SparkLabs Blog.

The latest news and releases.


Viscosity For Mac & Windows: Version 1.11

Viscosity 1.11 is now available for both macOS and Windows! This is a big update, with OpenVPN 2.6 support, OpenSSL 3.0, significant behind-the-scenes upgrades and improvements, enhanced system identity and token support, IPv6 support improvements, and lots of other new features, improvements, and bug fixes.

OpenVPN 2.6 is a big change that brings several new security and network features to VPN connections. OpenVPN 2.6 is backwards compatible with servers running older versions of OpenVPN, and Viscosity 1.11 will allow you to seamlessly update and use its new features for the vast majority of connections.

As part of this update, Viscosity has also moved to using OpenSSL 3.0. OpenSSL is the security library that Viscosity and OpenVPN use, and it provides the encryption and security protocols used by VPN connections. OpenSSL 3.0 offers many security improvements, as well as deprecating older encryption ciphers, digests, and protocols that are no longer considered secure.

For most users upgrading to OpenVPN 2.6 and OpenSSL 3.0 should be seamless: Viscosity will automatically handle updating most VPN connection configurations. However, some older OpenVPN server setups may not be compatible with OpenVPN 2.6 out-of-the-box. To help ease the transition when connecting to these servers, Viscosity 1.11 introduces a new "Compatibility" setting that makes it easier to connect to servers running older versions of OpenVPN.

The Compatibility setting combines OpenVPN 2.6's new "compat-mode" option with a number of cipher, TLS, and compression changes to match those expected by older versions of OpenVPN. For more information on the Compatibility setting, or for help migrating from OpenVPN 2.5 to version 2.6, please see Migrating from OpenVPN 2.5 to OpenVPN 2.6.

The macOS version also includes several DNS support improvements and fixes, and users of Viscosity 1.11 should see improved DNS performance and reliability.

The Windows version has also had its PKCS#11 support upgraded, with support for additional token and slot types. In particular, it now supports Slot 9c on YubiKey tokens, which has been a requested feature. Signing using the Windows Certificate Store has also been improved, with additional key types supported. The Windows version also includes several IPv6 improvements, including support for assigning DNS servers and domains via RDNSS and DNSSL.

Finally, macOS 10.15 (Catalina) is no longer supported. Users are strongly encouraged to update to macOS 11 or later. Older Viscosity releases can still be found at the Legacy Downloads page if required.


Version 1.11 Mac Release Notes:

added
OpenVPN 2.6 Support
added
OpenVPN server version compatibility option in connection editor
improved
Import support for IPv4 routes being specified with a prefix
improved
Full DNS support when using an iOS mobile device tunnel
improved
Increases the maximum allowable height of the Settings window
improved
Detection of additional mismatched client-server cipher settings
improved
Support for additional System Identity certificate types and tokens
updated
OpenVPN updated to version 2.6.9
updated
OpenSSL updated to version 3.0.13
fixed
Resolves issue where Viscosity helper may crash when updating DNS
fixed
Resolves certain proxy commands getting incorrectly flagged as unsafe
fixed
Resolves certain inline PKCS#12 files not importing correctly
fixed
Resolves issue where Full DNS mode may disable on rapid network changes
fixed
Resolves issue where Viscosity may stop responding after sorting an empty folder
fixed
Resolves issue where a web authentication page may remain in memory after close
fixed
Resolves issue when Import from Server profile URL uses a different domain
fixed
Workaround for login bug in CloudConnexa when using Import from Server
fixed
Resolves Authentication Type menu being mislabelled for some localizations
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.5 removed
removed
macOS 10.15 is no longer supported


