SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.10.2

Viscosity version 1.10.2 is now available for both macOS and Windows! This update introduces Dark Mode support for the Windows version, a security-related OpenSSL update for both macOS and Windows versions, along with several small bug fixes and enhancements.

The updated version of OpenSSL addresses a potential security issue with OpenSSL's certificate parsing that could result in a denial-of-service attack. This does not affect the security of OpenVPN connections. However, it could potentially allow a malicious server or man-in-the-middle attacker to stall a VPN connection attempt with an infinite loop, resulting in high CPU usage until the connection attempt is disconnected.

The Windows version also introduces preliminary Dark Mode support. If Windows is set to use Dark Mode, Viscosity will now automatically render its interface using the appropriate dark theme colors. This is still a work in progress, however Dark Mode fans should be less blinded when opening Viscosity's interface with this update.

The macOS version also fixes a number of small IPv6 related issues, including not correctly displaying the IPv6 address assigned to a VPN connection in the menu or Details window.


Version 1.10.2 Mac Release Notes:

updated
OpenVPN 2.5 updated to version 2.5.5
updated
OpenSSL updated to version 1.1.1n
fixed
Resolves issue where an assigned IPv6 address may not be displayed
fixed
Resolves issue where the Details window could ignore the Prefer IPv6 option
fixed
Resolves issue using Import from Server with certain cloud servers
fixed
Various bug fixes and enhancements


Version 1.10.2 Windows Release Notes:

added
Initial Dark Mode support
updated
OpenVPN 2.5 updated to version 2.5.5
updated
OpenSSL updated to version 1.1.1n
fixed
Resolves issue using Import from Server with certain cloud servers
fixed
Various bug fixes and enhancements

The 1.10.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.1

Viscosity version 1.10.1 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, the Mac version is now able to detect and workaround an issue that caused Viscosity to hang in the background when trying to update old versions of its helper tool on macOS 12. It is no longer necessary to manually remove old versions of the helper on macOS 12 in these instances.

The Windows version also resolves a similar issue that could cause VPN connections to fail if Windows had been upgraded from Windows 10 to Windows 11 without the driver being manually updated.


Version 1.10.1 Mac Release Notes:

improved
Further information will now be displayed for a tool permission failure
fixed
Unexpected termination of the helper during an upgrade now handled on macOS 12
fixed
Resolves display issue with some options under certain localizations
fixed
Certain configuration issues preventing OpenVPN from starting will now be correctly logged
fixed
Various bug fixes and enhancements


Version 1.10.1 Windows Release Notes:

improved
Microsoft Edge WebView2 Runtime is now optional to install at setup
fixed
DNS Resolution will now work with local (loopback) DNS resolvers or proxies
fixed
Resolves an issue where installation would fail if multiple prerequisites are required
fixed
Driver is now correctly updated by installer after upgrading a Windows 10 system to Windows 11
fixed
Various bug fixes and enhancements

The 1.10.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10

Viscosity 1.10 is now available for both macOS and Windows! This is a big update, with OpenVPN 2.5 support, support for both macOS 12 and Windows 11, support for SSO and SAML authentication, and lots of other new features and improvements.

OpenVPN 2.5 brings several new features to VPN connections, including support for the ChaCha20-Poly1305 cipher, TLS 1.3 support, improved session token management, and many other networking improvements. OpenVPN 2.5 is backwards compatible with servers running older versions of OpenVPN, however Viscosity still includes OpenVPN 2.4 which can be enabled at any time under Preferences->Advanced.

This release also adds support for the latest macOS and Windows operating systems. macOS 12 (Monterey), expected to be available shortly, is now supported. Windows 11, just recently released, is now fully supported as well.

Please note that while macOS 12 is supported, iCloud Private Relay beta (available in macOS 12) has several known incompatibilities with common VPN setups. We hope to have improved compatibility with Private Relay in a future update.

Viscosity 1.10 also introduces support for SSO and SAML authentication, allowing OpenVPN setups to better integrate into existing enterprise authentication systems. For those with custom OpenVPN server setups, we expect to have setup guides on how to configure SSO/SAML server-side in our knowledge base soon.

Viscosity’s Import from Server feature has also been overhauled, and now supports a number of new features, including web-based authentication (including SSO/SAML), automatic detection and TOTP two-factor enrollment, and support for OpenVPN Cloud.

