So this is like half rant half advice request. During a ticket for a poorly performing Basic VNG an Azure agent told me the Basic SKU is due to be retired “in a short time”, and deployment has already been removed from the portal so you can only get them via Powershell now. They’re flatly refusing to help and just tell us to upgrade, kind of harsh in my view since the Basic SKU should still be supported, it’s not dead yet, and getting <5Mbps when it’s rated for 100Mbps is practically unusable.
My real problem is the next level up - the VpnGw1 - is over 5 times more expensive than the basic? $27 up to $144. It’s going to be a hard sell to tell small companies that might only have a few machines and very small VPN requirements that their networking needs to cost $100+ more per month because Microsoft say so. Of course that’s part of the risk of going with a cloud provider but why not provide a middle ground SKU? Small business do not need 30 S2S connections, they don’t even use up the 10 they get in the Basic, and they’re never going to saturate the 650Mbps bandwidth.
Going with a 3rd party for e.g a Meraki VMX or comparable cloud product is adding complexity, suppliers, support contracts, setup costs etc which will end up eating any savings so what on Earth are small businesses supposed to do? I can only assume some will just leave Azure, moving small environments is barely a few days work, it just doesn’t make any sense.
For my personal Azure lab, I didn’t even want to pay for the basic SKU , instead I put a B1s instance with wireguard in my hub vnet and routed private traffic to it. 7.59$ vs 24$ Basic VPN Sku.
(FYI I’m a Microsoft FTE and the Azure VPN product owner, please don’t make me regret coming out of the shadows, but I had to for this miscommunication)
Basic skus are NOT being deprecated! We’re in the process of getting them back into portal once we’ve migrated the backend infrastructure of the basic gateways (no customer visible changes). Currently only standard and high performance gateways are slated for deprecation.
The portal change was poorly (I.e. not) communicated which was a big failure on Microsoft part, I’ll follow up with our support team and try to figure out where the mistaken basic deprecation message is coming from.
I agree we’re going to have to either accept the higher charge (no surprise there) or spin up an alternative via VM.
====================
SKU deprecation for legacy SKUsStandard and High Performance VPN Gateway legacy SKUs are being deprecated September 30, 2025. For more information, see the VPN Gateway legacy SKUs article.
**Can I create a new Standard/High Performance SKU after the deprecation announcement on November 30, 2023?**No. Starting December 1, 2023 you can’t create new gateways with Standard or High Performance SKUs. You can create new gateways using VpnGw1 and VpnGw2 for the same price as the Standard and High Performance SKUs, listed respectively on our pricing page.How long will my existing gateways be supported on Standard/High Performance SKUs?All existing gateways using Standard or High Performance SKUs will be supported until September 30, 2025.
they’re supposed to become reliant on the cloud, and then suffer the death of a thousand cuts as every service and license slowly rises in price to extract as much profit from every user as possible.
Heard these same complaints from Windows XP to 7 and so on. They’re not paying people to maintain deprecated tech. I’ve read of companies, like the govt, paying to maintain Win7 updates. The basic SKU is just a server running VPN software. Spin up your own VM, run VPN software, and maintain your infra yourself.
If the pricing of the next tier of VPN is too much, I would either go the route others have mentioned about using a small VM with Wiregaurd or Opnsense or similar. I haven’t tested it but I suspect you’ll be able to match the 100Mbps on a B1ms VM.
Or, I would reevaluate the need of a VPN to Azure on such a small scale. What is the business doing to need the VPN? Are there alternative options that might be more cost effective or provide a more efficient workflow? Happy to discuss further.
yea for me this is a big issue we have 1400 basic sku’s and the problem for us is that gw subnets are all /28 so not enough room to migrate to a supported sku. btw using basic sku’s was not my idea, I just have to live with the issue. Basic is more than performant for what we are doing, thus we used them. All new intances are getting a vnet with a /26 so we can use /27 for the gw sub. not looking forward to moving all these vnets to a larger subnet.
I’ve found that Azure is a great product but isn’t suitable for small business use cases. I rent a host from a more local company and pay £150 on a rolling monthly contract for a reasonable host and 500Mbps.
$27 up to $144. It’s going to be a hard sell to tell small companies
I bill at $300 an hour… It’s about to be 2024 and inflation is only going to get worse. Worrying about costs like this is silly nonsense and really just a waste of everyone’s time.
A linux VM running wiregaurd would work for your requirements. I have a VPNGW2AZ in my lab connected to my ER-X at home, which also has wiregaurd running on it.
I will compare what a small VM would cost with the same setup, of course the VPN GW plays nice with BGP.