Version 1.11 Windows Release Notes:

added
OpenVPN 2.6 Support
added
OpenVPN server version compatibility option in connection editor
added
Support for DNS servers and domains set via IPv6 RAs (RDNSS and DNSSL)
added
Automatic IPv6 RA gateway detection via new route-ipv6-gateway auto flag
improved
Support for additional PKCS#11 tokens and slot types
improved
Import support for IPv4 routes being specified with a prefix
improved
Detection of additional mismatched client-server cipher settings
improved
Support for additional Windows Certificate Store certificate types and tokens
improved
Improved support for IPv6-only TAP connections
updated
OpenVPN updated to version 2.6.9
updated
OpenSSL updated to version 3.0.13
fixed
Resolves issue running on older Windows 10 on ARM64 devices
fixed
Resolves issue when Import from Server profile URL uses a different domain
fixed
Workaround for login bug in CloudConnexa when using Import from Server
fixed
Resolves issue where the reported connection time could be incorrect
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.5 removed

The 1.11 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.8

Viscosity version 1.10.8 is now available for macOS! This update is a maintenance release with internal improvements, bug fixes, and minor enhancements to keep Viscosity running smoothly.

This is the final release to ship with OpenVPN 2.5 and the 1.1.1 branch of OpenSSL. Future versions of Viscosity will be moving to OpenVPN 2.6 and OpenSSL 3.0. We will have more information about these upcoming changes in a future post.


Version 1.10.8 Mac Release Notes:

improved
Support for OpenVPN-AS web authentication session tokens improved
updated
OpenSSL updated to version 1.1.1w
fixed
Resolves issue where a managed bundle may redeploy on launch
fixed
Resolves issue where tools using legacy DNS may not resolve after a network change
fixed
Various bug fixes and enhancements

The 1.10.8 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Windows: Version 1.10.6

Viscosity version 1.10.6 is now available for Windows! This update includes significant changes to fully natively support ARM64 machines, updates to modernize framework and API usage on Windows, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update now completes Viscosity's ARM64 support. Viscosity first introduced support for Windows on ARM64 (WoA) in version 1.8.2, with all of Viscosity's core components (including OpenVPN connections) ported to run natively. However there was one component that we couldn't port at the time: Viscosity's user interface. Viscosity's user interface relies on the Windows WinForms and WPF frameworks, which didn't have native ARM64 support at the time. However with ARM64 support introduced for these in .NET 4.8.1, we're pleased to announce that Viscosity's user interface is now running natively on ARM64 as well.

This update also resolves several display and rendering issues on the most recent versions of Windows 11, including an issue that could cause Viscosity's toolbar to render in the wrong system color or not respect dark mode. Web authentication (SSO and SAML) support has also been improved, with a number of small issues resolved that could cause an authentication request to fail or a session token to be rejected.

To better support modern versions of Windows (as well as for ARM64 support), Viscosity now requires .NET 4.8.1 and the Visual C++ 2022 runtime. Viscosity's installer will automatically handle upgrading these if required.

Finally, Windows 10 version 2004 (also known as 20H1 and Build 19041) and earlier are no longer supported. Viscosity now requires Windows 10 version 20H2 (Build 19042) or later. With Microsoft no longer issuing security updates for these older versions, we encourage any existing users of these versions to update their copy of Windows.


Version 1.10.6 Windows Release Notes:

added
Viscosity now runs completely natively on ARM64 machines
improved
Support for OpenVPN-AS web authentication session tokens improved
updated
OpenSSL updated to version 1.1.1w
updated
.NET 4.8.1 is now required
updated
Visual C++ 2022 runtime is now required
fixed
Fixes issue where the Settings toolbar would not adopt dark mode on Windows 11
fixed
Fixes issue where toolbars would not adopt the system color on Windows 11
fixed
Fixes a background display issue with the Menu Icons setting
fixed
Various bug fixes and enhancements
removed
Windows 10 version 2004 and older are no longer supported

The 1.10.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.7

Viscosity version 1.10.7 is now available for macOS! This update is a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, this version fixes a number of DNS related issues that could cause domains to fail to resolve with certain upstream DNS servers, as well as an issue that could cause DNS settings to remain after a VPN connection is disconnected (typically resulting in DNS lookups to fail).

