connection disable-route-propagation <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection on which to disable route propagation |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Enable route propagation
+
+Enable all allowed prefixes (defined in a routing policy) to be announced in the BGP session. This allows traffic to flow between the attached VPC and the on-premises infrastructure along the announced routes. Note that by default, even when route propagation is enabled, all routes are blocked. It is essential to attach a routing policy to define the ranges of routes to announce.
+
+**Usage:**
+
+```
+scw s2s-vpn connection enable-route-propagation <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection on which to enable route propagation |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Get a connection
+
+Get a connection for the given connection ID. The response object includes information about the connection's various configuration details.
+
+**Usage:**
+
+```
+scw s2s-vpn connection get <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the requested connection |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### List connections
+
+List all your connections. A number of filters are available, including Project ID, name, tags and status.
+
+**Usage:**
+
+```
+scw s2s-vpn connection list [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| order-by | One of: `created_at_asc`, `created_at_desc`, `name_asc`, `name_desc`, `status_asc`, `status_desc` | Order in which to return results |
+| project-id |  | Project ID to filter for |
+| name |  | Connection name to filter for |
+| tags.{index} |  | Tags to filter for |
+| statuses.{index} | One of: `unknown_status`, `active`, `limited_connectivity`, `down`, `locked` | Connection statuses to filter for |
+| is-ipv6 |  | Filter connections with IP version of IPSec tunnel |
+| routing-policy-ids.{index} |  | Filter for connections using these routing policies |
+| route-propagation-enabled |  | Filter for connections with route propagation enabled |
+| vpn-gateway-ids.{index} |  | Filter for connections attached to these VPN gateways |
+| customer-gateway-ids.{index} |  | Filter for connections attached to these customer gateways |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Renew pre-shared key
+
+Renew pre-shared key for a given connection.
+
+**Usage:**
+
+```
+scw s2s-vpn connection renew-psk <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection to renew the PSK |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Set a new routing policy
+
+Set a new routing policy on a connection, overriding the existing one if present, specified by its connection ID.
+
+**Usage:**
+
+```
+scw s2s-vpn connection set-routing-policy <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection whose routing policy is being updated |
+| routing-policy-v4 |  | ID of the routing policy to set for the BGP IPv4 session |
+| routing-policy-v6 |  | ID of the routing policy to set for the BGP IPv6 session |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Update a connection
+
+Update an existing connection, specified by its connection ID.
+
+**Usage:**
+
+```
+scw s2s-vpn connection update <connection-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| connection-id | Required | ID of the connection to update |
+| name |  | Name of the connection |
+| tags.{index} |  | List of tags to apply to the connection |
+| initiation-policy | One of: `unknown_initiation_policy`, `vpn_gateway`, `customer_gateway` | Who initiates the IPsec tunnel |
+| ikev2-ciphers.{index}.encryption | One of: `unknown_encryption`, `aes128`, `aes192`, `aes256`, `aes128gcm`, `aes192gcm`, `aes256gcm`, `aes128ccm`, `aes256ccm`, `chacha20poly1305` |  |
+| ikev2-ciphers.{index}.integrity | One of: `unknown_integrity`, `sha256`, `sha384`, `sha512` |  |
+| ikev2-ciphers.{index}.dh-group | One of: `unknown_dhgroup`, `modp2048`, `modp3072`, `modp4096`, `ecp256`, `ecp384`, `ecp521`, `curve25519` |  |
+| esp-ciphers.{index}.encryption | One of: `unknown_encryption`, `aes128`, `aes192`, `aes256`, `aes128gcm`, `aes192gcm`, `aes256gcm`, `aes128ccm`, `aes256ccm`, `chacha20poly1305` |  |
+| esp-ciphers.{index}.integrity | One of: `unknown_integrity`, `sha256`, `sha384`, `sha512` |  |
+| esp-ciphers.{index}.dh-group | One of: `unknown_dhgroup`, `modp2048`, `modp3072`, `modp4096`, `ecp256`, `ecp384`, `ecp521`, `curve25519` |  |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+## A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.
+
+A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.
+
+
+### Create a customer gateway
+
+Create a customer gateway.
+
+**Usage:**
+
+```
+scw s2s-vpn customer-gateway create [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| project-id |  | Project ID to use. If none is passed the default project ID will be used |
+| name | Required | Name of the customer gateway |
+| tags.{index} |  | List of tags to apply to the customer gateway |
+| ipv4-public |  | Public IPv4 address of the customer gateway |
+| ipv6-public |  | Public IPv6 address of the customer gateway |
+| asn | Required | AS Number of the customer gateway |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Delete a customer gateway
+
+Delete an existing customer gateway, specified by its customer gateway ID.
+
+**Usage:**
+
+```
+scw s2s-vpn customer-gateway delete <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the customer gateway to delete |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Get a customer gateway
+
+Get a customer gateway for the given customer gateway ID.
