SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.8.5

Viscosity version 1.8.5 is now available for both macOS and Windows! This update is primarily a maintenance release to keep Viscosity and your VPN connections running smoothly.

In light of the COVID-19 pandemic, we've limited this update to bug fixes and small improvements only, with no major changes. We've received countless reports of Viscosity playing a widespread and vital role for businesses and educational institutions with staff working from home. In such an environment the last thing we want is for changes to Viscosity's behaviour or user interface to surprise users or add additional workload to already overburdened staff.

On the macOS side, this update resolves a number of rare crashes that have been reported to us, as well as an issue that could prevent custom menu item scripts in a bundled version of Viscosity from running. An issue where Full DNS wouldn't be applied when using a split-routed TAP/bridged connection using DHCP for IP assignment has also been resolved.

The Windows version has a number of small improvements to both the DNS and networking to improve reliability, especially in certain enterprise setups. In particular, Viscosity is now better able to prevent loopback DNS settings remaining in rare situations caused by a Windows crash or surprise hardware removal. An issue where users may not get prompted for their U2F credentials on some Windows 10 machines has been resolved, as well as an issue that could cause VPN connections to fail to automatically reconnect.

We’re also aware of difficulty using the SafeNet Authentication Client (SAC) PKCS#11 driver with Viscosity 1.8.4 and earlier on macOS 10.15. The driver does not conform to macOS 10.15's dynamic library linking requirements, and so macOS blocks it from loading. We've been informed that updating to the latest version of the driver (10.2 Post GA R2) should resolve this. For those stuck on older versions of the driver, we've also managed to implement a workaround in Viscosity to allow the driver to load.

We've also received reports of two enterprise security software packages, namely "SentinelOne" and "Digital Guardian", causing Viscosity to crash under macOS 10.15. Users have reported crashes when attempting to launch Viscosity, when attempting to connect a VPN connection, or when clicking on a password field. The fault lies with these software packages being incompatible with macOS 10.15's "hardened runtime" requirement. The developers of both software packages have reported this has been fixed in their respective latest versions. If you are using a workplace-supplied device and are experiencing these crashes, please ask your IT staff to update the relevant software to the latest version.

Users with TAP connections upgrading to macOS 10.15.4 may also receive a "Legacy System Extension" warning from macOS, indicating that future versions of macOS may no longer support the TAP driver. Rest assured that we have already been working on a solution for the next major version of macOS.

Finally, this update also updates OpenSSL to version 1.1.1f for both platforms.


Version 1.8.5 Mac Release Notes:

improved
Workaround to allow the PKCS#11 driver for SafeNet tokens to load
updated
OpenSSL updated to version 1.1.1f
fixed
Resolves issue with Full DNS mode on split-routed TAP connections using DHCP assignment
fixed
Resolves issue that could prevent custom menu item scripts from running
fixed
Resolves a rare potential crash when disconnecting a VPN connection
fixed
Resolves a rare potential crash in Viscosity's helper tool
fixed
Various bug fixes and enhancements
removed
OS X 10.11 is no longer supported


Version 1.8.5 Windows Release Notes:

improved
Viscosity DNS now uses unique loopback IP addresses
improved
Network Profiles will now be cleaned up when a connection is removed
updated
Updates OpenSSL to version 1.1.1f
fixed
Resolves an issue where U2F Windows Security dialog was not appearing on some machines
fixed
Resolves an issue where automatic reconnections sometimes didn't occur after a dropout
fixed
Resolves an issue where Use Windows DNS option was sometimes not observed
fixed
Resolves a rare issue that could cause some connection attempts to fail (build 1665)
fixed
Various bug fixes and enhancements

The 1.8.5 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.4

Viscosity version 1.8.4 is now available for both macOS and Windows! This update includes two-factor token authentication improvements, an updated version of OpenSSL for OpenVPN 2.3, a low-severity security fix, and a number of small bug fixes and improvements for both platforms.

On the authentication side, a number of PKCS#11 issues have been addressed on both platforms, which should allow additional tokens and certificate/keys to be used for authentication. This should also resolve certain keys not working in the previous two releases of Viscosity.

Viscosity now also supports importing connections that include an inline username and password. These will automatically be loaded into the Keychain or Windows Credential Manager at import time for safe storage.

On the Mac Viscosity will now automatically detect when the "Disable Time Machine backups while connected" feature is blocked. macOS 10.15 requires that applications be granted the "Full Disk Access" privilege to enable or disable automatic backups. If granted, Viscosity will only use this privilege to enable/disable Time Machine backups, and only if the feature is enabled.

