SparkLabs Blog.

The latest news and releases.


Viscosity For Windows: Version 1.11.4

Viscosity version 1.11.4 is now available for Windows! It brings improvements to the DNS engine, an updated version of OpenSSL, as well as many small bug fixes and enhancements.

In particular, the performance of the DNS engine for both Full and Split DNS has been significantly improved, with faster responses and improved memory consumption. It also resolves an issue that could result in large memory spikes when receiving an invalid or malformed DNS reply from a DNS server. The chance of receiving an invalid reply should be extremely low, however we observed that some DNS servers may reply with a corrupted reply when under heavy load. Some home routers, as well as some virtual machine solutions (notably VMWare Fusion), can exhibit this behaviour when a large volume of requests are made.


Version 1.11.4 Windows Release Notes:

improved
DNS engine performance and memory consumption improvements
updated
OpenSSL updated to version 3.0.15
fixed
Resolves background service memory spikes when receiving invalid DNS replies
fixed
Resolves issue where a connection may not fall back to secondary servers
fixed
Removes extraneous escaping when using RememberUsername setting
fixed
Resolves certain FIDO origin addresses being seen as invalid
fixed
Various bug fixes and enhancements

The 1.11.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.11.4

Viscosity version 1.11.4 is now available for macOS! This update focuses on improving the performance of VPN connections using a TAP (bridged) setup on macOS 15, and includes an updated version of OpenSSL, as well as many small bug fixes and enhancements.

Unfortunately the recent macOS 15.0.1 update restricted access to the APIs Viscosity needs to implement its Virtual Ethernet driver for TAP connections. Older versions of Viscosity will automatically fall back to its secondary driver (so TAP VPN connections continue to function), however the performance of this driver was limited. This update significantly improves the performance (both throughput and latency) of Viscosity's secondary driver. This means that for almost all users with TAP connections they should see full performance on macOS 15.0.1+.

We're still working on restoring Viscosity's Virtual Ethernet driver functionality on macOS 15.0.1+ and expect to have it fully available again in the future as well. If you still encounter any issues connecting a TAP connection, please ensure that the TAP Driver is set to “Automatic” under Settings->Advanced.

This update also includes significant behind-the-scenes improvements, as we continue to modernise Viscosity's code base. In particular, this update has performance improvements to VPN connection management, as well as general memory safety improvements.


Version 1.11.4 Mac Release Notes:

improved
TAP performance improvements on macOS 15
improved
Improved memory safety and performance
updated
OpenSSL updated to version 3.0.15
fixed
Stabilises reporting of IV_HWADDR
fixed
Various bug fixes and enhancements

The 1.11.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.11.3

Viscosity version 1.11.3 is now available for both macOS and Windows! This update is another small maintenance release, with an updated version of OpenVPN, minor enhancements, and several bug fixes to keep your VPN connections working reliably.

We've taken user feedback on board and have made Viscosity more selective about when displaying an authentication failed message to avoid unnecessary prompting. In particular, older OpenVPN servers may send an authentication failed message for a reason unrelated to the username/password used (particularly when static challenge authentication is used), and Viscosity should now ignore these when appropriate.

On the macOS side, this update contains a fix where identities (when using Viscosity's System Identity feature) on an external token may not be correctly discovered. On the Windows side, SOCKS proxies that require authentication are now correctly supported, and an issue has been fixed that could result in certain dynamic challenge requests not being processed.

Finally, this version also updates OpenVPN to version 2.6.12, which addresses a minor security issue and several small bug fixes.


Version 1.11.3 Mac Release Notes:

improved
More selective use of authentication failed dialogs when static challenge authentication used
updated
OpenVPN updated to version 2.6.12
fixed
Resolves issue where identities on a token may not be detected
fixed
Resolves issue where an authentication failed dialog could be displayed on session expiry
fixed
Various bug fixes and enhancements


Version 1.11.3 Windows Release Notes:

updated
OpenVPN updated to version 2.6.12
fixed
Authentication for SOCKS proxies is now correctly supported
fixed
Resolves issue where certain dynamic challenge requests may be ignored
fixed
Various bug fixes and enhancements

The 1.11.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.11.2

Viscosity version 1.11.2 is now available for both macOS and Windows! This update is a small maintenance release that includes bug fixes, an updated version of OpenSSL, and minor enhancements to keep Viscosity running smoothly.

In particular, the Mac version adds a new system-identity-domain command that allows System Identity matches to be limited to particular Keychain domains. For example, matches can be limited to identities stored in the User's keychain, the System keychain, or removable keychains such as tokens and smartcards. This command can be used to avoid Keychain authentication prompts when matching an identity in a keychain an end user doesn't have access to.

The Windows version also resolves a very rare Blue Screen of Death (BSOD) that could occur during system sleep when certain filter drivers were attached to the virtual network interface. Special thanks to Thomas Loupe for helping us diagnose and debug the issue.


Version 1.11.2 Mac Release Notes:

improved
Adds ability to limit system identity search to a particular Keychain
updated
OpenSSL updated to version 3.0.14
fixed
Resolves issue where checkboxes may not display in alert dialogs
fixed
Resolves rare crash when connecting a VPN connection with an invalid setting
fixed
Resolves regression when importing files using [inline] syntax
fixed
Resolves regression using PKCS#11 tokens (Build 1691)
fixed
Various bug fixes and enhancements


Version 1.11.2 Windows Release Notes:

updated
OpenSSL updated to version 3.0.14
fixed
Resolves rare BSOD at computer sleep when using certain filter drivers
fixed
Various bug fixes and enhancements

The 1.11.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.11.1

Viscosity version 1.11.1 is now available for both macOS and Windows! This update is a small maintenance release, with an updated version of OpenVPN, several bug fixes, and minor enhancements, to keep Viscosity running smoothly.

To help support the transition to OpenVPN 2.6, which was introduced in Viscosity 1.11, the "ncp-disable" command will now be automatically removed from VPN connections. OpenVPN 2.6 removed support for this command, and it was a common sticking point for many users importing configuration files designed for old versions of OpenVPN.

Viscosity now also has support for a new "static-challenge-acknowledge" command. This command enables prompting the user for a required action during the authentication phase, for example prompting to approve or acknowledge a two-factor authentication request on their phone or other device.

On macOS this update also improves support for locally installed authenticator software that is designed to communicate with a web authentication session. For example, links and buttons should now correctly activate Okta Verify when required.

On the Windows side, this update addresses two issues that could arise during enterprise deployments: identities loaded from the Local Machine certificate store will now be correctly detected, and Single Adapter Mode will no longer create additional virtual network adapters under some circumstances. While not directly part of the update, the ADMX templates have also been updated to support Microsoft Intune deployment.

Finally, this update also addresses two low-severity security issues in third-party components: Sparkle (on macOS) which is used for automatic updates, and the Legacy OpenVPN TAP Adapter (on Windows) which is an optional VPN adapter driver.

The Sparkle update addresses a potential security vulnerability that could allow an attacker to bypass Sparkle's signing checks on update packages. This isn't considered to be exploitable due to other validation methods, however it nevertheless is an important additional security layer. The Legacy OpenVPN TAP Adapter update addresses an issue that could allow an attacker to trigger an integer overflow and crash the driver. The Legacy OpenVPN TAP Adapter is not used by default by Viscosity, and instead it is only used if the Adapter Type has been changed under Advanced Settings.