+
+**Usage:**
+
+```
+scw s2s-vpn customer-gateway get <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the requested customer gateway |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### List customer gateways
+
+List all your customer gateways. A number of filters are available, including Project ID, name, and tags.
+
+**Usage:**
+
+```
+scw s2s-vpn customer-gateway list [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| order-by | One of: `created_at_asc`, `created_at_desc`, `name_asc`, `name_desc` | Order in which to return results |
+| project-id |  | Project ID to filter for |
+| name |  | Customer gateway name to filter for |
+| tags.{index} |  | Tags to filter for |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Update a customer gateway
+
+Update an existing customer gateway, specified by its customer gateway ID. You can update its name, tags, public IPv4 & IPv6 address and AS Number.
+
+**Usage:**
+
+```
+scw s2s-vpn customer-gateway update <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the customer gateway to update |
+| name |  | Name of the customer gateway |
+| tags.{index} |  | List of tags to apply to the customer gateway |
+| ipv4-public |  | Public IPv4 address of the customer gateway |
+| ipv6-public |  | Public IPv6 address of the customer gateway |
+| asn |  | AS Number of the customer gateway |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+## By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.
+
+By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.
+
+
+### Create a routing policy
+
+Create a routing policy. Routing policies allow you to set IP prefix filters to define the incoming route announcements to accept from the customer gateway, and the outgoing routes to announce to the customer gateway.
+
+**Usage:**
+
+```
+scw s2s-vpn routing-policy create [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| project-id |  | Project ID to use. If none is passed the default project ID will be used |
+| name | Required | Name of the routing policy |
+| tags.{index} |  | List of tags to apply to the routing policy |
+| is-ipv6 |  | IP prefixes version of the routing policy |
+| prefix-filter-in.{index} |  | IP prefixes to accept from the peer (ranges of route announcements to accept) |
+| prefix-filter-out.{index} |  | IP prefix filters to advertise to the peer (ranges of routes to advertise) |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Delete a routing policy
+
+Delete an existing routing policy, specified by its routing policy ID.
+
+**Usage:**
+
+```
+scw s2s-vpn routing-policy delete <routing-policy-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| routing-policy-id | Required | ID of the routing policy to delete |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Get routing policy
+
+Get a routing policy for the given routing policy ID. The response object gives information including the policy's name, tags and prefix filters.
+
+**Usage:**
+
+```
+scw s2s-vpn routing-policy get <routing-policy-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| routing-policy-id | Required | ID of the routing policy to get |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### List routing policies
+
+List all routing policies in a given region. A routing policy can be attached to one or multiple connections (S2S VPN connections).
+
+**Usage:**
+
+```
+scw s2s-vpn routing-policy list [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| order-by | One of: `created_at_asc`, `created_at_desc`, `name_asc`, `name_desc` | Order in which to return results |
+| project-id |  | Project ID to filter for |
+| name |  | Routing policy name to filter for |
+| tags.{index} |  | Tags to filter for |
+| ipv6 |  | Filter for the routing policies based on IP prefixes version |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Update a routing policy
+
+Update an existing routing policy, specified by its routing policy ID. Its name, tags and incoming/outgoing prefix filters can be updated.
+
+**Usage:**
+
+```
+scw s2s-vpn routing-policy update <routing-policy-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| routing-policy-id | Required | ID of the routing policy to update |
+| name |  | Name of the routing policy |
+| tags.{index} |  | List of tags to apply to the routing policy |
+| prefix-filter-in.{index} |  | IP prefixes to accept from the peer (ranges of route announcements to accept) |
+| prefix-filter-out.{index} |  | IP prefix filters for routes to advertise to the peer (ranges of routes to advertise) |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+## A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.
+
+A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.
