SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.9

Viscosity 1.9 is now available for both macOS and Windows! This is one of our biggest updates yet, with significant changes under-the-hood and many new features.

One of the most anticipated additions in version 1.9 is support for macOS 11 (Big Sur). Viscosity now supports and integrates with macOS 11, and all of Viscosity's existing functionality is fully supported (including TAP support - more on that below).

We've also ported Viscosity to have complete native support for the upcoming Apple Silicon (ARM) Macs. Viscosity and your VPN connections will run at native speed to take full advantage of the new processor architecture and power savings.

Version 1.9 also introduces driverless TAP (bridged) connection support on macOS. This is something we are particularly enthusiastic about: if you use TAP (bridged) OpenVPN connections you'll no longer need to manually approve a kernel extension to load before you're able to connect. This will also make deployment much easier in enterprise environments. And best of all, our approach fully supports macOS 11.

On the Windows side, version 1.9 introduces a brand-new VPN network adapter driver for Windows 10 2004 and later. This driver has been written from the ground up for modern Windows 10 machines. It does away with using legacy system frameworks to help optimise performance and lower resource usage. It also includes privacy improvements, such as generating a random ethernet (MAC) address each time you connect, as well as better support for custom MTU values and custom MAC addresses (using the lladdr command) for TAP connections.

A common request from Viscosity power users is for more powerful scripting support, and we're pleased to be able to say we've done just that. Both AppleScript scripts on macOS, and Batch scripts on Windows now have access to connection details, making it easier to write scripts that respond to different network changes. This also makes it easier to share scripts between connections, or even different users.

It's now also possible for Before-Connect scripts to return username and password credentials, making it easy to craft custom authentication prompts, integrate with custom authentication systems, or manually handle credential storage.

The Windows version also updates the DNS system to improve the reliability of Network Location Awareness (NLA) when connected to a VPN on newer versions of Windows 10. This should resolve an issue where certain applications, such as Microsoft Office, may be unable to use network services while connected. Also addressed in the Windows update is a low-severity security vulnerability that could allow certain libraries to be side-loaded from the same directory when the Windows installer is run. Thank you to Vladimir Dubrovin for reporting this.

It's also important to note that this update drops support for OpenVPN 2.3. Viscosity will still be able to connect to servers running OpenVPN 2.3 or older versions, however OpenVPN 2.4 will now be used client-side. For the vast majority of users no migration changes are needed and connections will automatically work. However if you've updated and can no longer connect please refer to our migration guide.

Finally, version 1.9 also includes many more small improvements and bug fixes. For further information please refer to the release notes below.


Version 1.9 Mac Release Notes:

added
Support for macOS 11 (Big Sur)
added
New driverless TAP support for macOS 10.15+
added
Complete native support for Apple Silicon (ARM) Macs
added
Connection details are now accessible from AppleScript scripts
added
Before-Connect scripts are now able to return a username and password
improved
Support for DNS servers assigned using DHCPv6
improved
Unreachable DNS servers are now detected and handled
improved
Additional details added to logging of connection state changes
improved
Additional compression options have been added to the editor
improved
Viscosity will prompt for confirmation when quit using Cmd-Q
updated
OpenSSL updated to version 1.1.1h
fixed
Resolves issue that could cause the helper to fail to automatically update
fixed
Resolves issue running pushed user connection scripts
fixed
DNS resolution issue after a TAP connection reconnect resolved
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.3 removed
removed
macOS 10.12 is no longer supported


Version 1.9 Windows Release Notes:

added
New adapter driver for Windows 10 2004+
added
Connection details are now accessible from Batch and VBS scripts
added
Before-Connect scripts are now able to return a username and password
added
Scripting command added to list all connections as a JSON parsable string
improved
Connection-specific DNS Suffix Search List is now used instead of the global list on Windows 10 1809+
improved
IPv6 SLAAC/RA TAP support has been improved
improved
NCSI and NLA support on Windows 10 2004+ has been improved
improved
Additional compression options have been added to the editor
updated
OpenSSL updated to verion 1.1.1h
fixed
An issue where an extraneous adapter was sometimes left behind after a failed connection attempt no longer occurs
fixed
A rare issue where a connection would become stuck in the creating state has been fixed
fixed
Inline auth-user-pass is now imported correctly
fixed
Resolves low-severity security vulnerability in the installer that could allow library side-loading
fixed
Resolves an issue connecting to some 2FA enabled servers (Build 1695)
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.3 removed

The 1.9 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.6

Viscosity version 1.8.6 is now available for both macOS and Windows! This update brings a number of small improvements, updated OpenVPN and OpenSSL versions, two-factor authentication enhancements, and small bug fixes.

