SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.7.8

Version 1.7.8 of Viscosity has been released for both Mac and Windows! These updates place a focus on security and reliability, with enhancements to the OpenVPN engine on macOS, and DNS reliability improvements on Windows. In addition OpenVPN 2.4 has been updated to version 2.4.5, OpenSSL to version 1.0.2o, and a number of small improvements and bug fixes are included.

The Mac version includes a significant reworking of how OpenVPN connections are handled for added security. Connections now have enhanced protection against possible future threats that could arise against OpenVPN itself (both local and remote) by sandboxing and de-elevating the permissions of OpenVPN. This all happens behind the scenes, and shouldn't have any noticeable effect on your VPN connections. We hope to bring many of these features across to the Windows version in a future update as well.

The Windows version also includes a number of performance and stability improvements to the Full and Split DNS modes.


Version 1.7.8 Mac Release Notes:

added
Sandboxing of the OpenVPN process for added security
updated
OpenVPN 2.4 updated to version 2.4.5
updated
OpenSSL updated to version 1.0.2o
fixed
Various bug fixes and enhancements
removed
Growl support


Version 1.7.8 Windows Release Notes:

improved
Viscosity DNS System now observes Windows hosts file
updated
OpenVPN updated to version 2.4.5
updated
OpenSSL updated to version 1.0.2o
fixed
Fixes bug where large DNS resolutions were dropped
fixed
Fixes a bug where Viscosity would not reconnect after some dropouts
fixed
Various bug fixes and enhancements

The 1.7.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.7

Version 1.7.7 of Viscosity has been released for both Mac and Windows! This release includes two new features, Universal 2nd Factor (U2F) support and obfs4 obfuscation support, along with a security update and some small bug fixes and improvements.

We're especially excited about support for U2F authentication, and we'll be posting further information about using U2F with Viscosity and OpenVPN in the near future. However if you want to check out the technical details immediately we have put together a U2F Two-Factor Authentication server setup guide with example authentication scripts.

We've also added support for the latest obfuscation protocol, obfs4, which was highly requested. If you're interested in using obfs4 but don't already have a server set up, we have updated our Setting up an Obfuscation server with Obfsproxy and Viscosity article.

On the security front, during an internal review we've identified the potential for a privilege escalation attack against processes launched by OpenVPN through the use of malicious environment variables. We've updated Viscosity to detect and protect against any such attacks. To avoid the potential for this to be exploited we recommend users update to 1.7.7 as soon as possible.


Version 1.7.7 Mac Release Notes:

added
Universal 2nd Factor (U2F) support
added
Support for the obfs4 obfuscation protocol
improved
No longer displays an alert when a session token is rejected
improved
Detection of unsafe environment variables improved
fixed
Various bug fixes and enhancements


Version 1.7.7 Windows Release Notes:

added
Adds U2F (Universal 2 Factor) support
added
Support for the obfs4 obfuscation protocol
improved
Detection of unsafe environment variables improved
fixed
Various bug fixes and enhancements

The 1.7.7 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.6

Viscosity version 1.7.6 is now available for both Mac and Windows! This update is primarily a maintenance release that includes a number of fixes and improvements, workarounds for some small macOS 10.13 bugs, and an OpenSSL update to version 1.0.2n.


Version 1.7.6 Mac Release Notes:

improved
Support for longer username, password, and challenge responses
updated
OpenSSL updated to version 1.0.2n
fixed
Workaround for macOS 10.13 utun traffic reporting bug
fixed
Fixes session tokens not persisting across reconnections
fixed
Various bug fixes and enhancements


Version 1.7.6 Windows Release Notes:

improved
Support for longer username, password, and challenge responses
updated
OpenSSL updated to version 1.0.2n
fixed
Fixes session tokens not persisting across reconnections
fixed
Various bug fixes and enhancements

The 1.7.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Store and Licensing Improvements

We've been working hard to improve the experience of purchasing Viscosity, and so we're pleased to announce the improvements and changes we've made over the past year. While these are not as glamorous as feature additions to Viscosity itself, we hope these changes help improve the Viscosity experience and show that we're listening to all feedback we receive.