+
+
+### Create VPN gateway
+
+Create VPN gateway.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway create [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| project-id |  | Project ID to use. If none is passed the default project ID will be used |
+| name | Required | Name of the VPN gateway |
+| tags.{index} |  | List of tags to apply to the VPN gateway |
+| gateway-type | Required | VPN gateway type (commercial offer type) |
+| public-config.ipam-ipv4-id |  |  |
+| public-config.ipam-ipv6-id |  |  |
+| private-network-id | Required | ID of the Private Network to attach to the VPN gateway |
+| ipam-private-ipv4-id |  | ID of the IPAM private IPv4 address to attach to the VPN gateway |
+| ipam-private-ipv6-id |  | ID of the IPAM private IPv6 address to attach to the VPN gateway |
+| zone |  | Availability Zone where the VPN gateway should be provisioned. If no zone is specified, the VPN gateway will be automatically placed. |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Delete a VPN gateway
+
+Delete an existing VPN gateway, specified by its VPN gateway ID.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway delete <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the VPN gateway to delete |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Get a VPN gateway
+
+Get a VPN gateway for the given VPN gateway ID.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway get <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the requested VPN gateway |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### List VPN gateways
+
+List all your VPN gateways. A number of filters are available, including Project ID, name, tags and status.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway list [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| order-by | One of: `created_at_asc`, `created_at_desc`, `name_asc`, `name_desc`, `type_asc`, `type_desc`, `status_asc`, `status_desc` | Order in which to return results |
+| project-id |  | Project ID to filter for |
+| name |  | VPN gateway name to filter for |
+| tags.{index} |  | Tags to filter for |
+| statuses.{index} | One of: `unknown_status`, `configuring`, `failed`, `provisioning`, `active`, `deprovisioning`, `locked` | VPN gateway statuses to filter for |
+| gateway-types.{index} |  | Filter for VPN gateways of these types |
+| private-network-ids.{index} |  | Filter for VPN gateways attached to these private networks |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Update a VPN gateway
+
+Update an existing VPN gateway, specified by its VPN gateway ID. Only its name and tags can be updated.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway update <gateway-id ...> [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| gateway-id | Required | ID of the VPN gateway to update |
+| name |  | Name of the VPN gateway |
+| tags.{index} |  | List of tags to apply to the VPN Gateway |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+## VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.
+
+VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.
+
+
+### List VPN gateway types
+
+List the different VPN gateway commercial offer types available at Scaleway. The response is an array of objects describing the name and technical details of each available VPN gateway type.
+
+**Usage:**
+
+```
+scw s2s-vpn vpn-gateway-type list [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config |
+
+
+
diff --git a/internal/namespaces/s2s_vpn/v1alpha1/custom.go b/internal/namespaces/s2s_vpn/v1alpha1/custom.go
new file mode 100644
index 0000000000..abd6dc91af
--- /dev/null
+++ b/internal/namespaces/s2s_vpn/v1alpha1/custom.go
@@ -0,0 +1,11 @@
+package s2s_vpn
+
+import "github.com/scaleway/scaleway-cli/v2/core"
+
+func GetCommands() *core.Commands {
+	cmds := GetGeneratedCommands()
+
+	cmds.MustFind("s2s-vpn").Groups = []string{"network"}
+
+	return cmds
+}
diff --git a/internal/namespaces/s2s_vpn/v1alpha1/s2s_vpn_cli.go b/internal/namespaces/s2s_vpn/v1alpha1/s2s_vpn_cli.go
new file mode 100644
index 0000000000..ffb9e661ec
--- /dev/null
+++ b/internal/namespaces/s2s_vpn/v1alpha1/s2s_vpn_cli.go
@@ -0,0 +1,1768 @@
+// This file was automatically generated. DO NOT EDIT.
+// If you have any remark or suggestion do not hesitate to open an issue.
+
+package s2s_vpn
+
+import (
+	"context"
+	"reflect"
+
+	"github.com/scaleway/scaleway-cli/v2/core"
+	s2s_vpn "github.com/scaleway/scaleway-sdk-go/api/s2s_vpn/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+// always import dependencies
+var (
+	_ = scw.RegionFrPar
+)
+
+func GetGeneratedCommands() *core.Commands {
+	return core.NewCommands(
+		s2sVpnRoot(),
+		s2sVpnVpnGateway(),
+		s2sVpnVpnGatewayType(),
+		s2sVpnConnection(),
+		s2sVpnCustomerGateway(),
+		s2sVpnRoutingPolicy(),
+		s2sVpnVpnGatewayTypeList(),
+		s2sVpnVpnGatewayList(),
+		s2sVpnVpnGatewayGet(),
+		s2sVpnVpnGatewayCreate(),
+		s2sVpnVpnGatewayUpdate(),
+		s2sVpnVpnGatewayDelete(),
+		s2sVpnConnectionList(),
+		s2sVpnConnectionGet(),
+		s2sVpnConnectionCreate(),
+		s2sVpnConnectionUpdate(),
+		s2sVpnConnectionDelete(),
+		s2sVpnConnectionRenewPsk(),
+		s2sVpnConnectionSetRoutingPolicy(),
+		s2sVpnConnectionDetachRoutingPolicy(),
+		s2sVpnConnectionEnableRoutePropagation(),
+		s2sVpnConnectionDisableRoutePropagation(),
+		s2sVpnCustomerGatewayList(),