In particular, on the macOS side U2F support has been overhauled to offer a smoother device registration process as well as support for additional devices. It also lays the groundwork for FIDO2 support in a future update to Viscosity.

The Windows version has also overhauled remote server endpoint selection to match the Mac version's functionality. In particular, the Windows version now also supports round-robin DNS for server domains that resolve to multiple IP addresses. Reachability checking at the start of a connection has also been improved, with local reachability problems detected sooner.

The macOS version also resolves two issues that could result in a connection appearing stuck in a "Disconnecting" state after waking the computer from sleep. This was caused by rapid Power Nap or Wake-on-LAN events causing the computer to wake for very short periods of time. Viscosity should now handle these short wake events correctly.

Finally, this version also updates OpenVPN to version 2.4.9, and OpenSSL to version 1.1.1g, for both platforms.


Version 1.8.6 Mac Release Notes:

added
Additional U2F devices are now supported
improved
Improves flow of U2F registration and authentication
improved
Server generated explicit-exit-notify messages are now supported
updated
OpenVPN 2.4 updated to version 2.4.9
updated
OpenSSL updated to version 1.1.1g
fixed
Resolves a potential VPN connection hang after a Power Nap event
fixed
Resolves a potential VPN connection hang after a rapid WoL event
fixed
OpenVPN will no longer fail to start if tmp directory permissions are incorrect
fixed
Resolves a rare potential crash in Viscosity's helper tool
fixed
Various bug fixes and enhancements


Version 1.8.6 Windows Release Notes:

added
Fallback support for servers using a round-robin DNS record
improved
Reachability checking and endpoint selection has been improved
improved
Server generated explicit-exit-notify messages are now supported
updated
Updates OpenVPN to version 2.4.9
updated
Updates OpenSSL to version 1.1.1g
fixed
Resolves an issue that could cause a reachability check to fail when using a proxy server
fixed
Resolves a rare issue where dropouts of TCP VPN connections were not detected
fixed
A DHCP specified gateway on TAP connections will no longer override the Send All Traffic option
fixed
Resolves an issue that could cause reachability checks to fail using some protocols (Build 1681)
fixed
Resolves an issue that could cause reachability checks to fail upon server fallback (Build 1682)
fixed
Various bug fixes and enhancements

The 1.8.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.5

Viscosity version 1.8.5 is now available for both macOS and Windows! This update is primarily a maintenance release to keep Viscosity and your VPN connections running smoothly.

In light of the COVID-19 pandemic, we've limited this update to bug fixes and small improvements only, with no major changes. We've received countless reports of Viscosity playing a widespread and vital role for businesses and educational institutions with staff working from home. In such an environment the last thing we want is for changes to Viscosity's behaviour or user interface to surprise users or add additional workload to already overburdened staff.

On the macOS side, this update resolves a number of rare crashes that have been reported to us, as well as an issue that could prevent custom menu item scripts in a bundled version of Viscosity from running. An issue where Full DNS wouldn't be applied when using a split-routed TAP/bridged connection using DHCP for IP assignment has also been resolved.

The Windows version has a number of small improvements to both the DNS and networking to improve reliability, especially in certain enterprise setups. In particular, Viscosity is now better able to prevent loopback DNS settings remaining in rare situations caused by a Windows crash or surprise hardware removal. An issue where users may not get prompted for their U2F credentials on some Windows 10 machines has been resolved, as well as an issue that could cause VPN connections to fail to automatically reconnect.

We’re also aware of difficulty using the SafeNet Authentication Client (SAC) PKCS#11 driver with Viscosity 1.8.4 and earlier on macOS 10.15. The driver does not conform to macOS 10.15's dynamic library linking requirements, and so macOS blocks it from loading. We've been informed that updating to the latest version of the driver (10.2 Post GA R2) should resolve this. For those stuck on older versions of the driver, we've also managed to implement a workaround in Viscosity to allow the driver to load.

We've also received reports of two enterprise security software packages, namely "SentinelOne" and "Digital Guardian", causing Viscosity to crash under macOS 10.15. Users have reported crashes when attempting to launch Viscosity, when attempting to connect a VPN connection, or when clicking on a password field. The fault lies with these software packages being incompatible with macOS 10.15's "hardened runtime" requirement. The developers of both software packages have reported this has been fixed in their respective latest versions. If you are using a workplace-supplied device and are experiencing these crashes, please ask your IT staff to update the relevant software to the latest version.