Also included are many additional small improvements and bug fixes. More details can be found in the release notes below.

Finally, this update requires macOS 10.15 or later on Mac, and Windows 10 or later on Windows. macOS 10.13 and 10.14, and Windows 7 and 8.1, are no longer supported. These older OS versions are either no longer receiving security updates, or require the use of deprecated OS APIs that make supporting newer OS versions significantly more difficult. Older Viscosity releases that will run on these versions can still be found at the Legacy Downloads page.


Version 1.10 Mac Release Notes:

added
Support for macOS 12 (Monterey)
added
OpenVPN 2.5 Support
added
Support for SSO and SAML authentication
added
New menu icons designed to match the system icon style on macOS 11+
added
New menu icons using colorblind friendly colors
added
The Import from Server feature now supports web authentication
added
The Import from Server feature now supports authenticator enrollment
added
The Import from Server feature now supports OpenVPN Cloud
improved
Small improvements to the connection editor
fixed
Various bug fixes and enhancements
removed
macOS 10.13 is no longer supported
removed
macOS 10.14 is no longer supported


Version 1.10 Windows Release Notes:

added
Support for Windows 11
added
OpenVPN 2.5 Support
added
Support for SSO and SAML authentication
added
New menu icons using colorblind friendly colors
added
The Import from Server feature now supports web authentication
added
The Import from Server feature now supports authenticator enrollment
added
The Import from Server feature now supports OpenVPN Cloud
improved
Small improvements to the connection editor
fixed
Resolves an issue where TAP connections failed to configure DHCP on some systems
fixed
Various bug fixes and enhancements
removed
Windows 7 is no longer supported
removed
Windows 8.1 is no longer supported

The 1.10 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.9.4

Viscosity version 1.9.4 is now available for both macOS and Windows! This update is a security release and includes an important security fix for the macOS version, OpenSSL updates for both platforms, and a number of small bug fixes.

On the macOS side, a privilege escalation vulnerability has been identified that could potentially allow a local user to gain elevated privileges with a maliciously crafted update bundle. Local machine access is required, it cannot be exploited remotely, and it does not affect the security of VPN connections. However, as it potentially allows a standard user to gain admin (root) permissions, we've classified it as a high severity issue. We strongly encourage all macOS users to update to version 1.9.4 as soon as possible, particularly those in multi-user or enterprise environments. Special thanks to AfkVkas for taking a look at Viscosity and identifying this attack chain.

While the Windows version is not affected by this issue, we've taken the opportunity to perform some additional hardening of the service in this update. Both versions also include an updated version of OpenSSL and several small bug fixes.


Version 1.9.4 Mac Release Notes:

updated
OpenSSL updated to version 1.1.1l
fixed
Security: Resolves a local privilege escalation vulnerability during helper update
fixed
Resolves issue where the connection editor may display the wrong device type
fixed
Resolves issue that could cause proxy authentication to fail
fixed
Resolves issue that could helper connections to fail on certain machines (build 1578)
fixed
Various bug fixes and enhancements


Version 1.9.4 Windows Release Notes:

added
Initial Windows 11 compatibility
improved
High DPI scaling improvements
updated
OpenSSL updated to version 1.1.1l
updated
VPN Network Adapter driver updated
fixed
Resolves a rare issue where a crash can occur opening certain windows
fixed
Multiple lines can be added at the same time to Advanced Commands in the connection editor
fixed
Various bug fixes and enhancements

The 1.9.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.9.3

Viscosity version 1.9.3 is now available for both macOS and Windows! This update includes a number of improvements, including refined support for Apple Silicon (M1) Macs, updated versions of both OpenVPN and OpenSSL, and a number of small bug fixes.

In particular, the Mac version has been updated to automatically detect common DNS misconfigurations and add a warning where appropriate. Problems such as unreachable servers, DNS servers routed through the wrong network interface, use of reserved DNS domains, conflicting DNS domains, and so forth, will be now identified and additional information added to the connection log. We anticipate this should greatly simplify troubleshooting DNS problems for users and administrators unfamiliar with macOS's DNS resolver system.

This version also updates OpenVPN to version 2.4.11 for both Mac and Windows. While this OpenVPN update addresses a potentially serious security issue, it only affects OpenVPN servers. Viscosity clients are unaffected.