+		s2sVpnCustomerGatewayGet(),
+		s2sVpnCustomerGatewayCreate(),
+		s2sVpnCustomerGatewayUpdate(),
+		s2sVpnCustomerGatewayDelete(),
+		s2sVpnRoutingPolicyList(),
+		s2sVpnRoutingPolicyGet(),
+		s2sVpnRoutingPolicyCreate(),
+		s2sVpnRoutingPolicyUpdate(),
+		s2sVpnRoutingPolicyDelete(),
+	)
+}
+
+func s2sVpnRoot() *core.Command {
+	return &core.Command{
+		Short:     `This API allows you to manage your Site-to-Site VPN`,
+		Long:      `This API allows you to manage your Site-to-Site VPN.`,
+		Namespace: "s2s-vpn",
+	}
+}
+
+func s2sVpnVpnGateway() *core.Command {
+	return &core.Command{
+		Short:     `A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.`,
+		Long:      `A VPN gateway is an IPsec peer managed by Scaleway. It can support multiple connections to customer gateways.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+	}
+}
+
+func s2sVpnVpnGatewayType() *core.Command {
+	return &core.Command{
+		Short:     `VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.`,
+		Long:      `VPN gateways come in various shapes, sizes and prices, which are  described by VPN gateway types. They represent the different commercial  offer types for VPN gateways available at Scaleway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway-type",
+	}
+}
+
+func s2sVpnConnection() *core.Command {
+	return &core.Command{
+		Short:     `A connection represents the IPsec tunnel between VPN gateway and customer gateway.`,
+		Long:      `A connection represents the IPsec tunnel between VPN gateway and customer gateway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+	}
+}
+
+func s2sVpnCustomerGateway() *core.Command {
+	return &core.Command{
+		Short:     `A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.`,
+		Long:      `A customer gateway represents a Scaleway client's device that communicates with a VPN gateway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+	}
+}
+
+func s2sVpnRoutingPolicy() *core.Command {
+	return &core.Command{
+		Short:     `By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.`,
+		Long:      `By default, all routes across the Site-to-Site VPN (between VPN gateway and customer gateway) are blocked. Routing policies allow you to set filters to define the IP prefixes to allow.`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+	}
+}
+
+func s2sVpnVpnGatewayTypeList() *core.Command {
+	return &core.Command{
+		Short:     `List VPN gateway types`,
+		Long:      `List the different VPN gateway commercial offer types available at Scaleway. The response is an array of objects describing the name and technical details of each available VPN gateway type.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway-type",
+		Verb:      "list",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.ListVpnGatewayTypesRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+				scw.Region(core.AllLocalities),
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.ListVpnGatewayTypesRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			opts := []scw.RequestOption{scw.WithAllPages()}
+			if request.Region == scw.Region(core.AllLocalities) {
+				opts = append(opts, scw.WithRegions(api.Regions()...))
+				request.Region = ""
+			}
+			resp, err := api.ListVpnGatewayTypes(request, opts...)
+			if err != nil {
+				return nil, err
+			}
+
+			return resp.GatewayTypes, nil
+		},
+	}
+}
+
+func s2sVpnVpnGatewayList() *core.Command {
+	return &core.Command{
+		Short:     `List VPN gateways`,
+		Long:      `List all your VPN gateways. A number of filters are available, including Project ID, name, tags and status.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+		Verb:      "list",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.ListVpnGatewaysRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "order-by",
+				Short:      `Order in which to return results`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"created_at_asc",
+					"created_at_desc",
+					"name_asc",
+					"name_desc",
+					"type_asc",
+					"type_desc",
+					"status_asc",
+					"status_desc",
+				},
+			},
+			{
+				Name:       "project-id",
+				Short:      `Project ID to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "name",
+				Short:      `VPN gateway name to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `Tags to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "statuses.{index}",
+				Short:      `VPN gateway statuses to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_status",
+					"configuring",
+					"failed",
+					"provisioning",
+					"active",
+					"deprovisioning",
+					"locked",
+				},
+			},
+			{
+				Name:       "gateway-types.{index}",
+				Short:      `Filter for VPN gateways of these types`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "private-network-ids.{index}",
+				Short:      `Filter for VPN gateways attached to these private networks`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+				scw.Region(core.AllLocalities),
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.ListVpnGatewaysRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			opts := []scw.RequestOption{scw.WithAllPages()}
+			if request.Region == scw.Region(core.AllLocalities) {
+				opts = append(opts, scw.WithRegions(api.Regions()...))
+				request.Region = ""
+			}
+			resp, err := api.ListVpnGateways(request, opts...)