This update also contains two security related updates. Firstly, OpenVPN 2.3 is now updated to use OpenSSL 1.0.2u (OpenVPN 2.4 will continue to use OpenSSL 1.1.1d). With OpenSSL 1.0.2 now end of life, Viscosity will likely be dropping OpenVPN 2.3 later in the year (please keep in mind that OpenVPN 2.4 is backwards compatible with servers running older versions of OpenVPN).

Secondly, this update also addresses a low-severity security vulnerability (CVE-2020-5180). An attacker with local access could potentially run arbitrary code within Viscosity's OpenVPN sandbox by using a maliciously crafted OpenSSL engine and associated command. Such an attack is successfully contained within Viscosity's sandbox, which has de-elevated permissions and access restrictions, and so an attacker does not gain elevated local permissions (such as root or SYSTEM) on the machine and their actions are severely limited.

However, under macOS an attacker may be able to access on-disk VPN credentials (such as a certificate and private key) from other active OpenVPN connections that run within the sandbox at the same time. This does not apply to the Windows version. Because of this, we encourage those in multi-user macOS environments to update as soon as possible. Special thanks to Rich Mirch for identifying and reporting this issue.


Version 1.8.4 Mac Release Notes:

added
Import support for inline usernames and passwords
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves PKCS#11 issue using some RSA certificates
fixed
Resolves issue moving the menu icon on older versions of macOS
fixed
Detects if Time Machine backups could not be disabled due to macOS privileges
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Various bug fixes and enhancements


Version 1.8.4 Windows Release Notes:

added
Import support for inline usernames and passwords
added
ECDSA support for CNG (--cryptoapicert)
added
TLS 1.3 RSA-PSS support for PKCS#11 and CNG (--cryptoapicert)
improved
Disabled DNS Mode functionality has been improved
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves an issue where connections failed on Windows Server Domain Controllers
fixed
Resolves issue with PKCS#11 connections using ECDSA keys
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Resolves regression that could cause some connections to fail on 32-bit installations (Build 1651)
fixed
Various bug fixes and enhancements

The 1.8.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.3

Viscosity version 1.8.3 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements.

Most notably, Viscosity will now prompt to allow connections to OpenVPN setups with certificates where a weak CA digest is detected. This should make it easier to connect to legacy servers without the need to manually adjust any advanced commands.

The Mac update also addresses a regression that could cause EC keys on PKCS#11 devices to be unusable, as well as some small fixes when running on older versions of macOS.


Version 1.8.3 Mac Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
fixed
Resolves issue using EC keys on PKCS#11 devices
fixed
Resolves a potential hang on older versions of macOS when importing connections
fixed
Resolves a tap-to-click issue with the main menu on older versions of macOS
fixed
Resolves a potential crash when importing a connection (build 1521)
fixed
Various bug fixes and enhancements


Version 1.8.3 Windows Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
improved
Minor user interface improvements
fixed
Various bug fixes and enhancements

The 1.8.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.2

Version 1.8.2 of Viscosity has been released for both macOS and Windows! This update includes both updated versions of OpenVPN (2.4.8) and OpenSSL (1.1.1d), as well as many improvements and bug fixes for both platforms.

In particular, with the update to the OpenSSL 1.1.1 branch we've been able to enable support for TLS version 1.3 and the latest ciphers in Viscosity. When connecting to up to date OpenVPN servers this will allow for more secure and performant VPN connections.

The Windows version of Viscosity has also been overhauled to allow it to run on devices using ARM processors (WoA64 support). Along with supporting ARM, we've been able to include a small additional performance boost to VPN connections.

On the Mac side, this version should feel snappier when running on macOS Catalina, as we've been able to adopt some of the new macOS frameworks. The Mac version also includes some small additional improvements, including faster handling when there are multiple VPN connections connected simultaneously, and additional AppleScript controllability.


Version 1.8.2 Mac Release Notes:

added
Support for TLS 1.3 and additional ciphers
improved
Performance of simultaneous active connections improved
improved
Application performance increased under macOS 10.15
updated
OpenVPN 2.4 updated to version 2.4.8
updated
OpenSSL updated to version 1.1.1d
fixed
Resolves potential hang when disconnecting multiple connections
fixed
Various bug fixes and enhancements


Version 1.8.2 Windows Release Notes:

added
Support for TLS 1.3 and additional ciphers
added
Windows 10 on ARM64 (WoA64) is now supported
improved
Small performance improvements in OpenVPN
updated
OpenSSL updated to version 1.1.1d on OpenVPN 2.4
updated
OpenVPN updated to version 2.4.8
updated
Visual C++ 2015-2019 runtime is now required and will be installed if not present
fixed
Resolves an issue where some connections would fail to connect on subsequent connection attempts
fixed
Resolves an issue where connections would sometimes hang during a reconnect
fixed
Resolves an issue where some .visz configurations failed to import
fixed
Various bug fixes and enhancements

The 1.8.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.1

Viscosity version 1.8.1 is now available for both macOS and Windows! This update is primarily a maintenance release and it includes a number of small tweaks and improvements for both platforms.