This update also resolves some issues that could cause reachability checks to fail shortly after connecting or when a macOS routing change occurs, resulting in the associated VPN connection being disconnected.


Version 1.10.7 Mac Release Notes:

fixed
Resolves issue where VPN DNS settings may remain after disconnect
fixed
Resolves issue where a TCP reachability check may fail after connecting
fixed
Resolves issue where a reachability check may fail during a routing change
fixed
Resolves issue where DNS lookups to certain DNS servers could fail
fixed
Resolves rare helper crash that could be caused by an invalid local DNS lookup
fixed
Various bug fixes and enhancements

The 1.10.7 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac: Version 1.10.6

Viscosity version 1.10.6 is now available for macOS! This update includes significant enhancements to DNS functionality, IPv6 support improvements, updates to better support the upcoming macOS 14 (Sonoma) release, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update overhauls Viscosity's DNS engine, allowing Viscosity to support DNS servers and domains set via IPv6 router advertisements (RDNSS and DNSSL), better support for DNS resolution in mixed-IP environments, smarter server fallback selection when one or more DNS servers are unavailable, and general reliability improvements for macOS 13.

IPv6 support has also been improved for bridged (TAP) VPN connections. For those that desire full IPv6 auto-configuration of the VPN connection, Viscosity now supports a new "route-ipv6-gateway auto" flag that allows the IPv6 gateway provided by a router advertisement to be used as the default VPN gateway. This can be added as an advanced command in Viscosity.

This update also improves web authentication (SSO and SAML), and resolves a number of small issues that could cause an authentication request to mistakenly fail. In particular, this update should resolve occasional authentication issues when using Azure Active Directory as the SAML backend.

This will be the last release to support macOS 10.15. Future updates will require macOS 11 or later. With Apple no longer issuing security updates for macOS 10.15, we encourage any existing 10.15 users to update to macOS 11 or later.

For the Windows users, the Windows version of Viscosity 1.10.6 will be available later this month (with some exciting ARM64 improvements!).


Version 1.10.6 Mac Release Notes:

added
Support for DNS servers and domains set via IPv6 RAs (RDNSS and DNSSL)
added
Automatic IPv6 RA gateway detection via new route-ipv6-gateway auto flag
improved
Improved support for macOS 14 (Sonoma)
improved
Improved support for IPv6-only TAP connections
improved
Smarter DNS server fallback when using Full DNS
improved
Full DNS better handles mixed IP environments
updated
OpenSSL updated to version 1.1.1u
fixed
Resolves issue where a reachability check may fail for certain TCP-based connections
fixed
Resolves issue where a typed username may display as bullets
fixed
Resolves crash when enabling Start Viscosity at Login on macOS 12
fixed
Resolves crash when deploying connection folders with duplicate names
fixed
Resolves the reported upload speed being slower than the actual speed
fixed
Resolves issue where a managed bundle installation might not deploy successfully
fixed
Prevents a web authentication page from being able to continuously request focus
fixed
Resolves issue where a web authentication page may fail to load on a redirect
fixed
Resolves rare issue where network access could be lost while connected on macOS 13
fixed
Fixes regression that could cause DNS to not apply when WINS in use (build 1641)
fixed
Fixes regression where DNS domains would be treated as case-sensitive (build 1642)
fixed
Various bug fixes and enhancements

The 1.10.6 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.5

Viscosity version 1.10.5 has been released for both macOS and Windows! This version includes several requested features and improvements, including scripting enhancements, connection import compatibility, OpenVPN and OpenSSL updates, and many small bug fixes and enhancements.

In particular, the ability of a Before-Connect script to return a challenge response has been highly requested. This allows for easier integration with software for generating one-time codes and passwords (for example, generating a TOTP code using 1Password) as well as integration with web and application APIs for generating codes or approving connections. Documentation for how to return a challenge from a script can be found in the Knowledge Base.

