Support for RHEL 8 clone(s)

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Support for RHEL 8 clone(s)

Post by chilinux » Fri Dec 10, 2021 1:14 am

The AS release notes for 2.10.0 has:
"For RHEL 8 we now use a separate software repository. Use the new repository for upgrades.
For CentOS 8 we will soon cease to build Access Server releases due to planned EOL of that OS."

CentOS 8 is end of life December 31, 2021 (end of this month). I understand CentOS Stream 8 will not be supported.

However, I am interested in what level of support will be provided to users of Rocky Linux 8 or AlmaLinux 8. Both have released clones of RHEL 8.5 which are the same quality as CentOS 8.5. If someone uses the RHEL 8 repository for OpenVPN AS for either clone, will OpenVPN AS provide any support or write off any issue that comes up as being the fault of not using official RHEL 8?

If there is no plans to support RHEL 8 clones, will there at least be plans to support CentOS 7 with EPEL's OpenSSL 1.1.1k? Currently, on CentOS 7 only support for OpenSSL 1.0.2 is provided.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Support for RHEL 8 clone(s)

Post by openvpn_inc » Fri Dec 10, 2021 8:04 am

Hello chilinux,

CentOS Stream 8 will not be officially supported.

Rocky Linux and AlmaLinux claim they are 100% compatible with RHEL8. If their claim remains true, then packages compiled for RHEL8 should work on those operating systems without problems. If however they deviate from this claim, then we cannot guarantee that things will continue to work. We cannot guarantee what Rocky Linux and AlmaLinux will do in the future. We do not plan to add Rocky Linux or AlmaLinux to our officially supported platforms at this time. If support issues regarding these operating systems come in, we will evaluate them, and handle it under 'best effort' terms.

We do not intend to support CentOS7 with non-standard OpenSSL versions. By non-standard I mean a version that is not a part of the distribution itself. It is not trivial to support an OpenSSL version that deviates from the operating system provided version. Even a program such as nginx on CentOS7, if it wants to support TLS 1.3, needs to be compiled from source in order to support this. Our recommendation is that if you need a newer OpenSSL version that you pick an OS that comes with a newer OpenSSL version.

As a side note, if you wish to use an operating system that uses an up-to-date OpenSSL version, CentOS and RHEL and the likes are not the logical choice for doing so. Their extremely long lifecycles lead to specific package versions being maintained far into the future - without updating them to newer versions with newer features. That update only comes with a newer distribution of the OS.

If you want newer stuff like for example a more recent OpenSSL then you should look at for example Debian or Ubuntu. If you want a compromise between long lifecycle support and recent software, you could consider Ubuntu LTS. The operating system Ubuntu LTS is our preferred choice at the moment. That's because it comes out with major LTS releases every 2 years, and a release is supported for 5 years by default (and can be extended to 10 years). This allows to use relatively recent software packages, and still offers users an OS that is supported for a long time.

For those customers that have a need due to contracts or regulations to use RHEL8 I can say that we support Access Server on RHEL8 officially. But even then only with the OpenSSL package that comes with that OS.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply