SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.7.15

Viscosity version 1.7.15 is now available for both Mac and Windows! This version includes U2F and PKCS#11 improvements, updated versions of both OpenVPN and OpenSSL, and a number of fixes and improvements for both platforms.

We've placed a focus on two-factor authentication for this release, with general improvements to Viscosity's U2F authentication support, including the ability to use U2F tokens from additional manufacturers. PKCS#11 support has also been improved in the Windows version, with smoother handling of problems that may arise when using a token or smartcard.

On the maintenance front, OpenVPN has been updated to version 2.4.7, which includes a number of small bug fixes. OpenSSL has also been updated to version 1.0.2r. The Windows release also includes an updated VPN network adapter driver with slightly improved performance, while the macOS release fixes an issue that could result in some VPN connections failing to try additional remote servers if the first one fails to connect.


Version 1.7.15 Mac Release Notes:

added
Additional U2F devices are now supported
updated
OpenVPN 2.4 updated to version 2.4.7
updated
OpenSSL updated to version 1.0.2r
updated
Adds notarization for increased security
fixed
Resolves failure to fallback to secondary remote servers with some connections
fixed
Resolves a potential crash on macOS 10.14.4+ when updating the helper
fixed
Resolves a potential crash when importing a large number of connections
fixed
Fixes regression that could result in PKCS#11 drivers failing to load (build 1488)
fixed
Various bug fixes and enhancements
removed
OS X 10.10 is no longer supported


Version 1.7.15 Windows Release Notes:

added
Additional U2F devices are now supported
improved
Improved handling of PKCS#11 errors
updated
Updates OpenVPN to version 2.4.7
updated
Updates OpenSSL to version 1.0.2r
updated
VPN Network Adapter driver updated
fixed
Various bug fixes and enhancements

The 1.7.15 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.14

Viscosity version 1.7.14 is now available for both Mac and Windows! This is a maintenance update that resolves a number of small regressions that unfortunately snuck into the 1.7.13 release, as well as a number of additional minor bug fixes.

In particular, this update fixes an issue that could cause certain OpenVPN files to be blocked from loading under the new Windows sandbox. If you received an error message similar to "Cannot load certificate file" in your connection log with version 1.7.13, this was unfortunately the cause, and it should now be resolved. For further information please refer to the release notes below.


Version 1.7.14 Mac Release Notes:

fixed
Resolves regression connecting certain static-key connections
fixed
Various bug fixes and enhancements


Version 1.7.14 Windows Release Notes:

fixed
Resolves sandbox regression that could prevent connection files from being loaded
fixed
Resolves sandbox regression that prevented cryptoapicert command from functioning
fixed
Various bug fixes and enhancements

The 1.7.14 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.13

Viscosity version 1.7.13 is now available for both Mac and Windows! This version includes security and performance enhancements for the Windows release, an updated version of OpenSSL, and a number of small tweaks and improvements for both platforms.

Previously version 1.7.8 of Viscosity for Mac introduced sandboxing and privilege deescalation of the OpenVPN process for added security. These security features help to protect against possible future threats that could arise against OpenVPN itself, both local and remote. We're pleased to announce that the 1.7.13 update has added these features to the Windows version as well. This all happens behind the scenes, and shouldn't have any noticeable effect on your VPN connections.

The Windows version also includes reworked PKCS#11 support for improved library loading and token support, and a 64-bit build of OpenVPN. The Mac version also includes a number of improvements to its main menu for improved functionality, as well as a number of small tweaks to keep OpenVPN connections running smoothly.


Version 1.7.13 Mac Release Notes:

improved
Improves compatibility with menu bar managers
improved
Improves main menu automatic resizing and positioning
updated
OpenSSL updated to version 1.0.2q
fixed
Avoids rapid reconnect attempts when a local TLS error occurs
fixed
Avoids potentially delaying a manual computer sleep when there are active connections
fixed
Workaround for potential DNS resolution errors when OpenVPN performs a reconnect
fixed
Various bug fixes and enhancements


Version 1.7.13 Windows Release Notes:

improved
Sandboxing of the OpenVPN process for added security
improved
Significant improvements to PKCS#11 device and driver handling
improved
OpenVPN is now a native 64-bit binary on x64 systems
updated
OpenSSL updated to version 1.0.2q
updated
VPN Network Adapter driver updated
updated
.NET 4.6.2 or later is now required
fixed
Various bug fixes and enhancements

The 1.7.13 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.12

Version 1.7.12 of Viscosity has been released for both macOS and Windows! Along with a number of improvements and bug fixes, this release adds improved support for macOS 10.14 (Mojave), including Dark Mode support.

Also on the macOS side of things, this release includes a new menu system built from the ground up with significant performance improvements. Users with a large number of connections should notice vastly improved performance, while accessibility access using the keyboard has also been enhanced.

OpenSSL has also been updated to version 1.0.2p, while support for OS X 10.9 (Mavericks) has been removed.


