The IPsec VPN solution has several levels of baked-in redundancies. It natively supports all the necessary features to ensure a highly available and reliable VPN service including: self-healing instances, a multi-AZ active/passive instance deployment and automatic AWS route table management for failover. When-ever an instance fails or an AZ goes down we seamlessly transfer traffic to the redundant instance in the other AZ.
We developed a custom routing protocol to ensure seamless 200 ms fail-over whenever an availability zone or an instance fails.
The IPsec VPN solution actively manages AWS routing tables in the back ground. This also means that every subnet that is managed by the routing table has access to the VPN tunnel. Instances themselves take care of leader election and write themselves into the routing table whenever they can receive traffic for the VPN tunnel. Whenever the primary instances goes down the secondary instance takes over and manages the routing table to direct traffic to itself.
To learn more download the Managed IPsec VPN Whitepaper