Licensing Improvements

  • Cross-Platform Licensing: Late last year we began to offer a cross-platform license option (as an alternative to separate macOS and Windows platform licenses). This has been an overwhelming success, and we greatly appreciate the positive feedback we've received from both home and business users.
  • Server-Locked Licensing for Education: A common request from schools and universities was a better licensing option for students and visiting guests. To address this we have introduced "server-locked" licensing, which allows for Viscosity to be licensed for unlimited use for a particular list of VPN servers. This option is only available for educational institutions, and more information can be found here.

Store Improvements

  • Upgrade Section: With the introduction of the cross-platform license option we wanted to provide an easy method to upgrade from a single-platform license (for those moving between Mac and Windows machines). The Upgrade Section also provides an instant way to add seats to an existing volume license and automatically applies volume discounts.
  • Gift Option: It's now possible to purchase Viscosity on behalf of others using the new "This purchase is a gift" option. This option allows different license and billing details to be entered, as well as choosing what email address the license email is sent to (so you can choose to send it straight along from us, or deliver it yourself).
  • Direct Credit Card Processing: The store now allows direct payment using Visa, MasterCard, and Amex cards. This was a long time coming, and avoids the need to use the PayPal payment gateway for these card types.
  • Apple Pay Support: The store now also supports payments via Apple Pay when using Safari on macOS or iOS (for linked Visa, MasterCard, and Amex cards). Apple Pay offers a number of security benefits over standard credit card payments, so we encourage those with the option to give it a try.
  • Bitcoin Support: Support for Bitcoin payments has been a common request for many years, however due to compliance and legal issues it was difficult to accept it as an Australian company. We're please to now be able to activate its use, which should help those purchasing Viscosity from countries where credit card access is limited. We're also working towards adding support for additional crypto-currencies including Ethereum and Litecoin.

For our Australian users only, we're required to begin charging Goods and Services Tax (GST) on purchases. This does not affect purchases from those in other countries. Users can download an invoice from the View Invoice page for claiming back the GST where applicable.

If you have any feedback to offer about Viscosity, our online store, or anything else, please don't hesitate to contact us. And for existing Viscosity users, we have some exciting Viscosity feature additions planned for early next year, so please keep an eye our our blog and Twitter feed!

SparkLabs Wins Bathurst Micro Business of the Year!

A special thank you to the Bathurst Business Chamber and Central NSW Business HQ for awarding SparkLabs as the winner of the "Excellence in Micro Business" category in the 2017 Carillon Business Awards! It's a terrific honour and a great surprise to receive such recognition from our local region.



We have been based in Bathurst, Australia since the very first beta release of Viscosity in early 2008 (over nine years ago!). While we've since grown and added talented remote staff to our team, we continue to call Bathurst our home. Our software is in use by businesses and consumers from 145 different countries around the world, and we hope we can continue representing regional NSW at an international level.

Thanks again to the Bathurst Business Chamber for honouring us with the award. Most of all thank you to all of Viscosity's users: without you we couldn't continue to do what we love. We have some exciting Viscosity-related news and updates planned for 2018 which we can't wait to share, so please stay tuned!

Viscosity For Mac & Windows: Version 1.7.5

Version 1.7.5 of Viscosity has been released for both Mac and Windows! This release includes a number of small improvements and bug fixes, and updates OpenVPN to versions 2.4.4 and 2.3.18. The OpenVPN updates address a potential security issue related to an old data channel key negotiation method, and users are encouraged to update.