+			if err != nil {
+				return nil, err
+			}
+
+			return resp.Gateways, nil
+		},
+	}
+}
+
+func s2sVpnVpnGatewayGet() *core.Command {
+	return &core.Command{
+		Short:     `Get a VPN gateway`,
+		Long:      `Get a VPN gateway for the given VPN gateway ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+		Verb:      "get",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.GetVpnGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the requested VPN gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.GetVpnGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.GetVpnGateway(request)
+		},
+	}
+}
+
+func s2sVpnVpnGatewayCreate() *core.Command {
+	return &core.Command{
+		Short:     `Create VPN gateway`,
+		Long:      `Create VPN gateway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+		Verb:      "create",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.CreateVpnGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			core.ProjectIDArgSpec(),
+			{
+				Name:       "name",
+				Short:      `Name of the VPN gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the VPN gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "gateway-type",
+				Short:      `VPN gateway type (commercial offer type)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "public-config.ipam-ipv4-id",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "public-config.ipam-ipv6-id",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "private-network-id",
+				Short:      `ID of the Private Network to attach to the VPN gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipam-private-ipv4-id",
+				Short:      `ID of the IPAM private IPv4 address to attach to the VPN gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipam-private-ipv6-id",
+				Short:      `ID of the IPAM private IPv6 address to attach to the VPN gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "zone",
+				Short:      `Availability Zone where the VPN gateway should be provisioned. If no zone is specified, the VPN gateway will be automatically placed.`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.CreateVpnGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.CreateVpnGateway(request)
+		},
+	}
+}
+
+func s2sVpnVpnGatewayUpdate() *core.Command {
+	return &core.Command{
+		Short:     `Update a VPN gateway`,
+		Long:      `Update an existing VPN gateway, specified by its VPN gateway ID. Only its name and tags can be updated.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+		Verb:      "update",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.UpdateVpnGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the VPN gateway to update`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "name",
+				Short:      `Name of the VPN gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the VPN Gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.UpdateVpnGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.UpdateVpnGateway(request)
+		},
+	}
+}
+
+func s2sVpnVpnGatewayDelete() *core.Command {
+	return &core.Command{
+		Short:     `Delete a VPN gateway`,
+		Long:      `Delete an existing VPN gateway, specified by its VPN gateway ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "vpn-gateway",
+		Verb:      "delete",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DeleteVpnGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the VPN gateway to delete`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DeleteVpnGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.DeleteVpnGateway(request)
+		},
+	}
+}
+
+func s2sVpnConnectionList() *core.Command {
+	return &core.Command{
+		Short:     `List connections`,
+		Long:      `List all your connections. A number of filters are available, including Project ID, name, tags and status.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "list",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.ListConnectionsRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "order-by",
+				Short:      `Order in which to return results`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"created_at_asc",
+					"created_at_desc",
+					"name_asc",
+					"name_desc",
+					"status_asc",
+					"status_desc",
+				},
+			},
+			{
+				Name:       "project-id",
+				Short:      `Project ID to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "name",
+				Short:      `Connection name to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `Tags to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "statuses.{index}",
+				Short:      `Connection statuses to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_status",
+					"active",
+					"limited_connectivity",
+					"down",
+					"locked",
+				},
+			},
+			{
+				Name:       "is-ipv6",
+				Short:      `Filter connections with IP version of IPSec tunnel`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "routing-policy-ids.{index}",
+				Short:      `Filter for connections using these routing policies`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "route-propagation-enabled",
+				Short:      `Filter for connections with route propagation enabled`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "vpn-gateway-ids.{index}",
+				Short:      `Filter for connections attached to these VPN gateways`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "customer-gateway-ids.{index}",
+				Short:      `Filter for connections attached to these customer gateways`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+				scw.Region(core.AllLocalities),
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.ListConnectionsRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			opts := []scw.RequestOption{scw.WithAllPages()}
+			if request.Region == scw.Region(core.AllLocalities) {
+				opts = append(opts, scw.WithRegions(api.Regions()...))
+				request.Region = ""
+			}
+			resp, err := api.ListConnections(request, opts...)
+			if err != nil {
+				return nil, err
+			}
+
+			return resp.Connections, nil
+		},
+	}
+}
+
+func s2sVpnConnectionGet() *core.Command {
+	return &core.Command{
+		Short:     `Get a connection`,
+		Long:      `Get a connection for the given connection ID. The response object includes information about the connection's various configuration details.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "get",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.GetConnectionRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the requested connection`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.GetConnectionRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.GetConnection(request)
+		},
+	}
+}
+
+func s2sVpnConnectionCreate() *core.Command {
+	return &core.Command{
+		Short:     `Create a connection`,
+		Long:      `Create a connection.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "create",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.CreateConnectionRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			core.ProjectIDArgSpec(),
+			{
+				Name:       "name",
+				Short:      `Name of the connection`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the connection`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "is-ipv6",
+				Short:      `Defines IP version of the IPSec Tunnel`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "initiation-policy",
+				Short:      `Who initiates the IPsec tunnel`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_initiation_policy",
+					"vpn_gateway",
+					"customer_gateway",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.encryption",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_encryption",
+					"aes128",
+					"aes192",
+					"aes256",
+					"aes128gcm",
+					"aes192gcm",
+					"aes256gcm",
+					"aes128ccm",
+					"aes256ccm",
+					"chacha20poly1305",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.integrity",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_integrity",