On macOS the two-factor challenge window now also supports auto-filling. This allows for one-time items like SMS codes to be automatically entered instead of manually typed in or copy-pasted from Messages.

Although a minor change, we received a *lot* of feedback asking for Viscosity's Preference window to be renamed Settings on macOS 13 to match the new "System Settings" naming. So we've gone ahead and made the change! Now when running on macOS 13 or later, Viscosity's Preference window will be named Settings (it will remain as Preferences on macOS 12 and earlier). We've also taken the opportunity to update the naming on Windows to be Settings as well, to better match Windows 10 and 11 schemes.

This version also updates OpenVPN to version 2.5.9, and OpenSSL to version 1.1.1t. The OpenSSL update includes some low-severity security fixes that could potentially impact VPN client connections, so we recommend all users update.

During installation on Windows, the installer will now display a warning if attempting to install Viscosity to a custom non-standard location with unsafe permissions. If Viscosity is installed to a custom location with inappropriate permissions, an attacker with local access could potentially modify the installation and gain elevated privileges. This warning should prevent those unfamiliar with Windows file permissions from accidentally making this mistake. Special thanks to Will Dormann for reporting this to us.

Finally, this release removes OpenVPN 2.4, which is now considered end-of-life. OpenVPN 2.5 has been the default version used in Viscosity for many years and is backwards compatible with servers running older versions (so this change won't prevent connecting to servers running OpenVPN 2.4 or older versions). However, in some rare instances, you may need to make small changes to your VPN connection's configuration in Viscosity for it to be supported by version 2.5. If you need help updating your connection's settings, please don't hesitate to reach out to us.


Version 1.10.5 Mac Release Notes:

added
Before Connect scripts can now also return a challenge response
improved
Support for autofilling a two-factor challenge with a SMS security code
improved
Import from Server support for newer versions of OpenVPN-AS using SAML
improved
Preferences now named Settings on macOS 13+
updated
OpenVPN 2.5 updated to version 2.5.9
updated
OpenSSL updated to version 1.1.1t
fixed
Resolves issue where certain system identities may not be detected
fixed
Resolves issue where certain web authentication requests could not be loaded
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.4 removed


Version 1.10.5 Windows Release Notes:

added
Before Connect scripts can now also return a challenge response
improved
Import from Server support for newer versions of OpenVPN-AS using SAML
improved
Preferences now named Settings to match Windows naming
updated
OpenVPN 2.5 updated to version 2.5.9
updated
OpenSSL updated to version 1.1.1t
fixed
Resolves issue where certain advanced commands would not appear in the editor
fixed
The installer will now warn if installing to a potentially insecure custom location
fixed
Various bug fixes and enhancements
removed
OpenVPN 2.4 removed

The 1.10.5 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.4

Viscosity version 1.10.4 is now available for both macOS and Windows! This update adds several highly requested features and improvements, including macOS Keychain identity and token support, performance improvements, update alert changes, and improved support for both macOS 13 (Ventura) and Windows Server 2022. An update to OpenSSL is also included, along with many bug fixes and enhancements.

In particular, we're please to announce that this version includes support for identities (a certificate and private-key combination) stored in the macOS Keychain or on tokens with macOS support. This should be of particular benefit to enterprise deployments that include PKI identities as part of their deployment. Using identities stored on tokens is also now a much easier process: no more having to install and configure PKCS#11 drivers to use tokens and smartcards for authentication! We'll be posting more information on how to make the best use of this new feature, however it can be found under the new "System Identity" authentication option when editing a VPN connection in Viscosity.

This update also improves support for macOS 13 (Ventura) and adopts several new macOS frameworks for improved compatibility and performance. All macOS 13 users are encouraged to update. We've also placed a focus on improving cryptographic performance with this update, managing some modest performance improvements to VPN connections on both Intel and Apple Silicon Macs.

On the Windows side, the Viscosity Virtual Adapter has been updated to support Windows Server 2022. Users upgrading their Windows install will also benefit, as the driver will now also be automatically updated when updating Windows from version 10 to 11 without the need to uninstall/reinstall Viscosity.

