TNSR High-Performance VPN Concentrator vs. OpenVPN Access Server on AWS

 

TNSR® High-Performance VPN Concentrator offers routed site-to-site and remote access VPNs via IPsec or WireGuard® with no hidden fees.

The product provides versatile management with a command line interface (CLI), RESTCONF API, and GUI, as well as advanced monitoring and troubleshooting with SNMP, Prometheus Exporter, and IPFIX.  See features here.

OpenVPN® Access Server is a self-hosted VPN solution that can be deployed on bare-metal COTS hardware, as a Virtual Network Function, or in cloud environments like AWS® and Azure®. It comes with a web-based GUI and widely compatible OpenVPN Connect client installers for easy deployment.

This comparison will focus on AWS deployments.

  TNSR High-Performance VPN Concentrator OpenVPN Access Server
Management    
Command Line Interface (CLI) Yes Yes
Graphical User Interface (GUI) Yes Yes
RESTCONF API Yes No (REST)
Automation    
Ansible Yes Yes
Saltstack Yes Yes
Puppet Yes Yes
Chef Yes Yes
VPN Protocols    
IPsec Yes No
Wireguard Yes No
OpenVPN No Yes
Monitoring/Logging    
DHCP Logging Yes Yes
SNMP Yes Yes
Prometheus Exporter Yes Yes
IPFIX Exporter Yes No
SPAN/ERSPAN Yes No
Segmentation    
Virtual Routing and Forwarding (VRF) Yes No
Security Add-Ons    
Access Control Lists (ACLs) Yes Yes
Other Firewall Features No No

 

Support

24x7 TAC Pro or Enterprise support is included for TNSR High-Performance VPN Concentrator, depending on the number of connected devices.

Customers with up to 50 connected devices can get expert answers within 24 hours via email or the support portal. They can also upgrade their support subscription to a 4-hour response time and live phone support. Customers with 100 or more connected devices can get expert answers within 4 hours via email, phone, or the support portal. A community forum is also available.

OpenVPN offers support for OpenVPN Access Server through a support ticket system and community forum. There is no live phone support and no guaranteed response time.

Pricing

TNSR High-Performance VPN Concentrator is priced based on the number of VPN connections, with a discount for one year and multi-year contracts. There are no additional data processing fees. For 25 VPN connections, a one year contract with unlimited data processing is $1,499. See here for more on pricing or contact sales@netgate.com to discuss your needs.

OpenVPN Access Server is priced based on the number of VPN connections, with a 22% discount for one year contracts. There is also a bring-your-own-license (BYOL) option. On AWS, the vendor recommended instance type for OpenVPN Access Server (25 Connected Devices) is m3.medium, which costs $2,100 annually, not including other AWS infrastructure costs (EIP, I/O, EBS, etc).

Price Per Year for 25 Connections

  • TNSR High-Performance VPN Concentrator: $2,365
  • OpenVPN Access Server: $2,100

*Does not include AWS infrastructure costs.

Ease of Use

Documentation

TNSR software documentation is comprehensive and well-structured. From installation to advanced configuration, it covers a wide range of topics and includes examples to aid understanding.

OpenVPN offers well-organized documentation with guides that make it easy to get started.

Installation

The process for getting started with TNSR software on AWS is straightforward. To get started, launch an instance of TNSR High-Performance VPN Concentrator from the AWS Marketplace. Access the instance via SSH for configuration, and follow a step-by-step configuration recipe. Terraform and CloudFormation can be used to integrate TNSR software into CI/CD DevOps pipelines, and templates are coming soon to further simplify the installation process. 

Once an instance of OpenVPN Access Server is set up on AWS, customers can configure it using an Admin Web UI or CLI (accessible via SSH).

One helpful feature of OpenVPN Access Server on AWS is the available CloudFormation script. This makes setting up the VPN server easier, though manual set up is also possible.

Management

There are multiple ways to manage TNSR software, including Command Line Interface (CLI), RESTCONF API, and Graphical User Interface (GUI).

TNSR software configuration through both CLI and RESTCONF API enables the product to be managed by IT automation platforms like Ansible®, SaltStack®, Puppet®, or Chef™.

OpenVPN Access Server can also be managed several ways: GUI, CLI, and REST API. RESTCONF API is currently unavailable.

Like TNSR software, the product can also be managed by IT automation platforms.

Other Features

VPN

TNSR software supports WireGuard and IPsec (Site-to-Site and Mobile) VPN protocols.

OpenVPN Access Server uses the OpenVPN protocol.

Logging and Monitoring

TNSR software supports SNMP, SPAN / ERSPAN, Prometheus Exporter, and IPFIX Exporter for monitoring. It also supports DHCP logging, and general logs can be found in /var/log/syslog.

There is currently no direct integration with Amazon CloudWatch, but virtual machine information like CPU, MEM, and BW is available.

OpenVPN Access Server provides monitoring through its Admin Web UI, which displays log information. Administrators can view user connection times, data usage, and basic error messages related to authentication or connection issues.

The product also supports Prometheus Exporter. IPFIX, SPAN / ERSPAN, and Amazon Cloudwatch are currently not supported.

Segmentation

Virtual Routing and Forwarding (VRF) is supported in TNSR. VRF enables multiple routing tables on a single router. The technology is used in VPNs to provide secure, segregated routing over shared infrastructure.

OpenVPN Access Server does not have native VRF.

Security Add Ons

TNSR supports Layer 2, Layer 3, and Layer 4 Access Control Lists (ACLs), scalable to over 100,000 rules. The product does not have other firewall features.

In TNSR, user authentication is done using either passwords or user keys.

Like TNSR, OpenVPN Access Server supports ACLs.

It offers identity-based access control through Google Authenticator, LDAP, RADIUS, and Active Directory servers.

Want high-performance routed site-to-site and remote access VPNs via IPsec or WireGuard with no hidden fees?

Buy Now