This update also changes the name of Viscosity's TAP network interfaces on macOS from "tap" (e.g. "tap0") to "vtap". This is designed to prevent clashes with other VPN clients installed on the same system that are loading their own version of the TAP driver. We've received reports of some poorly managed clients that were conflicting with Viscosity's TAP support, which this change will resolve. Users with advanced custom scripts or actions may need to update the network interface name accordingly, however no changes are otherwise needed.


Version 1.7.5 Mac Release Notes:

improved
TAP interfaces renamed to vtap to avoid driver clashes
updated
OpenVPN 2.4 updated to version 2.4.4
updated
OpenVPN 2.3 updated to version 2.3.18
fixed
Various bug fixes and enhancements


Version 1.7.5 Windows Release Notes:

updated
OpenVPN updated to version 2.4.4
updated
OpenVPN updated to version 2.3.18
fixed
Various bug fixes and enhancements

The 1.7.5 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.4

Viscosity version 1.7.4 is now available for both Mac and Windows. This update is a maintenance release that includes a number of small bug fixes and improvements. Also included is finalised support for the upcoming macOS 10.13 (High Sierra) release, improved high resolution support for Windows, and updated menu icons for Windows 10 users that look more at home. For further details please refer to the release notes below.


Version 1.7.4 Mac Release Notes:

improved
Improved support for macOS 10.13 (High Sierra)
improved
Enables keyboard navigation of the main menu
improved
Adds a Save Log button to the Details window
fixed
Various bug fixes and enhancements


Version 1.7.4 Windows Release Notes:

improved
New notification area menu icons added
improved
Adds a Save Log button to the Details window
improved
Further interface improvements for high DPI displays
fixed
Various bug fixes and enhancements

The 1.7.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Getting Started Running Your Own VPN Server

Running your own Virtual Private Network (VPN) server is one of the easiest, and indeed recommended, ways to get started using a VPN setup. Whether you want to connect back to your home while on the road, protect yourself while on public Wi-Fi networks, allow your staff to connect securely to your business network while working remotely, or simply want to learn more about how VPNs work, running your own VPN server is a great way to get started.

We often get people reaching out for advice about how to get started running an OpenVPN server for connecting to with Viscosity, however sadly there has never been a great resource we can point people to. We've written this blog post to serve as a starting point for those new to setting up a VPN server. If you're also new to the concept of VPNs, be sure to also check out our Introduction to VPN guide.

What Do I Need?

To run your own OpenVPN server you only need two things: a device connected to the network that is capable of acting as an OpenVPN server, such as a router or spare computer, and an internet connection.

These days the vast majority of modern home and business routers, as well as many home file and media servers, support acting as an OpenVPN server making it easy to get started. And for those who have a spare computer it's possible to create an even more powerful and high-performance setup.

Server Setup Guides

We've been putting together setup guides for a number of different operating systems and devices. These guides detail the basics of setting up a standard OpenVPN server. They are designed as a starting point for most common OpenVPN server setups.


Guides for Operating Systems:


Guides for Routers and Devices:


However before jumping into one of these guides it's a good idea to see what type of VPN setup you desire and proceed accordingly. We've found most VPN setups fall roughly into one of four categories which are discussed further below.

Accessing a Home Network Remotely

Being able to access your home network remotely can have huge advantages, and using a VPN for remote access ensures that your network and traffic is kept secure. Other techniques, such as port forwarding, may expose your network and its devices. Your VPN setup can be configured to act just like your computer was plugged in at home, or you can limit access to just what you'd like to be available remotely.

Common tasks that a VPN server at home allows you to do include access files on your home computer remotely, access and stream your music collection from home, access home file servers, access home media/video servers (such as Plex), access and stream security camera feeds, and control home-automation devices.

When deciding how to set up a VPN server it's best starting with your internet router. Many modern home routers support acting as an OpenVPN server. These are typically straightforward to setup and the easiest way to get started. Check with your router's documentation to see if it supports this functionality, and if so, see if we have a guide for it above. Some routers may not have inbuilt OpenVPN server functionality by default, but support custom firmware projects (such as DD-WRT) which do.