Looking towards the future, this update will be the last version of Viscosity to include OpenVPN 2.4. OpenVPN 2.5 has been the default version used for many years now, and version 2.4 will soon reach end-of-life. Please note that you'll still be able to connect to OpenVPN servers running version 2.4 (or even older versions). However in some rare instances you may need to make small changes to your configuration in Viscosity so it is supported by version 2.5.

Finally, this version also updates OpenSSL to version 1.1.1s.


Version 1.10.4 Mac Release Notes:

added
Authentication support using Keychain identities and tokens
improved
Improved support for macOS 13 (Ventura)
improved
Performance of VPN connections improved
improved
Update alerts are now less obtrusive and use Notification Center
updated
OpenSSL updated to version 1.1.1s
fixed
Resolves issue where certain advanced commands would not appear in the editor
fixed
Fixes regression that could result in unsigned PKCS#11 drivers failing to load (build 1611)
fixed
Various bug fixes and enhancements


Version 1.10.4 Windows Release Notes:

improved
Viscosity Virtual Adapter now supports Windows Server 2022
improved
Viscosity Virtual Adapter will now be automatically updated after a Windows 10 to 11 upgrade
improved
Additional alternative names for DHCP options now supported
updated
OpenSSL updated to version 1.1.1s
updated
Legacy OpenVPN TAP Adapter driver updated
fixed
Resolves issue where empty or whitespace passwords were not accepted
fixed
Resolves issue importing connections with unicode characters in name
fixed
Resolves issue preventing a VPN connection being reconnected once connect-retry-max was reached
fixed
Resolves issue where advanced obfuscation key parameters may be ignored
fixed
Resolves issue where the command-line tool required an older .NET version
fixed
Various bug fixes and enhancements

The 1.10.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.3

Viscosity version 1.10.3 has been released for both macOS and Windows! This version adds several commonly requested features, including VPN connection sorting, and separately prompting for two-factor credentials that normally form part of the password. Updates to OpenVPN and OpenSSL are also included, along with many small bug fixes and enhancements.

This update adds a new static-challenge-password command to allow Viscosity to separately prompt for a two-factor credential (such as a one-time password or PIN) and append this credential to the password sent to the server. While we encourage VPN administrators to adopt OpenVPN's static/dynamic challenge support instead (such as documented in the Two-Factor Authentication Setup Guides), we understand there are many legacy setups out there still using this approach. This will allow for a much smoother experience, including enabling username and passwords to be saved without affecting the two-factor prompt.

Another common feature request we've added is the ability to quickly sort VPN connections and folders to make organising and managing them faster. Several sorting options are available, including sorting all connections and folders, just selected items, or just items in a folder. Simply right-click (or control-click) on the items to be sorted and select the appropriate Sort menu option.

On the Windows side, Viscosity will now automatically detect and repair certain issues with a VPN connection's virtual network interface that could cause a connection attempt to fail. When this occurred, Viscosity would disconnect the connection shortly after starting, with an error message in the log indicating the network adapter could not be found. We discovered that in some instances severely out-of-date third-party network filters attached to the VPN interface could cause it to fail. Viscosity will now detect when this is the case and repair the problem.

On macOS, an issue with the Viscosity helper has been resolved that could on rare occasions cause the helper to crash when sleeping the computer with an active VPN connection. This largely only occurred for Apple Silicon users with TAP connections, however in very rare instances it could also occur on Intel Macs, requiring Viscosity to be re-launched on wake.

Finally, this version also updates OpenVPN 2.5 to version 2.5.7, OpenVPN 2.4 to version 2.4.12, and OpenSSL to version 1.1.1o. These updates include a number of small bug fixes and improvements.