+					"sha256",
+					"sha384",
+					"sha512",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.dh-group",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_dhgroup",
+					"modp2048",
+					"modp3072",
+					"modp4096",
+					"ecp256",
+					"ecp384",
+					"ecp521",
+					"curve25519",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.encryption",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_encryption",
+					"aes128",
+					"aes192",
+					"aes256",
+					"aes128gcm",
+					"aes192gcm",
+					"aes256gcm",
+					"aes128ccm",
+					"aes256ccm",
+					"chacha20poly1305",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.integrity",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_integrity",
+					"sha256",
+					"sha384",
+					"sha512",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.dh-group",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_dhgroup",
+					"modp2048",
+					"modp3072",
+					"modp4096",
+					"ecp256",
+					"ecp384",
+					"ecp521",
+					"curve25519",
+				},
+			},
+			{
+				Name:       "enable-route-propagation",
+				Short:      `Defines whether route propagation is enabled or not.`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "vpn-gateway-id",
+				Short:      `ID of the VPN gateway to attach to the connection`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "customer-gateway-id",
+				Short:      `ID of the customer gateway to attach to the connection`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv4.routing-policy-id",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv4.private-ip",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv4.peer-private-ip",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv6.routing-policy-id",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv6.private-ip",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "bgp-config-ipv6.peer-private-ip",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.CreateConnectionRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.CreateConnection(request)
+		},
+	}
+}
+
+func s2sVpnConnectionUpdate() *core.Command {
+	return &core.Command{
+		Short:     `Update a connection`,
+		Long:      `Update an existing connection, specified by its connection ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "update",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.UpdateConnectionRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection to update`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "name",
+				Short:      `Name of the connection`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the connection`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "initiation-policy",
+				Short:      `Who initiates the IPsec tunnel`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_initiation_policy",
+					"vpn_gateway",
+					"customer_gateway",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.encryption",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_encryption",
+					"aes128",
+					"aes192",
+					"aes256",
+					"aes128gcm",
+					"aes192gcm",
+					"aes256gcm",
+					"aes128ccm",
+					"aes256ccm",
+					"chacha20poly1305",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.integrity",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_integrity",
+					"sha256",
+					"sha384",
+					"sha512",
+				},
+			},
+			{
+				Name:       "ikev2-ciphers.{index}.dh-group",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_dhgroup",
+					"modp2048",
+					"modp3072",
+					"modp4096",
+					"ecp256",
+					"ecp384",
+					"ecp521",
+					"curve25519",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.encryption",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_encryption",
+					"aes128",
+					"aes192",
+					"aes256",
+					"aes128gcm",
+					"aes192gcm",
+					"aes256gcm",
+					"aes128ccm",
+					"aes256ccm",
+					"chacha20poly1305",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.integrity",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_integrity",
+					"sha256",
+					"sha384",
+					"sha512",
+				},
+			},
+			{
+				Name:       "esp-ciphers.{index}.dh-group",
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"unknown_dhgroup",
+					"modp2048",
+					"modp3072",
+					"modp4096",
+					"ecp256",
+					"ecp384",
+					"ecp521",
+					"curve25519",
+				},
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.UpdateConnectionRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.UpdateConnection(request)
+		},
+	}
+}
+
+func s2sVpnConnectionDelete() *core.Command {
+	return &core.Command{
+		Short:     `Delete a connection`,
+		Long:      `Delete an existing connection, specified by its connection ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "delete",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DeleteConnectionRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection to delete`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DeleteConnectionRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			e = api.DeleteConnection(request)
+			if e != nil {
+				return nil, e
+			}
+
+			return &core.SuccessResult{
+				Resource: "connection",
+				Verb:     "delete",
+			}, nil
+		},
+	}
+}
+
+func s2sVpnConnectionRenewPsk() *core.Command {
+	return &core.Command{
+		Short:     `Renew pre-shared key`,
+		Long:      `Renew pre-shared key for a given connection.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "renew-psk",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.RenewConnectionPskRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection to renew the PSK`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.RenewConnectionPskRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.RenewConnectionPsk(request)
+		},
+	}
+}
+
+func s2sVpnConnectionSetRoutingPolicy() *core.Command {
+	return &core.Command{
+		Short:     `Set a new routing policy`,
+		Long:      `Set a new routing policy on a connection, overriding the existing one if present, specified by its connection ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "set-routing-policy",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.SetRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection whose routing policy is being updated`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "routing-policy-v4",
+				Short:      `ID of the routing policy to set for the BGP IPv4 session`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "routing-policy-v6",
+				Short:      `ID of the routing policy to set for the BGP IPv6 session`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.SetRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.SetRoutingPolicy(request)
+		},
+	}
+}
+
+func s2sVpnConnectionDetachRoutingPolicy() *core.Command {
+	return &core.Command{
+		Short:     `Detach a routing policy`,
+		Long:      `Detach an existing routing policy from a connection, specified by its connection ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "detach-routing-policy",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DetachRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection from which routing policy is being detached`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "routing-policy-v4",
+				Short:      `ID of the routing policy to detach from the BGP IPv4 session`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "routing-policy-v6",
+				Short:      `ID of the routing policy to detach from the BGP IPv6 session`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DetachRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.DetachRoutingPolicy(request)
+		},
+	}
+}
+
+func s2sVpnConnectionEnableRoutePropagation() *core.Command {
+	return &core.Command{
+		Short:     `Enable route propagation`,
