-01.png?width=926&height=181&name=Netgate%20Logo%20PMS%20(horizontal)-01.png "Netgate Main Logo")
%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
Netgate® is pleased to announce the release of TNSR® software version 25.10. This regularly scheduled release includes additional hardware support, new capabilities, updates, and bug fixes. The Release Notes are available for review.
Overview
TNSR is a high-performance software router and VPN concentrator that delivers speed, flexibility, and cost-efficiency. Leveraging technologies like vector packet processing (VPP), TNSR software offers advanced routing and VPN capabilities for enterprises, service providers, and government organizations at an unbeatable total cost of ownership.
TNSR is available on Netgate systems or on AWS and Azure cloud platforms. It achieves speeds and performance that would otherwise be reserved for traditional ASIC-based hardware routers, but at a fraction of the cost. TNSR is the answer for businesses, governments, and xSPs looking for scalable routing without the six-figure price tag.
TNSR combines the FD.io Vector Packet Processor (VPP), a fast, scalable layer 2-7 network stack, including NETCONF and RESTCONF APIs, with a control plane combining FRR and Strongswan, as well as an intuitive CLI for configuration and monitoring.
The result is a product that delivers high performance in mission-critical site-to-site, edge-to-cloud, data center, and VPN scenarios. This product is complemented by Netgate's 24x365 Technical Assistance Center, and we stand ready to support your critical business requirements every day.
In this release, we have implemented the following exciting new features and improvements:
Feature Highlights
Legacy Dataplane NAT Removed
Legacy Dataplane NAT functionality has been removed in this release. Environments that require NAT must convert their configuration to VPF NAT. The VPF firewall offers significant advantages over the NAT features formerly available in the dataplane. Not only is VPF NAT more stable, but it also offers features and flexibility that were not possible with dataplane NAT. TNSR will continue to include dataplane ACL functionality; however, if you are still using legacy dataplane NAT, please convert to VPF NAT before updating to this version.
VPF NAT Endpoint-Independent Mode
VPF now supports Endpoint-Independent NAT (also known as “full cone NAT”). Endpoint-Independent NAT mode is particularly useful in large-scale CGNAT scenarios. For details, see our documentation on Endpoint-Dependent vs Endpoint-Independent NAT, and read all the information and warnings about its use before considering activating this NAT mode.
VPF NAT Source-IP Hash Mode
VPF NAT now has a src-ip-hash address selection algorithm for NAT rules, which applies NAT translation using a pool of addresses. This algorithm only considers the source address (e.g., local clients) when choosing a translation address from a pool, which maintains a consistent translation address for all connections sourced by a local client. This new algorithm improves behavior for protocols such as SIP, which rely on the NAT translation address being consistent for local clients. Users experiencing issues with protocols such as SIP should consider changing their existing NAT rules to the new algorithm after upgrading.
VPF NAT Rule Port Ranges
VPF can now configure translation port ranges on outbound dynamic NAT rules. UDP/TCP packets matching the rule will have a source port allocated from within the configured range. This is intended to be used by customers who want CGNAT functionality that would allow them to dedicate distinct port ranges to packets originating from different "tenants" (internal subnets or VRFs).
VPF Filter Port Tables
This functionality allows you to define groupings of IP service ports into a VPF table, which can make crafting VPF filter rules much easier to manage and maintain.
WireGuard
TNSR now allows you to configure WireGuard peers using fully qualified domain names, instead of explicit IPv4 or IPv6 addresses. This makes it easier and more convenient for administrators to manage multiple peer configurations in a WireGuard VPN network.
Other Enhancements
In addition to VPP being updated to version Stable/2506, this version also includes over 35 bug fixes and stability enhancements.
Installing the TNSR Version 25.10 Upgrade
For detailed upgrade instructions, please refer to the Upgrade Guide on our TNSR documentation page.
We recommend saving a backup of the TNSR configuration before making any significant changes or upgrades. You will find Backup and Recovery instructions on our TNSR documentation page.
Netgate Technical Assistance
This TNSR 25.10 software release is ready for use in production environments. Should any issues arise, please post to our forum or contact the Netgate Technical Assistance Center (TAC) for professional assistance.
We’re happy to discuss your needs in detail so we can provide you with the best solution for your business. Netgate makes a TNSR lab evaluation version available for you to try. Please contact one of our authorized partners or our Netgate sales team for assistance.