Version 1.11.1 Mac Release Notes:

improved
Obsolete ncp-disable command will now be automatically removed
improved
Web authentication now supports many local authenticators (such as Okta Verify)
improved
Support for prompting a user with a new static-challenge-acknowledge command
updated
OpenVPN updated to version 2.6.10
updated
Sparkle framework updated
fixed
Various bug fixes and enhancements


Version 1.11.1 Windows Release Notes:

improved
Obsolete ncp-disable command will now be automatically removed
improved
Support for prompting a user with a new static-challenge-acknowledge command
updated
OpenVPN updated to version 2.6.10
updated
Legacy OpenVPN TAP Adapter driver updated
fixed
Resolves issue using certificates from the Local Machine certificate store
fixed
Resolves issue where Single Adapter Mode may create additional virtual network adapters
fixed
Various bug fixes and enhancements

The 1.11.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.11

Viscosity 1.11 is now available for both macOS and Windows! This is a big update, with OpenVPN 2.6 support, OpenSSL 3.0, significant behind-the-scenes upgrades and improvements, enhanced system identity and token support, IPv6 support improvements, and lots of other new features, improvements, and bug fixes.

OpenVPN 2.6 is a big change that brings several new security and network features to VPN connections. OpenVPN 2.6 is backwards compatible with servers running older versions of OpenVPN, and Viscosity 1.11 will allow you to seamlessly update and use its new features for the vast majority of connections.

As part of this update, Viscosity has also moved to using OpenSSL 3.0. OpenSSL is the security library that Viscosity and OpenVPN use, and it provides the encryption and security protocols used by VPN connections. OpenSSL 3.0 offers many security improvements, as well as deprecating older encryption ciphers, digests, and protocols that are no longer considered secure.

For most users upgrading to OpenVPN 2.6 and OpenSSL 3.0 should be seamless: Viscosity will automatically handle updating most VPN connection configurations. However, some older OpenVPN server setups may not be compatible with OpenVPN 2.6 out-of-the-box. To help ease the transition when connecting to these servers, Viscosity 1.11 introduces a new "Compatibility" setting that makes it easier to connect to servers running older versions of OpenVPN.

The Compatibility setting combines OpenVPN 2.6's new "compat-mode" option with a number of cipher, TLS, and compression changes to match those expected by older versions of OpenVPN. For more information on the Compatibility setting, or for help migrating from OpenVPN 2.5 to version 2.6, please see Migrating from OpenVPN 2.5 to OpenVPN 2.6.

The macOS version also includes several DNS support improvements and fixes, and users of Viscosity 1.11 should see improved DNS performance and reliability.

The Windows version has also had its PKCS#11 support upgraded, with support for additional token and slot types. In particular, it now supports Slot 9c on YubiKey tokens, which has been a requested feature. Signing using the Windows Certificate Store has also been improved, with additional key types supported. The Windows version also includes several IPv6 improvements, including support for assigning DNS servers and domains via RDNSS and DNSSL.

Finally, macOS 10.15 (Catalina) is no longer supported. Users are strongly encouraged to update to macOS 11 or later. Older Viscosity releases can still be found at the Legacy Downloads page if required.


Version 1.11 Mac Release Notes:

added
OpenVPN 2.6 Support
added
OpenVPN server version compatibility option in connection editor
improved
Import support for IPv4 routes being specified with a prefix
improved
Full DNS support when using an iOS mobile device tunnel
improved
Increases the maximum allowable height of the Settings window
improved
Detection of additional mismatched client-server cipher settings
improved
Support for additional System Identity certificate types and tokens
updated
OpenVPN updated to version 2.6.9
updated
OpenSSL updated to version 3.0.13
fixed
Resolves issue where Viscosity helper may crash when updating DNS
fixed
Resolves certain proxy commands getting incorrectly flagged as unsafe
fixed
Resolves certain inline PKCS#12 files not importing correctly
fixed
Resolves issue where Full DNS mode may disable on rapid network changes
fixed
Resolves issue where Viscosity may stop responding after sorting an empty folder
fixed
Resolves issue where a web authentication page may remain in memory after close
fixed
Resolves issue when Import from Server profile URL uses a different domain
fixed
Workaround for login bug in CloudConnexa when using Import from Server
fixed
Resolves Authentication Type menu being mislabelled for some localizations
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.5 removed
removed
macOS 10.15 is no longer supported


