%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
TNSR High-Performance VPN Concentrator vs. VyOS Universal Router on AWS
TNSR® High-Performance VPN Concentrator offers routed site-to-site and remote access VPNs via IPsec or WireGuard® with no hidden fees.
The product provides versatile management with a command line interface (CLI), RESTCONF API, and GUI, as well as advanced monitoring and troubleshooting with SNMP, Prometheus Exporter, and IPFIX Exporter. Standardized BGP, OSPF, and RIP routing protocols are also available. See features here.
VyOS® Universal Router is a software router that can be deployed on AWS and Azure, as well as other platforms. Like TNSR High-Performance VPN Concentrator, it can be used as a cloud VPN gateway.
| TNSR High-Performance VPN Concentrator | VyOS Universal Router | |
| Management | ||
| Command Line Interface (CLI) | Yes | Yes |
| Graphical User Interface (GUI) | Yes | No |
| RESTCONF API | Yes | No (GraphQL) |
| Automation | ||
| Ansible | Yes | Yes |
| Saltstack | Yes | Yes |
| Puppet | Yes | Yes |
| Chef | Yes | No |
| VPN Protocols | ||
| IPsec | Yes | Yes |
| Wireguard | Yes | Yes |
| OpenVPN | No | Yes |
| Monitoring/Logging | ||
| DHCP Logging | Yes | Yes |
| SNMP | Yes | Yes |
| Prometheus Exporter | Yes | Yes |
| IPFIX Exporter | Yes | Yes |
| SPAN/ERSPAN | Yes | Yes |
| Segmentation | ||
| Virtual Routing and Forwarding (VRF) | Yes | Yes |
| Security Add-Ons | ||
| Access Control Lists (ACLs) | Yes | Yes |
| Other Firewall Features | No | Yes |
Support
24x7 TAC Pro or Enterprise support is included for TNSR High-Performance VPN Concentrator, depending on the number of connected devices.
Customers with up to 50 connected devices can get expert answers within 24 hours via email or the support portal. They can also upgrade their support subscription to a 4-hour response time and live phone support. Customers with 100 or more connected devices can get expert answers within 4 hours via email, phone, or the support portal. A community forum is also available.
For VyOS Universal Router, standard support is included and can be upgraded to a faster SLA. Standard support provides email support and next-business-day SLA for Severity 1 / 2 incidents.
Pricing
TNSR software running on T3.large costs $1,576 annually. In comparison, VyOS Universal Router running on T3.large costs $1,200 annually.
Price Per Year on T3.large Instance Type*
- TNSR High-Performance VPN Concentrator: $1,576
- VyOS Universal Router: $1,200
*Does not include AWS infrastructure costs.
Contact sales@netgate.com to discuss your needs.
Ease of Use
Documentation
TNSR software documentation is comprehensive and well-structured. From installation to advanced configuration, it covers a wide range of topics and includes examples to aid understanding.
The documentation for VyOS Universal Router is sparse. This can lead to a frustrating experience if users can't find what they need.
Installation
The process for getting started with TNSR software on AWS is straightforward. To get started, launch an instance of TNSR High-Performance VPN Concentrator from the AWS Marketplace. Access the instance via SSH for configuration, and follow a step-by-step configuration recipe. Terraform and CloudFormation can be used to integrate TNSR software into CI/CD DevOps pipelines, and templates are coming soon to further simplify the installation process.
Setting up VyOS Universal Router also starts by launching an instance of the product from the AWS Marketplace. Configuration of the product as a VPN concentrator on AWS is difficult because of the thin documentation and lack of official CloudFormation or Terraform templates for this use case. Users must be knowledgeable of VyOS software and AWS environment for successful installation.
Management
There are multiple ways to manage TNSR software, including Command Line Interface (CLI), RESTCONF API, and Graphical User Interface (GUI).
TNSR software configuration through both CLI and RESTCONF API enables the product to be managed by IT automation platforms like Ansible®, SaltStack®, Puppet®, or Chef™.
VyOS Universal Router can be managed using CLI and GraphQL API. RESTCONF API is currently unavailable, and there is no GUI.
VyOS software supports automation tools like Ansible, Saltstack, and Puppet.
Other Features
VPN
TNSR software supports WireGuard and IPsec (Site-to-Site and Mobile) VPN protocols.
VyOS Universal Router supports IPsec, WireGuard, and OpenVPN VPN protocols.
Logging and Monitoring
TNSR software supports SNMP, SPAN / ERSPAN, Prometheus Exporter, and IPFIX Exporter for monitoring. It also supports DHCP logging, and general logs can be found in /var/log/syslog.
There is currently no direct integration with Amazon CloudWatch, but virtual machine information like CPU, MEM, and BW is available.
Like TNSR software, VyOS Universal Router supports SNMP, SPAN / ERSPAN, Prometheus Exporter, and IPFIX Exporter for monitoring, as well as DHCP logging. Additionally, the product includes an amazon-cloudwatch-agent package to make it easy to monitor VyOS instances on AWS using Amazon CloudWatch.
Security Add Ons
TNSR supports Layer 2, Layer 3, and Layer 4 Access Control Lists (ACLs), scalable to over 100,000 rules. The product does not have other firewall features.
In TNSR, user authentication is done using either passwords or user keys.
VyOS Universal Router's firewall features include ACLs, stateful firewall rules, and zone-based policies.
Want high-performance routed site-to-site and remote access VPNs via IPsec or WireGuard with no hidden fees?
