Viscosity version 1.10.5 has been released for both macOS and Windows! This version includes several requested features and improvements, including scripting enhancements, connection import compatibility, OpenVPN and OpenSSL updates, and many small bug fixes and enhancements.

In particular, the ability of a Before-Connect script to return a challenge response has been highly requested. This allows for easier integration with software for generating one-time codes and passwords (for example, generating a TOTP code using 1Password) as well as integration with web and application APIs for generating codes or approving connections. Documentation for how to return a challenge from a script can be found in the Knowledge Base.

On macOS the two-factor challenge window now also supports auto-filling. This allows for one-time items like SMS codes to be automatically entered instead of manually typed in or copy-pasted from Messages.

Although a minor change, we received a *lot* of feedback asking for Viscosity's Preference window to be renamed Settings on macOS 13 to match the new "System Settings" naming. So we've gone ahead and made the change! Now when running on macOS 13 or later, Viscosity's Preference window will be named Settings (it will remain as Preferences on macOS 12 and earlier). We've also taken the opportunity to update the naming on Windows to be Settings as well, to better match Windows 10 and 11 schemes.

This version also updates OpenVPN to version 2.5.9, and OpenSSL to version 1.1.1t. The OpenSSL update includes some low-severity security fixes that could potentially impact VPN client connections, so we recommend all users update.

During installation on Windows, the installer will now display a warning if attempting to install Viscosity to a custom non-standard location with unsafe permissions. If Viscosity is installed to a custom location with inappropriate permissions, an attacker with local access could potentially modify the installation and gain elevated privileges. This warning should prevent those unfamiliar with Windows file permissions from accidentally making this mistake. Special thanks to Will Dormann for reporting this to us.

Finally, this release removes OpenVPN 2.4, which is now considered end-of-life. OpenVPN 2.5 has been the default version used in Viscosity for many years and is backwards compatible with servers running older versions (so this change won't prevent connecting to servers running OpenVPN 2.4 or older versions). However, in some rare instances, you may need to make small changes to your VPN connection's configuration in Viscosity for it to be supported by version 2.5. If you need help updating your connection's settings, please don't hesitate to reach out to us.

Version 1.10.5 Mac Release Notes:

Version 1.10.5 Windows Release Notes:

The 1.10.5 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.10.4 is now available for both macOS and Windows! This update adds several highly requested features and improvements, including macOS Keychain identity and token support, performance improvements, update alert changes, and improved support for both macOS 13 (Ventura) and Windows Server 2022. An update to OpenSSL is also included, along with many bug fixes and enhancements.

In particular, we're please to announce that this version includes support for identities (a certificate and private-key combination) stored in the macOS Keychain or on tokens with macOS support. This should be of particular benefit to enterprise deployments that include PKI identities as part of their deployment. Using identities stored on tokens is also now a much easier process: no more having to install and configure PKCS#11 drivers to use tokens and smartcards for authentication! We'll be posting more information on how to make the best use of this new feature, however it can be found under the new "System Identity" authentication option when editing a VPN connection in Viscosity.

This update also improves support for macOS 13 (Ventura) and adopts several new macOS frameworks for improved compatibility and performance. All macOS 13 users are encouraged to update. We've also placed a focus on improving cryptographic performance with this update, managing some modest performance improvements to VPN connections on both Intel and Apple Silicon Macs.

On the Windows side, the Viscosity Virtual Adapter has been updated to support Windows Server 2022. Users upgrading their Windows install will also benefit, as the driver will now also be automatically updated when updating Windows from version 10 to 11 without the need to uninstall/reinstall Viscosity.

Looking towards the future, this update will be the last version of Viscosity to include OpenVPN 2.4. OpenVPN 2.5 has been the default version used for many years now, and version 2.4 will soon reach end-of-life. Please note that you'll still be able to connect to OpenVPN servers running version 2.4 (or even older versions). However in some rare instances you may need to make small changes to your configuration in Viscosity so it is supported by version 2.5.

Finally, this version also updates OpenSSL to version 1.1.1s.