Users with TAP connections upgrading to macOS 10.15.4 may also receive a "Legacy System Extension" warning from macOS, indicating that future versions of macOS may no longer support the TAP driver. Rest assured that we have already been working on a solution for the next major version of macOS.

Finally, this update also updates OpenSSL to version 1.1.1f for both platforms.


Version 1.8.5 Mac Release Notes:

improved
Workaround to allow the PKCS#11 driver for SafeNet tokens to load
updated
OpenSSL updated to version 1.1.1f
fixed
Resolves issue with Full DNS mode on split-routed TAP connections using DHCP assignment
fixed
Resolves issue that could prevent custom menu item scripts from running
fixed
Resolves a rare potential crash when disconnecting a VPN connection
fixed
Resolves a rare potential crash in Viscosity's helper tool
fixed
Various bug fixes and enhancements
removed
OS X 10.11 is no longer supported


Version 1.8.5 Windows Release Notes:

improved
Viscosity DNS now uses unique loopback IP addresses
improved
Network Profiles will now be cleaned up when a connection is removed
updated
Updates OpenSSL to version 1.1.1f
fixed
Resolves an issue where U2F Windows Security dialog was not appearing on some machines
fixed
Resolves an issue where automatic reconnections sometimes didn't occur after a dropout
fixed
Resolves an issue where Use Windows DNS option was sometimes not observed
fixed
Resolves a rare issue that could cause some connection attempts to fail (build 1665)
fixed
Various bug fixes and enhancements

The 1.8.5 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.4

Viscosity version 1.8.4 is now available for both macOS and Windows! This update includes two-factor token authentication improvements, an updated version of OpenSSL for OpenVPN 2.3, a low-severity security fix, and a number of small bug fixes and improvements for both platforms.

On the authentication side, a number of PKCS#11 issues have been addressed on both platforms, which should allow additional tokens and certificate/keys to be used for authentication. This should also resolve certain keys not working in the previous two releases of Viscosity.

Viscosity now also supports importing connections that include an inline username and password. These will automatically be loaded into the Keychain or Windows Credential Manager at import time for safe storage.

On the Mac Viscosity will now automatically detect when the "Disable Time Machine backups while connected" feature is blocked. macOS 10.15 requires that applications be granted the "Full Disk Access" privilege to enable or disable automatic backups. If granted, Viscosity will only use this privilege to enable/disable Time Machine backups, and only if the feature is enabled.

This update also contains two security related updates. Firstly, OpenVPN 2.3 is now updated to use OpenSSL 1.0.2u (OpenVPN 2.4 will continue to use OpenSSL 1.1.1d). With OpenSSL 1.0.2 now end of life, Viscosity will likely be dropping OpenVPN 2.3 later in the year (please keep in mind that OpenVPN 2.4 is backwards compatible with servers running older versions of OpenVPN).

Secondly, this update also addresses a low-severity security vulnerability (CVE-2020-5180). An attacker with local access could potentially run arbitrary code within Viscosity's OpenVPN sandbox by using a maliciously crafted OpenSSL engine and associated command. Such an attack is successfully contained within Viscosity's sandbox, which has de-elevated permissions and access restrictions, and so an attacker does not gain elevated local permissions (such as root or SYSTEM) on the machine and their actions are severely limited.

However, under macOS an attacker may be able to access on-disk VPN credentials (such as a certificate and private key) from other active OpenVPN connections that run within the sandbox at the same time. This does not apply to the Windows version. Because of this, we encourage those in multi-user macOS environments to update as soon as possible. Special thanks to Rich Mirch for identifying and reporting this issue.


Version 1.8.4 Mac Release Notes:

added
Import support for inline usernames and passwords
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves PKCS#11 issue using some RSA certificates
fixed
Resolves issue moving the menu icon on older versions of macOS
fixed
Detects if Time Machine backups could not be disabled due to macOS privileges
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Various bug fixes and enhancements


Version 1.8.4 Windows Release Notes:

added
Import support for inline usernames and passwords
added
ECDSA support for CNG (--cryptoapicert)
added
TLS 1.3 RSA-PSS support for PKCS#11 and CNG (--cryptoapicert)
improved
Disabled DNS Mode functionality has been improved
updated
OpenSSL updated to version 1.0.2u for OpenVPN 2.3
fixed
Resolves an issue where connections failed on Windows Server Domain Controllers
fixed
Resolves issue with PKCS#11 connections using ECDSA keys
fixed
Resolves low-severity security vulnerability (CVE-2020-5180)
fixed
Resolves regression that could cause some connections to fail on 32-bit installations (Build 1651)
fixed
Various bug fixes and enhancements

The 1.8.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.3

Viscosity version 1.8.3 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements.