Viscosity now integrates the new U2F APIs introduced in Windows 10 1903. This provides a more native and consistent experience for users also using U2F for Windows authentication, as well as resolving U2F access issues under Windows 10 1903.

We've also worked behind the scenes to make deploying Viscosity in managed macOS environments much easier. Deployments in multi-user environments has been simplified, and the managed installer templates are now able to handle the Start on Login option without the need for custom scripts. Documentation is also now available on how to deploy Viscosity using tools like Munki and Jamf.

Finally, we've also identified some OpenVPN server setups that will unnecessarily push a route-delay command, significantly delaying connection time. Viscosity will now ignore this command when it isn't needed.


Version 1.8.1 Mac Release Notes:

added
Improved support for deploying Viscosity in managed environments
improved
Ignores unnecessary pushed route-delay commands
fixed
Workaround to allow loading the PKCS#11 driver for SafeNet tokens
fixed
Various bug fixes and enhancements


Version 1.8.1 Windows Release Notes:

added
Adopts native Windows U2F integration on Windows 10 1903+
improved
Ignores unnecessary pushed route-delay commands
fixed
Resolves issue where IPv6 DNS Servers may not be used
fixed
Various bug fixes and enhancements

The 1.8.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8

Viscosity 1.8 is now available for both macOS and Windows! This is a big update, with significant performance improvements for VPN connections. Both macOS and Windows users should immediately notice their OpenVPN connections connecting faster, with slightly lowered CPU usage. Windows users should also notice significantly improved maximum throughput on high-speed network connections.

A traffic graph has also been added to the main menu, providing a quick overview of how your VPN connection is being utilised without needing to open the Details menu. The style of this graph can also be customised from the Appearance section, or turned off for those who prefer to keep things simple.

By popular demand we've also overhauled Viscosity's menu icon system. Not only has this allowed us to include some snappy new icon designs to choose from, all icons now feel much more at home on both macOS and Windows. In particular, on macOS icons with coloured components will now look great in both light and dark mode, behave correctly when selected, and on secondary monitors as well.

On Windows Viscosity now also supports Network Location Awareness for routed/TUN connections. This will resolve an issue that caused some applications, including Microsoft Office and many UWP based apps, from failing to detect that a network connection is available when a VPN connection is connected.

Finally, version 1.8 also brings offical support for macOS 10.15 (Catalina), which is expected to be released next month.


Version 1.8 Mac Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
Improved support for macOS 10.15 (Catalina)
improved
VPN connections will now establish faster
improved
Reduces CPU usage when using higher log verbosity levels
improved
Complete Dark Mode support for menu items with color
updated
OpenSSL updated to version 1.0.2t
fixed
Resolves a potential crash when rapidly connecting and disconnecting connections
fixed
Resolves a potential crash if ifconfig cannot be run
fixed
Resolves a potential hang when using Reset network interfaces on disconnect
fixed
Resolves flickering of the menu icon animation when changing states
fixed
Various bug fixes and enhancements


Version 1.8 Windows Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
VPN connections will now establish faster
improved
Faster maximum throughput of VPN connections
improved
Network Interfaces can now be created without disconnecting other connections
improved
Windows Network Location Awareness will now take place for TUN connections
updated
Updates OpenSSL to version 1.0.2t
fixed
Various bug fixes and enhancements

The 1.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.16

Viscosity version 1.7.16 is now available for both macOS and Windows! This update is primarily a small maintenance release with a focus on bug fixes and minor enhancements.

The Mac update addresses a regression that could result in reachability checks to fail when using a fixed IP version for remote OpenVPN (or proxy) servers, while the Windows update includes a fix for VPN connections using non-standard MTU values. Also included for both platforms are a number of minor requested enhancements to the user interface and connection performance.