Finally, this version also updates OpenSSL to version 1.1.1k for both platforms.

As a follow-up, we're pleased to report that Apple have confirmed that they've resolved the underlying problem (that could cause macOS updates to stall) that necessitated the previous 1.9.2 release of Viscosity with a workaround. This has been resolved in the recent macOS 11.3 update. While we'll leave Viscosity's workaround in place for the foreseeable future (out of an abundance of caution), updating to macOS 11.3 and onwards should always go smoothly, even if an older version of Viscosity is being used.


Version 1.9.3 Mac Release Notes:

improved
Obfuscation will now run natively on Apple Silicon Macs
improved
Potential DNS configuration problems are now detected and added to the log
updated
OpenVPN 2.4 updated to version 2.4.11
updated
OpenSSL updated to version 1.1.1k
fixed
Resolves crash that could occur when deleting a connection
fixed
Resolves crash that could occur when cancelling a U2F authentication attempt
fixed
Resolves issue quitting with an active VPN connection on some Apple Silicon Macs
fixed
Resolves issue where a connection may incorrectly fallback to the next remote endpoint
fixed
Resolves issue that could cause certain dynamic challenge requests to fail
fixed
Various bug fixes and enhancements


Version 1.9.3 Windows Release Notes:

updated
OpenSSL updated to version 1.1.1k
updated
OpenVPN updated to version 2.4.11
fixed
Resolves a rare issue where DNS Servers could be queried out of order
fixed
Resolves a potential hang when entering registration details (Build 1723)
fixed
Various bug fixes and enhancements

The 1.9.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Windows: Version 1.9.2

Viscosity version 1.9.2 is now available for Windows! This update is primarily a maintenance release with bug fixes and small enhancements.

This release focuses on improving support for High DPI Scaling and multi-monitor setups on Windows. In particular, Viscosity will now fully handle setups where the DPI scaling varies from monitor to monitor, and support for High DPI user interface elements has been improved. To allow for DPI Scaling improvements, Viscosity now also requires .NET 4.8 or later.

Finally, we’ve also identified and fixed an issue that could cause a DNS domain to fail to be correctly used as a DNS suffix when using the legacy OpenVPN TAP Adapter.


Version 1.9.2 Windows Release Notes:

improved
DPI Scaling now performs correctly across monitors with different scaling
improved
High DPI Scaling support enhancements
updated
.NET 4.8 is now required
fixed
Locally defined automatic proxies will now be correctly set for all adapter types
fixed
Resolves issue where a DNS domain may not be set as a DNS search suffix
fixed
Various bug fixes and enhancements

The 1.9.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.9.2

Viscosity version 1.9.2 is now available for macOS! This is a small update designed to address a single issue related to system updates on macOS 11 (Big Sur). Version 1.9.1 remains the latest Windows version.

We've identified a situation where Viscosity could inadvertently trigger a bug in the macOS update process when updating macOS 11 from version 11.0 or 11.1 to version 11.2.x. This bug can result in the update process stalling at a black screen (with an Apple logo and progress bar) for affected installs.

While this appears to be a bug in the macOS update process, and not directly with Viscosity itself, as it is highly disruptive to those impacted we've elected to push out this update with a workaround in Viscosity to avoid it. If you're running macOS 11 and haven't yet updated it to the latest version, we strongly encourage you to update Viscosity to version 1.9.2 before proceeding.

It's only possible for this bug to be triggered in a small number of instances, and so the vast majority of Viscosity users will not be impacted. Users not updating between the above versions of macOS shouldn't be affected. Users connecting TUN connections are not affected. Users connecting TAP connections may be affected depending on the VPN configuration and cached network settings.

If you've already tried updating macOS 11 and the update has stalled, you can boot your computer into Safe Mode (please note that the process differs between Intel and Apple Silicon Macs) and re-run the update from there. It may be necessary to download and run the full macOS 11 installer from the App Store to complete the update. It is not necessary to erase your computer or restore from Time Machine. If you're unable to boot your computer into Safe Mode, then the cause for the stalled update is unlikely to be related to Viscosity.

Special thanks to Tobias Punke for initially reporting this issue.