Version 1.10.3 Mac Release Notes:

added
Connections and folders can now be automatically sorted
added
Separate prompt support for two-factor challenges that form part of a password
improved
Additional license details displayed in the About section
updated
OpenVPN 2.5 updated to version 2.5.7
updated
OpenVPN 2.4 updated to version 2.4.12
updated
OpenSSL updated to version 1.1.1o
fixed
Resolves rare crash when sleeping the computer with an active VPN connection
fixed
Resolves issue where DHCP may not enable for certain configurations
fixed
Various bug fixes and enhancements


Version 1.10.3 Windows Release Notes:

added
Connections and folders can now be automatically sorted
added
Separate prompt support for two-factor challenges that form part of a password
improved
Additional license details displayed in the About section
improved
Automatic detection and repair of VPN adapter issues caused by third-party legacy filters
updated
OpenSSL updated to version 1.1.1p
updated
OpenVPN 2.5 updated to version 2.5.7
updated
OpenVPN 2.4 updated to version 2.4.12
fixed
Resolves rare issue where network settings were not restored after a system crash
fixed
Various bug fixes and enhancements

The 1.10.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.2

Viscosity version 1.10.2 is now available for both macOS and Windows! This update introduces Dark Mode support for the Windows version, a security-related OpenSSL update for both macOS and Windows versions, along with several small bug fixes and enhancements.

The updated version of OpenSSL addresses a potential security issue with OpenSSL's certificate parsing that could result in a denial-of-service attack. This does not affect the security of OpenVPN connections. However, it could potentially allow a malicious server or man-in-the-middle attacker to stall a VPN connection attempt with an infinite loop, resulting in high CPU usage until the connection attempt is disconnected.

The Windows version also introduces preliminary Dark Mode support. If Windows is set to use Dark Mode, Viscosity will now automatically render its interface using the appropriate dark theme colors. This is still a work in progress, however Dark Mode fans should be less blinded when opening Viscosity's interface with this update.

The macOS version also fixes a number of small IPv6 related issues, including not correctly displaying the IPv6 address assigned to a VPN connection in the menu or Details window.


Version 1.10.2 Mac Release Notes:

updated
OpenVPN 2.5 updated to version 2.5.5
updated
OpenSSL updated to version 1.1.1n
fixed
Resolves issue where an assigned IPv6 address may not be displayed
fixed
Resolves issue where the Details window could ignore the Prefer IPv6 option
fixed
Resolves issue using Import from Server with certain cloud servers
fixed
Various bug fixes and enhancements


Version 1.10.2 Windows Release Notes:

added
Initial Dark Mode support
updated
OpenVPN 2.5 updated to version 2.5.5
updated
OpenSSL updated to version 1.1.1n
fixed
Resolves issue using Import from Server with certain cloud servers
fixed
Various bug fixes and enhancements

The 1.10.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity For Mac & Windows: Version 1.10.1

Viscosity version 1.10.1 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, the Mac version is now able to detect and workaround an issue that caused Viscosity to hang in the background when trying to update old versions of its helper tool on macOS 12. It is no longer necessary to manually remove old versions of the helper on macOS 12 in these instances.

The Windows version also resolves a similar issue that could cause VPN connections to fail if Windows had been upgraded from Windows 10 to Windows 11 without the driver being manually updated.


Version 1.10.1 Mac Release Notes:

improved
Further information will now be displayed for a tool permission failure
fixed
Unexpected termination of the helper during an upgrade now handled on macOS 12
fixed
Resolves display issue with some options under certain localizations
fixed
Certain configuration issues preventing OpenVPN from starting will now be correctly logged
fixed
Various bug fixes and enhancements


Version 1.10.1 Windows Release Notes:

improved
Microsoft Edge WebView2 Runtime is now optional to install at setup
fixed
DNS Resolution will now work with local (loopback) DNS resolvers or proxies
fixed
Resolves an issue where installation would fail if multiple prerequisites are required
fixed
Driver is now correctly updated by installer after upgrading a Windows 10 system to Windows 11
fixed
Various bug fixes and enhancements

The 1.10.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.