Most notably, Viscosity will now prompt to allow connections to OpenVPN setups with certificates where a weak CA digest is detected. This should make it easier to connect to legacy servers without the need to manually adjust any advanced commands.

The Mac update also addresses a regression that could cause EC keys on PKCS#11 devices to be unusable, as well as some small fixes when running on older versions of macOS.


Version 1.8.3 Mac Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
fixed
Resolves issue using EC keys on PKCS#11 devices
fixed
Resolves a potential hang on older versions of macOS when importing connections
fixed
Resolves a tap-to-click issue with the main menu on older versions of macOS
fixed
Resolves a potential crash when importing a connection (build 1521)
fixed
Various bug fixes and enhancements


Version 1.8.3 Windows Release Notes:

improved
Viscosity will now prompt to allow a weak CA digest if detected
improved
Minor user interface improvements
fixed
Various bug fixes and enhancements

The 1.8.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.2

Version 1.8.2 of Viscosity has been released for both macOS and Windows! This update includes both updated versions of OpenVPN (2.4.8) and OpenSSL (1.1.1d), as well as many improvements and bug fixes for both platforms.

In particular, with the update to the OpenSSL 1.1.1 branch we've been able to enable support for TLS version 1.3 and the latest ciphers in Viscosity. When connecting to up to date OpenVPN servers this will allow for more secure and performant VPN connections.

The Windows version of Viscosity has also been overhauled to allow it to run on devices using ARM processors (WoA64 support). Along with supporting ARM, we've been able to include a small additional performance boost to VPN connections.

On the Mac side, this version should feel snappier when running on macOS Catalina, as we've been able to adopt some of the new macOS frameworks. The Mac version also includes some small additional improvements, including faster handling when there are multiple VPN connections connected simultaneously, and additional AppleScript controllability.


Version 1.8.2 Mac Release Notes:

added
Support for TLS 1.3 and additional ciphers
improved
Performance of simultaneous active connections improved
improved
Application performance increased under macOS 10.15
updated
OpenVPN 2.4 updated to version 2.4.8
updated
OpenSSL updated to version 1.1.1d
fixed
Resolves potential hang when disconnecting multiple connections
fixed
Various bug fixes and enhancements


Version 1.8.2 Windows Release Notes:

added
Support for TLS 1.3 and additional ciphers
added
Windows 10 on ARM64 (WoA64) is now supported
improved
Small performance improvements in OpenVPN
updated
OpenSSL updated to version 1.1.1d on OpenVPN 2.4
updated
OpenVPN updated to version 2.4.8
updated
Visual C++ 2015-2019 runtime is now required and will be installed if not present
fixed
Resolves an issue where some connections would fail to connect on subsequent connection attempts
fixed
Resolves an issue where connections would sometimes hang during a reconnect
fixed
Resolves an issue where some .visz configurations failed to import
fixed
Various bug fixes and enhancements

The 1.8.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8.1

Viscosity version 1.8.1 is now available for both macOS and Windows! This update is primarily a maintenance release and it includes a number of small tweaks and improvements for both platforms.

Viscosity now integrates the new U2F APIs introduced in Windows 10 1903. This provides a more native and consistent experience for users also using U2F for Windows authentication, as well as resolving U2F access issues under Windows 10 1903.

We've also worked behind the scenes to make deploying Viscosity in managed macOS environments much easier. Deployments in multi-user environments has been simplified, and the managed installer templates are now able to handle the Start on Login option without the need for custom scripts. Documentation is also now available on how to deploy Viscosity using tools like Munki and Jamf.

Finally, we've also identified some OpenVPN server setups that will unnecessarily push a route-delay command, significantly delaying connection time. Viscosity will now ignore this command when it isn't needed.


Version 1.8.1 Mac Release Notes:

added
Improved support for deploying Viscosity in managed environments
improved
Ignores unnecessary pushed route-delay commands
fixed
Workaround to allow loading the PKCS#11 driver for SafeNet tokens
fixed
Various bug fixes and enhancements


Version 1.8.1 Windows Release Notes:

added
Adopts native Windows U2F integration on Windows 10 1903+
improved
Ignores unnecessary pushed route-delay commands
fixed
Resolves issue where IPv6 DNS Servers may not be used
fixed
Various bug fixes and enhancements

The 1.8.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.8

Viscosity 1.8 is now available for both macOS and Windows! This is a big update, with significant performance improvements for VPN connections. Both macOS and Windows users should immediately notice their OpenVPN connections connecting faster, with slightly lowered CPU usage. Windows users should also notice significantly improved maximum throughput on high-speed network connections.