Version 1.11 Windows Release Notes:

added
OpenVPN 2.6 Support
added
OpenVPN server version compatibility option in connection editor
added
Support for DNS servers and domains set via IPv6 RAs (RDNSS and DNSSL)
added
Automatic IPv6 RA gateway detection via new route-ipv6-gateway auto flag
improved
Support for additional PKCS#11 tokens and slot types
improved
Import support for IPv4 routes being specified with a prefix
improved
Detection of additional mismatched client-server cipher settings
improved
Support for additional Windows Certificate Store certificate types and tokens
improved
Improved support for IPv6-only TAP connections
updated
OpenVPN updated to version 2.6.9
updated
OpenSSL updated to version 3.0.13
fixed
Resolves issue running on older Windows 10 on ARM64 devices
fixed
Resolves issue when Import from Server profile URL uses a different domain
fixed
Workaround for login bug in CloudConnexa when using Import from Server
fixed
Resolves issue where the reported connection time could be incorrect
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.5 removed

The 1.11 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.8

Viscosity version 1.10.8 is now available for macOS! This update is a maintenance release with internal improvements, bug fixes, and minor enhancements to keep Viscosity running smoothly.

This is the final release to ship with OpenVPN 2.5 and the 1.1.1 branch of OpenSSL. Future versions of Viscosity will be moving to OpenVPN 2.6 and OpenSSL 3.0. We will have more information about these upcoming changes in a future post.


Version 1.10.8 Mac Release Notes:

improved
Support for OpenVPN-AS web authentication session tokens improved
updated
OpenSSL updated to version 1.1.1w
fixed
Resolves issue where a managed bundle may redeploy on launch
fixed
Resolves issue where tools using legacy DNS may not resolve after a network change
fixed
Various bug fixes and enhancements

The 1.10.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Windows: Version 1.10.6

Viscosity version 1.10.6 is now available for Windows! This update includes significant changes to fully natively support ARM64 machines, updates to modernize framework and API usage on Windows, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update now completes Viscosity's ARM64 support. Viscosity first introduced support for Windows on ARM64 (WoA) in version 1.8.2, with all of Viscosity's core components (including OpenVPN connections) ported to run natively. However there was one component that we couldn't port at the time: Viscosity's user interface. Viscosity's user interface relies on the Windows WinForms and WPF frameworks, which didn't have native ARM64 support at the time. However with ARM64 support introduced for these in .NET 4.8.1, we're pleased to announce that Viscosity's user interface is now running natively on ARM64 as well.

This update also resolves several display and rendering issues on the most recent versions of Windows 11, including an issue that could cause Viscosity's toolbar to render in the wrong system color or not respect dark mode. Web authentication (SSO and SAML) support has also been improved, with a number of small issues resolved that could cause an authentication request to fail or a session token to be rejected.

To better support modern versions of Windows (as well as for ARM64 support), Viscosity now requires .NET 4.8.1 and the Visual C++ 2022 runtime. Viscosity's installer will automatically handle upgrading these if required.

Finally, Windows 10 version 2004 (also known as 20H1 and Build 19041) and earlier are no longer supported. Viscosity now requires Windows 10 version 20H2 (Build 19042) or later. With Microsoft no longer issuing security updates for these older versions, we encourage any existing users of these versions to update their copy of Windows.