+		Long:      `Enable all allowed prefixes (defined in a routing policy) to be announced in the BGP session. This allows traffic to flow between the attached VPC and the on-premises infrastructure along the announced routes. Note that by default, even when route propagation is enabled, all routes are blocked. It is essential to attach a routing policy to define the ranges of routes to announce.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "enable-route-propagation",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.EnableRoutePropagationRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection on which to enable route propagation`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.EnableRoutePropagationRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.EnableRoutePropagation(request)
+		},
+	}
+}
+
+func s2sVpnConnectionDisableRoutePropagation() *core.Command {
+	return &core.Command{
+		Short:     `Disable route propagation`,
+		Long:      `Prevent any prefixes from being announced in the BGP session. Traffic will not be able to flow over the VPN Gateway until route propagation is re-enabled.`,
+		Namespace: "s2s-vpn",
+		Resource:  "connection",
+		Verb:      "disable-route-propagation",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DisableRoutePropagationRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "connection-id",
+				Short:      `ID of the connection on which to disable route propagation`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DisableRoutePropagationRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.DisableRoutePropagation(request)
+		},
+	}
+}
+
+func s2sVpnCustomerGatewayList() *core.Command {
+	return &core.Command{
+		Short:     `List customer gateways`,
+		Long:      `List all your customer gateways. A number of filters are available, including Project ID, name, and tags.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+		Verb:      "list",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.ListCustomerGatewaysRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "order-by",
+				Short:      `Order in which to return results`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"created_at_asc",
+					"created_at_desc",
+					"name_asc",
+					"name_desc",
+				},
+			},
+			{
+				Name:       "project-id",
+				Short:      `Project ID to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "name",
+				Short:      `Customer gateway name to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `Tags to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+				scw.Region(core.AllLocalities),
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.ListCustomerGatewaysRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			opts := []scw.RequestOption{scw.WithAllPages()}
+			if request.Region == scw.Region(core.AllLocalities) {
+				opts = append(opts, scw.WithRegions(api.Regions()...))
+				request.Region = ""
+			}
+			resp, err := api.ListCustomerGateways(request, opts...)
+			if err != nil {
+				return nil, err
+			}
+
+			return resp.Gateways, nil
+		},
+	}
+}
+
+func s2sVpnCustomerGatewayGet() *core.Command {
+	return &core.Command{
+		Short:     `Get a customer gateway`,
+		Long:      `Get a customer gateway for the given customer gateway ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+		Verb:      "get",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.GetCustomerGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the requested customer gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.GetCustomerGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.GetCustomerGateway(request)
+		},
+	}
+}
+
+func s2sVpnCustomerGatewayCreate() *core.Command {
+	return &core.Command{
+		Short:     `Create a customer gateway`,
+		Long:      `Create a customer gateway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+		Verb:      "create",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.CreateCustomerGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			core.ProjectIDArgSpec(),
+			{
+				Name:       "name",
+				Short:      `Name of the customer gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipv4-public",
+				Short:      `Public IPv4 address of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipv6-public",
+				Short:      `Public IPv6 address of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "asn",
+				Short:      `AS Number of the customer gateway`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.CreateCustomerGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.CreateCustomerGateway(request)
+		},
+	}
+}
+
+func s2sVpnCustomerGatewayUpdate() *core.Command {
+	return &core.Command{
+		Short:     `Update a customer gateway`,
+		Long:      `Update an existing customer gateway, specified by its customer gateway ID. You can update its name, tags, public IPv4 & IPv6 address and AS Number.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+		Verb:      "update",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.UpdateCustomerGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the customer gateway to update`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "name",
+				Short:      `Name of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipv4-public",
+				Short:      `Public IPv4 address of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipv6-public",
+				Short:      `Public IPv6 address of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "asn",
+				Short:      `AS Number of the customer gateway`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.UpdateCustomerGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.UpdateCustomerGateway(request)
+		},
+	}
+}
+
+func s2sVpnCustomerGatewayDelete() *core.Command {
+	return &core.Command{
+		Short:     `Delete a customer gateway`,
+		Long:      `Delete an existing customer gateway, specified by its customer gateway ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "customer-gateway",
+		Verb:      "delete",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DeleteCustomerGatewayRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "gateway-id",
+				Short:      `ID of the customer gateway to delete`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DeleteCustomerGatewayRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			e = api.DeleteCustomerGateway(request)
+			if e != nil {
+				return nil, e
+			}
+
+			return &core.SuccessResult{
+				Resource: "customer-gateway",
+				Verb:     "delete",
+			}, nil
+		},
+	}
+}
+
+func s2sVpnRoutingPolicyList() *core.Command {
+	return &core.Command{
+		Short:     `List routing policies`,
+		Long:      `List all routing policies in a given region. A routing policy can be attached to one or multiple connections (S2S VPN connections).`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+		Verb:      "list",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.ListRoutingPoliciesRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "order-by",
+				Short:      `Order in which to return results`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{
+					"created_at_asc",
+					"created_at_desc",
+					"name_asc",
+					"name_desc",
+				},
+			},
+			{
+				Name:       "project-id",
+				Short:      `Project ID to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "name",
+				Short:      `Routing policy name to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `Tags to filter for`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "ipv6",
+				Short:      `Filter for the routing policies based on IP prefixes version`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+				scw.Region(core.AllLocalities),
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.ListRoutingPoliciesRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			opts := []scw.RequestOption{scw.WithAllPages()}
+			if request.Region == scw.Region(core.AllLocalities) {
+				opts = append(opts, scw.WithRegions(api.Regions()...))