Version 1.9.2 Mac Release Notes:

fixed
Workaround for bug in the macOS 11.2 updater that could be triggered by certain VPN connections resulting in a stalled update

The 1.9.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.9.1

Viscosity version 1.9.1 is now available for both macOS and Windows! This update is primarily a maintenance release, and includes improved support for macOS 11, improved compatibility with OpenVPN configurations, updated OpenVPN and OpenSSL versions, and a number of small bug fixes and improvements for both platforms.

In particular, on the Mac side there have been a number of behind-the-scenes fixes and enhancements to improve compatibility and performance with macOS 11 (Big Sur). Support for Macs with Apple Silicon (M1) processors has also been improved.

Both the Mac and Windows versions will now also correctly handle the use of data-ciphers and related commands by automatically re-mapping them to the equivalent OpenVPN 2.4 commands.

Finally, this version also updates OpenVPN to version 2.4.10, and OpenSSL to version 1.1.1i, for both platforms.


Version 1.9.1 Mac Release Notes:

improved
Improved support for macOS 11 (Big Sur)
improved
Automatic remapping of data-ciphers and related commands
improved
Small improvements to the display of custom routes
updated
OpenVPN 2.4 updated to version 2.4.10
updated
OpenSSL updated to version 1.1.1i
fixed
Common system environment variables are now available to AppleScripts
fixed
Resolves issue that could prevent VPN connections from starting after a large number of reconnects
fixed
Resolves an issue that could cause rapid reconnects on a cipher mismatch
fixed
Various bug fixes and enhancements


Version 1.9.1 Windows Release Notes:

improved
Automatic remapping of data-ciphers and related commands
improved
Routes can now be modified in the configuration editor
updated
OpenVPN updated to version 2.4.10
updated
OpenSSL updated to verion 1.1.1i
fixed
Resolves a rare issue where some DNS lookups failed
fixed
Various bug fixes and enhancements

The 1.9.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.9

Viscosity 1.9 is now available for both macOS and Windows! This is one of our biggest updates yet, with significant changes under-the-hood and many new features.

One of the most anticipated additions in version 1.9 is support for macOS 11 (Big Sur). Viscosity now supports and integrates with macOS 11, and all of Viscosity's existing functionality is fully supported (including TAP support - more on that below).

We've also ported Viscosity to have complete native support for the upcoming Apple Silicon (ARM) Macs. Viscosity and your VPN connections will run at native speed to take full advantage of the new processor architecture and power savings.

Version 1.9 also introduces driverless TAP (bridged) connection support on macOS. This is something we are particularly enthusiastic about: if you use TAP (bridged) OpenVPN connections you'll no longer need to manually approve a kernel extension to load before you're able to connect. This will also make deployment much easier in enterprise environments. And best of all, our approach fully supports macOS 11.

On the Windows side, version 1.9 introduces a brand-new VPN network adapter driver for Windows 10 2004 and later. This driver has been written from the ground up for modern Windows 10 machines. It does away with using legacy system frameworks to help optimise performance and lower resource usage. It also includes privacy improvements, such as generating a random ethernet (MAC) address each time you connect, as well as better support for custom MTU values and custom MAC addresses (using the lladdr command) for TAP connections.

A common request from Viscosity power users is for more powerful scripting support, and we're pleased to be able to say we've done just that. Both AppleScript scripts on macOS, and Batch scripts on Windows now have access to connection details, making it easier to write scripts that respond to different network changes. This also makes it easier to share scripts between connections, or even different users.

It's now also possible for Before-Connect scripts to return username and password credentials, making it easy to craft custom authentication prompts, integrate with custom authentication systems, or manually handle credential storage.

The Windows version also updates the DNS system to improve the reliability of Network Location Awareness (NLA) when connected to a VPN on newer versions of Windows 10. This should resolve an issue where certain applications, such as Microsoft Office, may be unable to use network services while connected. Also addressed in the Windows update is a low-severity security vulnerability that could allow certain libraries to be side-loaded from the same directory when the Windows installer is run. Thank you to Vladimir Dubrovin for reporting this.

It's also important to note that this update drops support for OpenVPN 2.3. Viscosity will still be able to connect to servers running OpenVPN 2.3 or older versions, however OpenVPN 2.4 will now be used client-side. For the vast majority of users no migration changes are needed and connections will automatically work. However if you've updated and can no longer connect please refer to our migration guide.

Finally, version 1.9 also includes many more small improvements and bug fixes. For further information please refer to the release notes below.


