Frequently Asked Questions

How can an instance be accessed?

In order to manage the configuration of the instance, connect to it via SSH as described in Connect to the instance.

What are the default credentials for the tnsr user on the AWS instance?

The tnsr user on the TNSR for AWS instance does not have a default password. SSH connections to a TNSR for AWS instance require key-based authentication using an SSH key selected when launching the instance, which is much more secure than using password-based authentication.

The process of using key-based authentication to connect to an instance is covered in Connect to the instance.

How does NAT behave on AWS?

NAT behavior on AWS can be tricky, as in certain places NAT can be applied by TNSR and in other places by AWS. Determining where and how to perform NAT can be potentially problematic in that it is possible to unintentionally create asymmetric routing situations with an incorrect configuration.

See NAT Examples for multiple examples of NAT behavior with TNSR on AWS and how to avoid these pitfalls.

How can an instance be backed up and recovered?

The procedure to backup and restore the configuration databases and other key files is covered in the Configuration Backups section of the TNSR documentation.

How can an instance be monitored?

TNSR can be monitored in several ways compatible with standard utilities, such as SNMP, IPFIX, and Prometheus as well as customized monitoring by polling the TNSR API. The most common methods are covered in the Monitoring section of the TNSR documentation.

How can an instance be upgraded?

Upgrading a TNSR instance in-place requires a valid upgrade certificate issued by Netgate. The process for obtaining the certificate as well as for performing the upgrade is covered in the Updates and Packages section of the TNSR documentation.


Requesting a TNSR upgrade certificate from Netgate TAC requires the current AWS Customer ID and AWS Instance ID. For more details, see the documentation on upgrading TNSR in AWS

Even without the TNSR upgrade configuration in place, the operating system can be upgraded to obtain security fixes for issues in the base OS.

How can credentials and keys be changed?

Credentials and keys, such as user account keys, certificates, VPN tunnel keys, and so on, should be changed periodically for security. Procedures to change these are located in Changing Credentials and Keys.

Further troubleshooting

More information on troubleshooting a variety of common TNSR issues can be found in the Troubleshooting section of the TNSR documentation.