+				request.Region = ""
+			}
+			resp, err := api.ListRoutingPolicies(request, opts...)
+			if err != nil {
+				return nil, err
+			}
+
+			return resp.RoutingPolicies, nil
+		},
+	}
+}
+
+func s2sVpnRoutingPolicyGet() *core.Command {
+	return &core.Command{
+		Short:     `Get routing policy`,
+		Long:      `Get a routing policy for the given routing policy ID. The response object gives information including the policy's name, tags and prefix filters.`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+		Verb:      "get",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.GetRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "routing-policy-id",
+				Short:      `ID of the routing policy to get`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.GetRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.GetRoutingPolicy(request)
+		},
+	}
+}
+
+func s2sVpnRoutingPolicyCreate() *core.Command {
+	return &core.Command{
+		Short:     `Create a routing policy`,
+		Long:      `Create a routing policy. Routing policies allow you to set IP prefix filters to define the incoming route announcements to accept from the customer gateway, and the outgoing routes to announce to the customer gateway.`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+		Verb:      "create",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.CreateRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			core.ProjectIDArgSpec(),
+			{
+				Name:       "name",
+				Short:      `Name of the routing policy`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the routing policy`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "is-ipv6",
+				Short:      `IP prefixes version of the routing policy`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "prefix-filter-in.{index}",
+				Short:      `IP prefixes to accept from the peer (ranges of route announcements to accept)`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "prefix-filter-out.{index}",
+				Short:      `IP prefix filters to advertise to the peer (ranges of routes to advertise)`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.CreateRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.CreateRoutingPolicy(request)
+		},
+	}
+}
+
+func s2sVpnRoutingPolicyUpdate() *core.Command {
+	return &core.Command{
+		Short:     `Update a routing policy`,
+		Long:      `Update an existing routing policy, specified by its routing policy ID. Its name, tags and incoming/outgoing prefix filters can be updated.`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+		Verb:      "update",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.UpdateRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "routing-policy-id",
+				Short:      `ID of the routing policy to update`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			{
+				Name:       "name",
+				Short:      `Name of the routing policy`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "tags.{index}",
+				Short:      `List of tags to apply to the routing policy`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "prefix-filter-in.{index}",
+				Short:      `IP prefixes to accept from the peer (ranges of route announcements to accept)`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "prefix-filter-out.{index}",
+				Short:      `IP prefix filters for routes to advertise to the peer (ranges of routes to advertise)`,
+				Required:   false,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.UpdateRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+
+			return api.UpdateRoutingPolicy(request)
+		},
+	}
+}
+
+func s2sVpnRoutingPolicyDelete() *core.Command {
+	return &core.Command{
+		Short:     `Delete a routing policy`,
+		Long:      `Delete an existing routing policy, specified by its routing policy ID.`,
+		Namespace: "s2s-vpn",
+		Resource:  "routing-policy",
+		Verb:      "delete",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(s2s_vpn.DeleteRoutingPolicyRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "routing-policy-id",
+				Short:      `ID of the routing policy to delete`,
+				Required:   true,
+				Deprecated: false,
+				Positional: true,
+			},
+			core.RegionArgSpec(
+				scw.RegionFrPar,
+				scw.RegionNlAms,
+				scw.RegionPlWaw,
+			),
+		},
+		Run: func(ctx context.Context, args any) (i any, e error) {
+			request := args.(*s2s_vpn.DeleteRoutingPolicyRequest)
+
+			client := core.ExtractClient(ctx)
+			api := s2s_vpn.NewAPI(client)
+			e = api.DeleteRoutingPolicy(request)
+			if e != nil {
+				return nil, e
+			}
+
+			return &core.SuccessResult{
+				Resource: "routing-policy",
+				Verb:     "delete",
+			}, nil
+		},
+	}
+}