Version 1.10.6 Windows Release Notes:

added
Viscosity now runs completely natively on ARM64 machines
improved
Support for OpenVPN-AS web authentication session tokens improved
updated
OpenSSL updated to version 1.1.1w
updated
.NET 4.8.1 is now required
updated
Visual C++ 2022 runtime is now required
fixed
Fixes issue where the Settings toolbar would not adopt dark mode on Windows 11
fixed
Fixes issue where toolbars would not adopt the system color on Windows 11
fixed
Fixes a background display issue with the Menu Icons setting
fixed
Various bug fixes and enhancements
removed
Windows 10 version 2004 and older are no longer supported

The 1.10.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.7

Viscosity version 1.10.7 is now available for macOS! This update is a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, this version fixes a number of DNS related issues that could cause domains to fail to resolve with certain upstream DNS servers, as well as an issue that could cause DNS settings to remain after a VPN connection is disconnected (typically resulting in DNS lookups to fail).

This update also resolves some issues that could cause reachability checks to fail shortly after connecting or when a macOS routing change occurs, resulting in the associated VPN connection being disconnected.


Version 1.10.7 Mac Release Notes:

fixed
Resolves issue where VPN DNS settings may remain after disconnect
fixed
Resolves issue where a TCP reachability check may fail after connecting
fixed
Resolves issue where a reachability check may fail during a routing change
fixed
Resolves issue where DNS lookups to certain DNS servers could fail
fixed
Resolves rare helper crash that could be caused by an invalid local DNS lookup
fixed
Various bug fixes and enhancements

The 1.10.7 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.6

Viscosity version 1.10.6 is now available for macOS! This update includes significant enhancements to DNS functionality, IPv6 support improvements, updates to better support the upcoming macOS 14 (Sonoma) release, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update overhauls Viscosity's DNS engine, allowing Viscosity to support DNS servers and domains set via IPv6 router advertisements (RDNSS and DNSSL), better support for DNS resolution in mixed-IP environments, smarter server fallback selection when one or more DNS servers are unavailable, and general reliability improvements for macOS 13.

IPv6 support has also been improved for bridged (TAP) VPN connections. For those that desire full IPv6 auto-configuration of the VPN connection, Viscosity now supports a new "route-ipv6-gateway auto" flag that allows the IPv6 gateway provided by a router advertisement to be used as the default VPN gateway. This can be added as an advanced command in Viscosity.

This update also improves web authentication (SSO and SAML), and resolves a number of small issues that could cause an authentication request to mistakenly fail. In particular, this update should resolve occasional authentication issues when using Azure Active Directory as the SAML backend.

This will be the last release to support macOS 10.15. Future updates will require macOS 11 or later. With Apple no longer issuing security updates for macOS 10.15, we encourage any existing 10.15 users to update to macOS 11 or later.

For the Windows users, the Windows version of Viscosity 1.10.6 will be available later this month (with some exciting ARM64 improvements!).


Version 1.10.6 Mac Release Notes:

added
Support for DNS servers and domains set via IPv6 RAs (RDNSS and DNSSL)
added
Automatic IPv6 RA gateway detection via new route-ipv6-gateway auto flag
improved
Improved support for macOS 14 (Sonoma)
improved
Improved support for IPv6-only TAP connections
improved
Smarter DNS server fallback when using Full DNS
improved
Full DNS better handles mixed IP environments
updated
OpenSSL updated to version 1.1.1u
fixed
Resolves issue where a reachability check may fail for certain TCP-based connections
fixed
Resolves issue where a typed username may display as bullets
fixed
Resolves crash when enabling Start Viscosity at Login on macOS 12
fixed
Resolves crash when deploying connection folders with duplicate names
fixed
Resolves the reported upload speed being slower than the actual speed
fixed
Resolves issue where a managed bundle installation might not deploy successfully
fixed
Prevents a web authentication page from being able to continuously request focus
fixed
Resolves issue where a web authentication page may fail to load on a redirect
fixed
Resolves rare issue where network access could be lost while connected on macOS 13
fixed
Fixes regression that could cause DNS to not apply when WINS in use (build 1641)
fixed
Fixes regression where DNS domains would be treated as case-sensitive (build 1642)
fixed
Various bug fixes and enhancements

The 1.10.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.