Version 1.9 Mac Release Notes:

added
Support for macOS 11 (Big Sur)
added
New driverless TAP support for macOS 10.15+
added
Complete native support for Apple Silicon (ARM) Macs
added
Connection details are now accessible from AppleScript scripts
added
Before-Connect scripts are now able to return a username and password
improved
Support for DNS servers assigned using DHCPv6
improved
Unreachable DNS servers are now detected and handled
improved
Additional details added to logging of connection state changes
improved
Additional compression options have been added to the editor
improved
Viscosity will prompt for confirmation when quit using Cmd-Q
updated
OpenSSL updated to version 1.1.1h
fixed
Resolves issue that could cause the helper to fail to automatically update
fixed
Resolves issue running pushed user connection scripts
fixed
DNS resolution issue after a TAP connection reconnect resolved
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.3 removed
removed
macOS 10.12 is no longer supported


Version 1.9 Windows Release Notes:

added
New adapter driver for Windows 10 2004+
added
Connection details are now accessible from Batch and VBS scripts
added
Before-Connect scripts are now able to return a username and password
added
Scripting command added to list all connections as a JSON parsable string
improved
Connection-specific DNS Suffix Search List is now used instead of the global list on Windows 10 1809+
improved
IPv6 SLAAC/RA TAP support has been improved
improved
NCSI and NLA support on Windows 10 2004+ has been improved
improved
Additional compression options have been added to the editor
updated
OpenSSL updated to verion 1.1.1h
fixed
An issue where an extraneous adapter was sometimes left behind after a failed connection attempt no longer occurs
fixed
A rare issue where a connection would become stuck in the creating state has been fixed
fixed
Inline auth-user-pass is now imported correctly
fixed
Resolves low-severity security vulnerability in the installer that could allow library side-loading
fixed
Resolves an issue connecting to some 2FA enabled servers (Build 1695)
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.3 removed

The 1.9 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.6

Viscosity version 1.8.6 is now available for both macOS and Windows! This update brings a number of small improvements, updated OpenVPN and OpenSSL versions, two-factor authentication enhancements, and small bug fixes.

In particular, on the macOS side U2F support has been overhauled to offer a smoother device registration process as well as support for additional devices. It also lays the groundwork for FIDO2 support in a future update to Viscosity.

The Windows version has also overhauled remote server endpoint selection to match the Mac version's functionality. In particular, the Windows version now also supports round-robin DNS for server domains that resolve to multiple IP addresses. Reachability checking at the start of a connection has also been improved, with local reachability problems detected sooner.

The macOS version also resolves two issues that could result in a connection appearing stuck in a "Disconnecting" state after waking the computer from sleep. This was caused by rapid Power Nap or Wake-on-LAN events causing the computer to wake for very short periods of time. Viscosity should now handle these short wake events correctly.

Finally, this version also updates OpenVPN to version 2.4.9, and OpenSSL to version 1.1.1g, for both platforms.


Version 1.8.6 Mac Release Notes:

added
Additional U2F devices are now supported
improved
Improves flow of U2F registration and authentication
improved
Server generated explicit-exit-notify messages are now supported
updated
OpenVPN 2.4 updated to version 2.4.9
updated
OpenSSL updated to version 1.1.1g
fixed
Resolves a potential VPN connection hang after a Power Nap event
fixed
Resolves a potential VPN connection hang after a rapid WoL event
fixed
OpenVPN will no longer fail to start if tmp directory permissions are incorrect
fixed
Resolves a rare potential crash in Viscosity's helper tool
fixed
Various bug fixes and enhancements


Version 1.8.6 Windows Release Notes:

added
Fallback support for servers using a round-robin DNS record
improved
Reachability checking and endpoint selection has been improved
improved
Server generated explicit-exit-notify messages are now supported
updated
Updates OpenVPN to version 2.4.9
updated
Updates OpenSSL to version 1.1.1g
fixed
Resolves an issue that could cause a reachability check to fail when using a proxy server
fixed
Resolves a rare issue where dropouts of TCP VPN connections were not detected
fixed
A DHCP specified gateway on TAP connections will no longer override the Send All Traffic option
fixed
Resolves an issue that could cause reachability checks to fail using some protocols (Build 1681)
fixed
Resolves an issue that could cause reachability checks to fail upon server fallback (Build 1682)
fixed
Various bug fixes and enhancements

The 1.8.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.