Version 1.10.4 Mac Release Notes:

Version 1.10.4 Windows Release Notes:

The 1.10.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.10.3 has been released for both macOS and Windows! This version adds several commonly requested features, including VPN connection sorting, and separately prompting for two-factor credentials that normally form part of the password. Updates to OpenVPN and OpenSSL are also included, along with many small bug fixes and enhancements.

This update adds a new static-challenge-password command to allow Viscosity to separately prompt for a two-factor credential (such as a one-time password or PIN) and append this credential to the password sent to the server. While we encourage VPN administrators to adopt OpenVPN's static/dynamic challenge support instead (such as documented in the Two-Factor Authentication Setup Guides), we understand there are many legacy setups out there still using this approach. This will allow for a much smoother experience, including enabling username and passwords to be saved without affecting the two-factor prompt.

Another common feature request we've added is the ability to quickly sort VPN connections and folders to make organising and managing them faster. Several sorting options are available, including sorting all connections and folders, just selected items, or just items in a folder. Simply right-click (or control-click) on the items to be sorted and select the appropriate Sort menu option.

On the Windows side, Viscosity will now automatically detect and repair certain issues with a VPN connection's virtual network interface that could cause a connection attempt to fail. When this occurred, Viscosity would disconnect the connection shortly after starting, with an error message in the log indicating the network adapter could not be found. We discovered that in some instances severely out-of-date third-party network filters attached to the VPN interface could cause it to fail. Viscosity will now detect when this is the case and repair the problem.

On macOS, an issue with the Viscosity helper has been resolved that could on rare occasions cause the helper to crash when sleeping the computer with an active VPN connection. This largely only occurred for Apple Silicon users with TAP connections, however in very rare instances it could also occur on Intel Macs, requiring Viscosity to be re-launched on wake.

Finally, this version also updates OpenVPN 2.5 to version 2.5.7, OpenVPN 2.4 to version 2.4.12, and OpenSSL to version 1.1.1o. These updates include a number of small bug fixes and improvements.

Version 1.10.3 Mac Release Notes:

Version 1.10.3 Windows Release Notes:

The 1.10.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.10.2 is now available for both macOS and Windows! This update introduces Dark Mode support for the Windows version, a security-related OpenSSL update for both macOS and Windows versions, along with several small bug fixes and enhancements.

The updated version of OpenSSL addresses a potential security issue with OpenSSL's certificate parsing that could result in a denial-of-service attack. This does not affect the security of OpenVPN connections. However, it could potentially allow a malicious server or man-in-the-middle attacker to stall a VPN connection attempt with an infinite loop, resulting in high CPU usage until the connection attempt is disconnected.

The Windows version also introduces preliminary Dark Mode support. If Windows is set to use Dark Mode, Viscosity will now automatically render its interface using the appropriate dark theme colors. This is still a work in progress, however Dark Mode fans should be less blinded when opening Viscosity's interface with this update.

The macOS version also fixes a number of small IPv6 related issues, including not correctly displaying the IPv6 address assigned to a VPN connection in the menu or Details window.

Version 1.10.2 Mac Release Notes:

Version 1.10.2 Windows Release Notes:

The 1.10.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.10.1 is now available for both macOS and Windows! This update is primarily a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, the Mac version is now able to detect and workaround an issue that caused Viscosity to hang in the background when trying to update old versions of its helper tool on macOS 12. It is no longer necessary to manually remove old versions of the helper on macOS 12 in these instances.

The Windows version also resolves a similar issue that could cause VPN connections to fail if Windows had been upgraded from Windows 10 to Windows 11 without the driver being manually updated.

Version 1.10.1 Mac Release Notes:

Version 1.10.1 Windows Release Notes:

The 1.10.1 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity 1.10 is now available for both macOS and Windows! This is a big update, with OpenVPN 2.5 support, support for both macOS 12 and Windows 11, support for SSO and SAML authentication, and lots of other new features and improvements.

OpenVPN 2.5 brings several new features to VPN connections, including support for the ChaCha20-Poly1305 cipher, TLS 1.3 support, improved session token management, and many other networking improvements. OpenVPN 2.5 is backwards compatible with servers running older versions of OpenVPN, however Viscosity still includes OpenVPN 2.4 which can be enabled at any time under Preferences->Advanced.