Version 1.7.16 Mac Release Notes:

updated
OpenSSL updated to version 1.0.2s
fixed
Reachability checks will no longer fail when using a fixed IP version
fixed
Various bug fixes and enhancements


Version 1.7.16 Windows Release Notes:

updated
Updates OpenSSL to version 1.0.2s
fixed
Resolves issue where a non-default MTU may not be applied to the adapter
fixed
Various bug fixes and enhancements

The 1.7.16 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.15

Viscosity version 1.7.15 is now available for both Mac and Windows! This version includes U2F and PKCS#11 improvements, updated versions of both OpenVPN and OpenSSL, and a number of fixes and improvements for both platforms.

We've placed a focus on two-factor authentication for this release, with general improvements to Viscosity's U2F authentication support, including the ability to use U2F tokens from additional manufacturers. PKCS#11 support has also been improved in the Windows version, with smoother handling of problems that may arise when using a token or smartcard.

On the maintenance front, OpenVPN has been updated to version 2.4.7, which includes a number of small bug fixes. OpenSSL has also been updated to version 1.0.2r. The Windows release also includes an updated VPN network adapter driver with slightly improved performance, while the macOS release fixes an issue that could result in some VPN connections failing to try additional remote servers if the first one fails to connect.


Version 1.7.15 Mac Release Notes:

added
Additional U2F devices are now supported
updated
OpenVPN 2.4 updated to version 2.4.7
updated
OpenSSL updated to version 1.0.2r
updated
Adds notarization for increased security
fixed
Resolves failure to fallback to secondary remote servers with some connections
fixed
Resolves a potential crash on macOS 10.14.4+ when updating the helper
fixed
Resolves a potential crash when importing a large number of connections
fixed
Fixes regression that could result in PKCS#11 drivers failing to load (build 1488)
fixed
Various bug fixes and enhancements
removed
OS X 10.10 is no longer supported


Version 1.7.15 Windows Release Notes:

added
Additional U2F devices are now supported
improved
Improved handling of PKCS#11 errors
updated
Updates OpenVPN to version 2.4.7
updated
Updates OpenSSL to version 1.0.2r
updated
VPN Network Adapter driver updated
fixed
Various bug fixes and enhancements

The 1.7.15 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.14

Viscosity version 1.7.14 is now available for both Mac and Windows! This is a maintenance update that resolves a number of small regressions that unfortunately snuck into the 1.7.13 release, as well as a number of additional minor bug fixes.

In particular, this update fixes an issue that could cause certain OpenVPN files to be blocked from loading under the new Windows sandbox. If you received an error message similar to "Cannot load certificate file" in your connection log with version 1.7.13, this was unfortunately the cause, and it should now be resolved. For further information please refer to the release notes below.


Version 1.7.14 Mac Release Notes:

fixed
Resolves regression connecting certain static-key connections
fixed
Various bug fixes and enhancements


Version 1.7.14 Windows Release Notes:

fixed
Resolves sandbox regression that could prevent connection files from being loaded
fixed
Resolves sandbox regression that prevented cryptoapicert command from functioning
fixed
Various bug fixes and enhancements

The 1.7.14 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.13

Viscosity version 1.7.13 is now available for both Mac and Windows! This version includes security and performance enhancements for the Windows release, an updated version of OpenSSL, and a number of small tweaks and improvements for both platforms.

Previously version 1.7.8 of Viscosity for Mac introduced sandboxing and privilege deescalation of the OpenVPN process for added security. These security features help to protect against possible future threats that could arise against OpenVPN itself, both local and remote. We're pleased to announce that the 1.7.13 update has added these features to the Windows version as well. This all happens behind the scenes, and shouldn't have any noticeable effect on your VPN connections.

The Windows version also includes reworked PKCS#11 support for improved library loading and token support, and a 64-bit build of OpenVPN. The Mac version also includes a number of improvements to its main menu for improved functionality, as well as a number of small tweaks to keep OpenVPN connections running smoothly.


Version 1.7.13 Mac Release Notes:

improved
Improves compatibility with menu bar managers
improved
Improves main menu automatic resizing and positioning
updated
OpenSSL updated to version 1.0.2q
fixed
Avoids rapid reconnect attempts when a local TLS error occurs
fixed
Avoids potentially delaying a manual computer sleep when there are active connections
fixed
Workaround for potential DNS resolution errors when OpenVPN performs a reconnect
fixed
Various bug fixes and enhancements


Version 1.7.13 Windows Release Notes:

improved
Sandboxing of the OpenVPN process for added security
improved
Significant improvements to PKCS#11 device and driver handling
improved
OpenVPN is now a native 64-bit binary on x64 systems
updated
OpenSSL updated to version 1.0.2q
updated
VPN Network Adapter driver updated
updated
.NET 4.6.2 or later is now required
fixed
Various bug fixes and enhancements

The 1.7.13 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.