However while home routers are easiest to set up they typically have limited VPN performance due to low-power processors and poor hardware-encryption support. If you don't have a router that supports OpenVPN, or you are worried about performance, it may be worth considering using a file-server or spare computer instead.

Some home file/media servers support acting as an OpenVPN server, such as Synology servers. Otherwise an old or spare computer can make a great server. Most old computers will have no trouble hosting a high-performance VPN server, and running your own server in this way will offer you much more customisation, flexibility, and stronger security. Check the guides above to see if there is one for your file server or old computer's operating system (or if formatting the old computer, your operating system of choice).

Accessing a Business Network Remotely

If you're seeking a way to give your staff or contractors a secure way to access your internal business network from a remote location, then this is the setup for you. A VPN allows businesses to not only provide remote access, but also perform advanced access control and authentication so you can restrict users to certain network areas or services.

Most modern workplace environments are behind an enterprise-grade router or gateway, many of which support acting as an OpenVPN server. Check with the documentation of the manufacturer to see whether this is supported for the device/s in use. Popular router and gateway devices/software that support acting as an OpenVPN server include VyOS, pfSense, Sophos UTM, and Ubiquiti EdgeRouters. If you have a supported device check further above for whether we have a setup guide for it.

However if offering access to a large number of users it's recommended using a dedicated VPN server to avoid performance issues. Encrypting a large number of simultaneous connections places a high demand on a device's processor, and many routers and gateway devices can start to struggle, resulting in lowered throughput and performance. In these cases a dedicated on-site computer or virtual machine is recommended.

Please refer to our setup guides further above if choosing a dedicated setup. Often a custom setup allows for more flexibility when configuring a VPN server, allowing different back-ends (such as LDAP or Radius) be used for authentication, along with two-factor authentication options, access control rules, and custom routing. We'll likely be publishing more information about implementing these in the future, so please keep an eye on our blog.

Protecting Your Traffic on Public & Wireless Networks

Public and Wi-Fi networks, such as in a hotel, in a coffee shop, at a conference etc., can be attractive targets for attackers and malicious users who are interested in stealing private data and login credentials. While unencrypted and weakly-encrypted (such as WEP) Wi-Fi networks are thankfully mostly relegated to history, sadly Man-in-the-Middle (MITM) attacks and data sniffing are still very real threats. Indeed, many "free" internet providing networks pay for themselves by harvesting network traffic and selling the data to advertising platforms and companies.

By authenticating and encrypting network traffic between you and a trusted VPN server these kinds of threats are protected against. Viscosity even has obfuscation technology built in to allow VPN connections to establish even when an attacker or network operator is attempting to block VPN traffic.

Setting up a VPN server differs in a key way from a home or business VPN server: instead of just making an internal network accessible remotely you're instead creating a VPN server to handle all network traffic. This means all network traffic flows through the VPN connection.

A home or business VPN server can be easily set up to handle all traffic - our guides further above cover this scenario. However keep in mind your internet connection's upload speed is your VPN connection's maximum download speed, and for home ADSL/VDSL/FTTN connections this is usually quite poor.

An alternative to running your own VPN server at home/work is to run a server in a datacenter. This avoids any performance pitfalls, and a low-cost Virtual Private Server (VPS) is all that is required. This is covered in more detail below.

Being Your own VPN Service Provider

The final common use-case for running your own server is to act as your own VPN Service Provider. A commercial VPN Service run by a provider is typically a paid subscription service that provides you with different VPN servers around the world to connect to. These services provide an easy way to protect your data on local networks, escape restrictive blocking and censorship, as well as offer additional level of anonymity by sharing your public IP address with hundreds or thousands of other users.