A traffic graph has also been added to the main menu, providing a quick overview of how your VPN connection is being utilised without needing to open the Details menu. The style of this graph can also be customised from the Appearance section, or turned off for those who prefer to keep things simple.

By popular demand we've also overhauled Viscosity's menu icon system. Not only has this allowed us to include some snappy new icon designs to choose from, all icons now feel much more at home on both macOS and Windows. In particular, on macOS icons with coloured components will now look great in both light and dark mode, behave correctly when selected, and on secondary monitors as well.

On Windows Viscosity now also supports Network Location Awareness for routed/TUN connections. This will resolve an issue that caused some applications, including Microsoft Office and many UWP based apps, from failing to detect that a network connection is available when a VPN connection is connected.

Finally, version 1.8 also brings offical support for macOS 10.15 (Catalina), which is expected to be released next month.


Version 1.8 Mac Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
Improved support for macOS 10.15 (Catalina)
improved
VPN connections will now establish faster
improved
Reduces CPU usage when using higher log verbosity levels
improved
Complete Dark Mode support for menu items with color
updated
OpenSSL updated to version 1.0.2t
fixed
Resolves a potential crash when rapidly connecting and disconnecting connections
fixed
Resolves a potential crash if ifconfig cannot be run
fixed
Resolves a potential hang when using Reset network interfaces on disconnect
fixed
Resolves flickering of the menu icon animation when changing states
fixed
Various bug fixes and enhancements


Version 1.8 Windows Release Notes:

added
Main menu traffic graph for active VPN connections
added
Appearance customisation options for the menu traffic graph
added
New menu icons are available in the Appearance section
improved
VPN connections will now establish faster
improved
Faster maximum throughput of VPN connections
improved
Network Interfaces can now be created without disconnecting other connections
improved
Windows Network Location Awareness will now take place for TUN connections
updated
Updates OpenSSL to version 1.0.2t
fixed
Various bug fixes and enhancements

The 1.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.16

Viscosity version 1.7.16 is now available for both macOS and Windows! This update is primarily a small maintenance release with a focus on bug fixes and minor enhancements.

The Mac update addresses a regression that could result in reachability checks to fail when using a fixed IP version for remote OpenVPN (or proxy) servers, while the Windows update includes a fix for VPN connections using non-standard MTU values. Also included for both platforms are a number of minor requested enhancements to the user interface and connection performance.


Version 1.7.16 Mac Release Notes:

updated
OpenSSL updated to version 1.0.2s
fixed
Reachability checks will no longer fail when using a fixed IP version
fixed
Various bug fixes and enhancements


Version 1.7.16 Windows Release Notes:

updated
Updates OpenSSL to version 1.0.2s
fixed
Resolves issue where a non-default MTU may not be applied to the adapter
fixed
Various bug fixes and enhancements

The 1.7.16 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.7.15

Viscosity version 1.7.15 is now available for both Mac and Windows! This version includes U2F and PKCS#11 improvements, updated versions of both OpenVPN and OpenSSL, and a number of fixes and improvements for both platforms.

We've placed a focus on two-factor authentication for this release, with general improvements to Viscosity's U2F authentication support, including the ability to use U2F tokens from additional manufacturers. PKCS#11 support has also been improved in the Windows version, with smoother handling of problems that may arise when using a token or smartcard.

On the maintenance front, OpenVPN has been updated to version 2.4.7, which includes a number of small bug fixes. OpenSSL has also been updated to version 1.0.2r. The Windows release also includes an updated VPN network adapter driver with slightly improved performance, while the macOS release fixes an issue that could result in some VPN connections failing to try additional remote servers if the first one fails to connect.


Version 1.7.15 Mac Release Notes:

added
Additional U2F devices are now supported
updated
OpenVPN 2.4 updated to version 2.4.7
updated
OpenSSL updated to version 1.0.2r
updated
Adds notarization for increased security
fixed
Resolves failure to fallback to secondary remote servers with some connections
fixed
Resolves a potential crash on macOS 10.14.4+ when updating the helper
fixed
Resolves a potential crash when importing a large number of connections
fixed
Fixes regression that could result in PKCS#11 drivers failing to load (build 1488)
fixed
Various bug fixes and enhancements
removed
OS X 10.10 is no longer supported


Version 1.7.15 Windows Release Notes:

added
Additional U2F devices are now supported
improved
Improved handling of PKCS#11 errors
updated
Updates OpenVPN to version 2.4.7
updated
Updates OpenSSL to version 1.0.2r
updated
VPN Network Adapter driver updated
fixed
Various bug fixes and enhancements

The 1.7.15 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.