%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
TNSR High-Performance VPN Concentrator vs. AWS VPN Server
TNSR® High-Performance VPN Concentrator offers routed site-to-site and remote access VPNs via IPsec or WireGuard® with no hidden fees.
The product provides versatile management with a command line interface (CLI), RESTCONF API, and GUI, as well as advanced monitoring and troubleshooting with SNMP, Prometheus Exporter, and IPFIX Exporter. Standardized BGP, OSPF, and RIP routing protocols are also available. See features here.
AWS® VPN solutions, including Transit Gateway, Client VPN, and Site-to-Site VPN, are services provided by Amazon Web Services that act as a scalable cloud VPN server. They are accessible via the AWS Management Console and are part of the AWS ecosystem of networking services.
Both AWS VPN solutions and TNSR High-Performance VPN Concentrator can be used for secure connectivity between AWS virtual private clouds (VPCs) and on-premises networks.
| TNSR High-Performance VPN Concentrator | AWS VPN Server | |
| Management | ||
| Command Line Interface (CLI) | Yes | Yes |
| Graphical User Interface (GUI) | Yes | Yes |
| RESTCONF API | Yes | No (AWS API) |
| Automation | ||
| Ansible | Yes | Yes |
| Saltstack | Yes | Yes |
| Puppet | Yes | Yes |
| Chef | Yes | Yes |
| VPN Protocols | ||
| IPsec | Yes | Yes |
| Wireguard | Yes | No |
| OpenVPN | No | Yes |
| Monitoring/Logging | ||
| DHCP Logging | Yes | No (Other Available) |
| SNMP | Yes | No |
| Prometheus Exporter | Yes | Yes |
| IPFIX Exporter | Yes | No (Other Available) |
| SPAN/ERSPAN | Yes | No |
| Segmentation | ||
| Virtual Routing and Forwarding (VRF) | Yes | Yes |
| Security Add-Ons | ||
| Access Control Lists (ACLs) | Yes | Yes |
| Other Firewall Features | No | No |
Support
24x7 TAC Pro or Enterprise support is included for TNSR High-Performance VPN Concentrator, depending on the number of connected devices.
Customers with up to 50 connected devices can get expert answers within 24 hours via email or the support portal. They can also upgrade their support subscription to a 4-hour response time and live phone support. Customers with 100 or more connected devices can get expert answers within 4 hours via email, phone, or the support portal. A community forum is also available.
The AWS Basic Support Plan is included and provides one-on-one responses to account and billing questions, support forums, service health checks, and access to documentation, technical papers, and best practice guides.
Customers can also purchase additional support, which comes in four tiers: Developer ($29+/Month), Business ($100+/Month), Enterprise On-Ramp ($5,500+/Month), and Enterprise ($15,000+/Month). See pricing details here.
Pricing
TNSR High-Performance VPN Concentrator is priced based on the number of VPN connections, with a discount for one year and multi-year contracts. There are no additional data processing fees. For 25 VPN connections, a one year contract with unlimited data processing is $1,499. See here for more on pricing or contact sales@netgate.com to discuss your needs.
AWS VPN solutions are priced by the volume of connections, hours used, and data transferred. This can become expensive. Below is a pricing example using the AWS Transit Gateway, not including the cost of either AWS Client or Site-to-Site VPN.
In the US East (Ohio) region, the cost of AWS Transit Gateway is $0.05 per attachment per hour and $0.02 per GB of data processed.
Price Per Year for 25 Connections
- TNSR High-Performance VPN Concentrator: $2,365*
- AWS Transit Gateway: $11,550.00**
*Does not include annual AWS infrastructure cost.
**Assumes 8,760 hours in one year, 25 VPN connections, standard performance, and the amount of data used per month per connection is 100 GB. Does not include the cost of other AWS VPN services.
Ease of Use
Documentation
TNSR software documentation is comprehensive and well-structured. From installation to advanced configuration, it covers a wide range of topics and includes examples to aid understanding.
AWS documentation provides detailed guidelines on setting up and managing AWS Transit Gateway and AWS Client and Site-to-Site VPN. It includes information on configuration and best practices for usage.
Installation
The process for getting started with TNSR software on AWS is straightforward. To get started, launch an instance of TNSR High-Performance VPN Concentrator from the AWS Marketplace. Access the instance via SSH for configuration, and follow a step-by-step configuration recipe. Terraform and CloudFormation can be used to integrate TNSR software into CI/CD DevOps pipelines, and templates are coming soon to further simplify the installation process.
To install and configure AWS Transit Gateway as a VPN concentrator for either remote access or site-to-site connections, users must follow these steps:
First, create a Transit Gateway in the AWS Management Console. Then, create a VPN attachment to the Transit Gateway.
For site-to-site VPN, users can use AWS Site-to-Site VPN with the Transit Gateway. This connects on-premises networks, including branch offices and data centers, to AWS.
For remote access, users can use AWS Client VPN with the Transit Gateway. This allows access to AWS or on-premises networks over the internet.
Many CloudFormation templates are available for AWS Transit Gateway.
Management
There are multiple ways to manage TNSR software, including Command Line Interface (CLI), RESTCONF API, and Graphical User Interface (GUI).
TNSR software configuration through both CLI and RESTCONF API enables the product to be managed by IT automation platforms like Ansible®, SaltStack®, Puppet®, or Chef™.
AWS VPN solutions can be managed using GUI, CLI, and API.
- GUI - The AWS Management Console and AWS Global Networks for Transit Gateways console can be used to access, visualize, and monitor Transit Gateways.
- CLI - AWS CLI provides commands for AWS services, including Amazon VPC, EC2, S3.
- API - The AWS API provides a comprehensive interface for interacting programmatically with AWS.
Like TNSR software, the products can also be managed by IT automation platforms.
Other Features
VPN
TNSR software supports WireGuard and IPsec (Site-to-Site and Mobile) VPN protocols.
When used with AWS Client VPN, AWS Transit Gateway uses the OpenVPN protocol. When paired with AWS Site-to-Site VPN, Transit Gateway uses the IPsec protocol. WireGuard is not supported.
Logging and Monitoring
TNSR software supports SNMP, SPAN / ERSPAN, Prometheus Exporter, and IPFIX Exporter for monitoring. It also supports DHCP logging, and general logs can be found in /var/log/syslog.
There is currently no direct integration with Amazon CloudWatch, but virtual machine information like CPU, MEM, and BW is available.
Like TNSR, AWS VPN solutions metrics can be accessed using Promethus Exporter. The products do not support DHCP Logging, SNMP, IPFIX Exporter, or SPAN/ERSPAN but rely on AWS-native tools for logging and monitoring, including Amazon CloudWatch, Transit Gateway Flow Logs, VPC Flow Logs, CloudTrail logs, and Network Manager.
Security Add Ons
TNSR supports Layer 2, Layer 3, and Layer 4 Access Control Lists (ACLs), scalable to over 100,000 rules. The product does not have other firewall features.
In TNSR, user authentication is done using either passwords or user keys.
AWS Transit Gateway uses Network Access Control Lists (NACLs) to provide an optional security layer. It does not have other firewall capabilities but can be used with AWS Network Firewall.
AWS Identity and Access Management (IAM) enables control over access to AWS resources, including transit gateways.
Want high-performance routed site-to-site and remote access VPNs via IPsec or WireGuard with no hidden fees?