However, there are times where you may like to be your own provider. You may prefer that your VPN IP address isn't associated with the activity of other potentially malicious users using the same VPN server, which can often result in web sites and services blocking or restricting access. You may find you're able to achieve faster performance when running your own server, or improved latency by setting up a server closer to your physical network location. You may be uncomfortable with the idea of a commercial VPN Service Provider potentially having access to your network traffic. Or you may only need a VPN server for a short period of time. In these instances, you can become your own provider by setting up one or more VPN servers to connect to.

When becoming your own VPN Service Provider it's recommended any VPN servers your create are hosted in a datacenter to assure performance and accessibility. This can be done cheaply by getting a Virtual Private Server (VPS) with a provider such as Digital Ocean, Vultr, Amazon EC2, etc., rather than needing to go to the expense of co-locating a physical server. At the time of writing typical VPS plans start from around $2.50/month. When signing up for a plan check that the bandwidth and throughput allocations are sufficient for your needs. Also ensure that the VPS server is in the location you desire, whether that means nearby for the lowest-latency possible, or in a particular country or city if seeking to use a VPN to escape censorship or geo-restrictions.

The final step when creating a VPS is to choose the operating system it should run, such as Ubuntu. Once you've made this choice, you can follow one of the guides above to complete the setup.

Wrapping Up

We'll be continuing to add new guides for additional operating systems and devices to our support section, so if your device isn't listed above be sure to check the VPN Server Setup Guides support category. For more information about running your own VPN server be sure to also check out the Introduction to Running an OpenVPN Server support article.

Finally, if you have any suggestions for server setup guides you'd like to see please don't hesitate to get in touch with us via email or Twitter.

Viscosity For Mac & Windows: Version 1.7.3

Version 1.7.3 of Viscosity is now available for both Mac and Windows! Version 1.7.3 was released shortly after 1.7.2, and fixes two small regressions introduced in version 1.7.2. This release includes updates to the latest versions of the OpenVPN 2.3 and 2.4 branches.

The OpenVPN updates address a number of recently discovered potential security vulnerabilities in the OpenVPN codebase. While these are considered low-impact for OpenVPN clients, we still encourage all users to update as soon as possible. These vulnerabilities largely centre on DoS (Denial of Service) attacks that could potentially stall or terminate a VPN connection rather than VPN traffic disclosure. However users connecting through HTTP proxies that use NTLM authentication are potentially at risk of memory disclosure if using the proxy through an insecure network environment.


Version 1.7.3 Mac Release Notes:

fixed
Fixes regression where Viscosity will quit after successfully installing the helper


Version 1.7.2 Mac Release Notes:
improved
Improved support for macOS 10.13 (High Sierra)
updated
OpenVPN 2.4 updated to version 2.4.3
updated
OpenVPN 2.3 updated to version 2.3.17
fixed
Various bug fixes and enhancements


Version 1.7.3 Windows Release Notes:

fixed
Resolves issue where Split DNS lookups may fail on multilingual systems
fixed
Various bug fixes and enhancements


Version 1.7.2 Windows Release Notes:
updated
OpenVPN updated to 2.4.3
updated
OpenVPN updated to 2.3.17
fixed
Various bug fixes and enhancements

The 1.7.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.1

Version 1.7.1 of Viscosity is now available for both Mac and Windows! This update is largely a maintenance release, fixing a number of small bugs and regressions. Please see the release notes below for the full details.


Version 1.7.1 Mac Release Notes:

updated
OpenSSL updated to version 1.0.2l
fixed
Resolves issue when processing "dhcp-option DNSMODE" commands
fixed
The Allow unsafe commands option will no longer reset when opening Viscosity
fixed
Resolves issue where an acknowledgement request dialog may be empty
fixed
Resolves issue where certain AppleScript commands had no effect
fixed
Various bug fixes and enhancements


Version 1.7.1 Windows Release Notes:

updated
OpenSSL updated to version 1.0.2l
fixed
All ciphers are now available under OpenVPN 2.4
fixed
Various bug fixes and enhancements

The 1.7.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.