Version 1.7.12 Mac Release Notes:

added
Support for Dark Mode in macOS 10.14 (Mojave)
improved
Improved support for macOS 10.14 (Mojave)
improved
Main menu performance significantly improved
improved
Keyboard accessibility of the main menu improved
updated
OpenSSL updated to version 1.0.2p
fixed
Resolves issue setting the working directory for scripts
fixed
Resolves issue scrolling the main menu with many connections
fixed
Prevents reconnects when cancelling certain PKCS#11 requests
fixed
Various bug fixes and enhancements
removed
OS X 10.9 is no longer supported


Version 1.7.12 Windows Release Notes:

added
Connection scripts now have a 60 second timeout
updated
OpenSSL updated to 1.0.2p
fixed
Prevents reconnects when cancelling certain PKCS#11 requests
fixed
Fixes issue where some SRV DNS records were not resolved
fixed
Various bug fixes and enhancements

The 1.7.12 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

OpenVPN Configuration Generator

We're pleased to annouce the release of a new simple tool designed to make it much easier to get started running an OpenVPN server. OpenVPN Configuration Generator, or simply openvpn-generate, can handle generating OpenVPN server configuration files, and help generate and manage user certificate and keys. It's freely available for macOS, Windows, and Linux.

As we've previously mentioned, we have an extensive list of tutorials for setting up an OpenVPN server on a variety of platforms. However the point where many users get stuck has always been generating the files needed by the OpenVPN server. Generating files, such as the configuration file, Diffie-Hellman parameters file, server certificate and key, and certificate and key files for clients, can be complex and confusing. Tools like EasyRSA sadly don't make it particularly easy, and on macOS and Windows require downloading large external frameworks just to run.

The OpenVPN Configuration Generator aims to solve this by providing an easy-to-use command line interface that quickly allows generating these files with secure defaults. This tool is designed to be simple and fast to use: its focus is on the generation of the files needed by OpenVPN and nothing more (it is not an OpenVPN server itself).

The OpenVPN Configuration Generator tool can be freely downloaded from here, and we also have detailed documentation on how to use it in our Knowledge Base. We recommend using it alongside one of our server setup guides, however the files it generates will work with any OpenVPN setup.

We're also pleased to report that we've made the source-code for the OpenVPN Configuration Generator tool available as well. Note that it does link with Viscosity's core framework, which is not included.

We hope the OpenVPN Configuration Generator tool makes it easier to get started running your own OpenVPN server. For feedback or enhancement requests please don't hesitate to contact us.

Viscosity For Mac & Windows: Version 1.7.11

Viscosity version 1.7.11 is now available for both Mac and Windows! This update is largely a maintenance release, with bug fixes and small improvements to keep things running smoothly.

It includes a back-ported fix to OpenVPN 2.4.6 to resolve an issue with expired session tokens. This has allowed Viscosity to re-enable the use of session tokens during renegotiations, which was disabled in the previous release. Also notable with the Mac version is that a time limit is now placed on Before Connect, Connected, and Disconnected scripts, which prevents Viscosity from appearing to hang indefinitely if a script never exits.


Version 1.7.11 Mac Release Notes:

added
Connection scripts now have a 60 second timeout
added
Viscosity version number now passed to the OpenVPN server
improved
Prompt to optionally remove scripts when importing connections
fixed
Resume handling session tokens during renegoiations
fixed
Various bug fixes and enhancements


Version 1.7.11 Windows Release Notes:

added
Viscosity version number now passed to the OpenVPN server
improved
Prompt to optionally remove scripts when importing connections
fixed
Resume handling session tokens during renegoiations
fixed
Various bug fixes and enhancements

The 1.7.11 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.10

Version 1.7.10 of Viscosity has been released for both Mac and Windows! This update has a focus on improved support for bridged VPN connections, with new options for DHCP-set routes, automatic route delay, and routing and DNS improvements. We've also made a great deal of small changes and bug fixes to address user feedback.

Bridged (TAP) connections can now use a "route-delay auto" advanced command to wait for a DHCP and/or IPv6 auto-configuration assigned IP address, instead of having to manually specify the number of seconds to wait. This will allow for faster initial connection times, especially for those on low-latency connections.

This version also supports the use of a DHCP-assigned default gateway (using a "dhcp" parameter for the Default Gateway option) to make IPv4 routing setup easier, along with a "route-ipv6-gateway" advanced command to make IPv6 setup easier.

On the macOS side, we've also improved DNS support when using DHCP and IPv6 auto-configuration, added support for routes pushed via DHCP, and added support for Continuity so macOS features like HandOff, message forwarding, and receiving calls should work as expected while connected to a VPN connection.

Finally, this release also works around a session-token handling issue in OpenVPN that could incorrectly cause a connected VPN connection to disconnect with an authentication failure once a session timeout was reached.


Version 1.7.10 Mac Release Notes:

added
Support for macOS Continuity while connected to VPN connections
added
Automatic route-delay now supported for connections using DHCP
added
Support for routes set using a DHCP server
added
Support for setting a default IPv6 route gateway
improved
Allows the default route gateway to be a DHCP server
fixed
Resolves stuck connection if a PKCS#11 driver fails to load
fixed
Resolves a potential crash when using a proxy PAC file
fixed
Workaround for issue with OpenVPN's session token handling
fixed
Resolves case where Automatically reconnect option may display incorrectly
fixed
Various bug fixes and enhancements


Version 1.7.10 Windows Release Notes:

added
Automatic route-delay now supported for connections using DHCP
improved
Allows the default route gateway to be a DHCP server
fixed
Resolves issue importing some configurations using <connection> tags
fixed
Fixes display issue with the main menu
fixed
Workaround for issue with OpenVPN's session token handling
fixed
Various bug fixes and enhancements

The 1.7.10 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.9

Viscosity version 1.7.9 is now available for both Mac and Windows! This update is primarily a small maintenance release that focuses on bug fixes and improvements.

The Mac update addresses some minor regressions with the recent 1.7.8 update that could result in crashes, while the Windows version includes an updated VPN Network Adapter (TAP) driver that addresses a low-severity issue that could result in an attacker with local access and admin rights being able to trigger a system crash. Finally, OpenVPN 2.4 has been updated to version 2.4.6.


Version 1.7.9 Mac Release Notes:

improved
Performance improved when importing a large number of connections
updated
OpenVPN 2.4 updated to version 2.4.6
fixed
Resolves a potential crash after updating
fixed
Resolves a potential crash when disconnecting
fixed
Various bug fixes and enhancements


Version 1.7.9 Windows Release Notes:

improved
Performance improved when importing a large number of connections
updated
OpenVPN updated to version 2.4.6
updated
VPN Network Adapter driver updated
fixed
Various bug fixes and enhancements

The 1.7.9 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.8

Version 1.7.8 of Viscosity has been released for both Mac and Windows! These updates place a focus on security and reliability, with enhancements to the OpenVPN engine on macOS, and DNS reliability improvements on Windows. In addition OpenVPN 2.4 has been updated to version 2.4.5, OpenSSL to version 1.0.2o, and a number of small improvements and bug fixes are included.

The Mac version includes a significant reworking of how OpenVPN connections are handled for added security. Connections now have enhanced protection against possible future threats that could arise against OpenVPN itself (both local and remote) by sandboxing and de-elevating the permissions of OpenVPN. This all happens behind the scenes, and shouldn't have any noticeable effect on your VPN connections. We hope to bring many of these features across to the Windows version in a future update as well.

The Windows version also includes a number of performance and stability improvements to the Full and Split DNS modes.


Version 1.7.8 Mac Release Notes:

added
Sandboxing of the OpenVPN process for added security
updated
OpenVPN 2.4 updated to version 2.4.5
updated
OpenSSL updated to version 1.0.2o
fixed
Various bug fixes and enhancements
removed
Growl support


Version 1.7.8 Windows Release Notes:

improved
Viscosity DNS System now observes Windows hosts file
updated
OpenVPN updated to version 2.4.5
updated
OpenSSL updated to version 1.0.2o
fixed
Fixes bug where large DNS resolutions were dropped
fixed
Fixes a bug where Viscosity would not reconnect after some dropouts
fixed
Various bug fixes and enhancements

The 1.7.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.7

Version 1.7.7 of Viscosity has been released for both Mac and Windows! This release includes two new features, Universal 2nd Factor (U2F) support and obfs4 obfuscation support, along with a security update and some small bug fixes and improvements.

We're especially excited about support for U2F authentication, and we'll be posting further information about using U2F with Viscosity and OpenVPN in the near future. However if you want to check out the technical details immediately we have put together a U2F Two-Factor Authentication server setup guide with example authentication scripts.

We've also added support for the latest obfuscation protocol, obfs4, which was highly requested. If you're interested in using obfs4 but don't already have a server set up, we have updated our Setting up an Obfuscation server with Obfsproxy and Viscosity article.

On the security front, during an internal review we've identified the potential for a privilege escalation attack against processes launched by OpenVPN through the use of malicious environment variables. We've updated Viscosity to detect and protect against any such attacks. To avoid the potential for this to be exploited we recommend users update to 1.7.7 as soon as possible.


Version 1.7.7 Mac Release Notes:

added
Universal 2nd Factor (U2F) support
added
Support for the obfs4 obfuscation protocol
improved
No longer displays an alert when a session token is rejected
improved
Detection of unsafe environment variables improved
fixed
Various bug fixes and enhancements


Version 1.7.7 Windows Release Notes:

added
Adds U2F (Universal 2 Factor) support
added
Support for the obfs4 obfuscation protocol
improved
Detection of unsafe environment variables improved
fixed
Various bug fixes and enhancements

The 1.7.7 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.