This release also adds support for the latest macOS and Windows operating systems. macOS 12 (Monterey), expected to be available shortly, is now supported. Windows 11, just recently released, is now fully supported as well.

Please note that while macOS 12 is supported, iCloud Private Relay beta (available in macOS 12) has several known incompatibilities with common VPN setups. We hope to have improved compatibility with Private Relay in a future update.

Viscosity 1.10 also introduces support for SSO and SAML authentication, allowing OpenVPN setups to better integrate into existing enterprise authentication systems. For those with custom OpenVPN server setups, we expect to have setup guides on how to configure SSO/SAML server-side in our knowledge base soon.

Viscosity’s Import from Server feature has also been overhauled, and now supports a number of new features, including web-based authentication (including SSO/SAML), automatic detection and TOTP two-factor enrollment, and support for OpenVPN Cloud.

Also included are many additional small improvements and bug fixes. More details can be found in the release notes below.

Finally, this update requires macOS 10.15 or later on Mac, and Windows 10 or later on Windows. macOS 10.13 and 10.14, and Windows 7 and 8.1, are no longer supported. These older OS versions are either no longer receiving security updates, or require the use of deprecated OS APIs that make supporting newer OS versions significantly more difficult. Older Viscosity releases that will run on these versions can still be found at the Legacy Downloads page.

Version 1.10 Mac Release Notes:

Version 1.10 Windows Release Notes:

The 1.10 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.9.4 is now available for both macOS and Windows! This update is a security release and includes an important security fix for the macOS version, OpenSSL updates for both platforms, and a number of small bug fixes.

On the macOS side, a privilege escalation vulnerability has been identified that could potentially allow a local user to gain elevated privileges with a maliciously crafted update bundle. Local machine access is required, it cannot be exploited remotely, and it does not affect the security of VPN connections. However, as it potentially allows a standard user to gain admin (root) permissions, we've classified it as a high severity issue. We strongly encourage all macOS users to update to version 1.9.4 as soon as possible, particularly those in multi-user or enterprise environments. Special thanks to AfkVkas for taking a look at Viscosity and identifying this attack chain.

While the Windows version is not affected by this issue, we've taken the opportunity to perform some additional hardening of the service in this update. Both versions also include an updated version of OpenSSL and several small bug fixes.

Version 1.9.4 Mac Release Notes:

Version 1.9.4 Windows Release Notes:

The 1.9.4 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.9.3 is now available for both macOS and Windows! This update includes a number of improvements, including refined support for Apple Silicon (M1) Macs, updated versions of both OpenVPN and OpenSSL, and a number of small bug fixes.

In particular, the Mac version has been updated to automatically detect common DNS misconfigurations and add a warning where appropriate. Problems such as unreachable servers, DNS servers routed through the wrong network interface, use of reserved DNS domains, conflicting DNS domains, and so forth, will be now identified and additional information added to the connection log. We anticipate this should greatly simplify troubleshooting DNS problems for users and administrators unfamiliar with macOS's DNS resolver system.

This version also updates OpenVPN to version 2.4.11 for both Mac and Windows. While this OpenVPN update addresses a potentially serious security issue, it only affects OpenVPN servers. Viscosity clients are unaffected.

Finally, this version also updates OpenSSL to version 1.1.1k for both platforms.

As a follow-up, we're pleased to report that Apple have confirmed that they've resolved the underlying problem (that could cause macOS updates to stall) that necessitated the previous 1.9.2 release of Viscosity with a workaround. This has been resolved in the recent macOS 11.3 update. While we'll leave Viscosity's workaround in place for the foreseeable future (out of an abundance of caution), updating to macOS 11.3 and onwards should always go smoothly, even if an older version of Viscosity is being used.

Version 1.9.3 Mac Release Notes:

Version 1.9.3 Windows Release Notes:

The 1.9.3 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.9.2 is now available for Windows! This update is primarily a maintenance release with bug fixes and small enhancements.

This release focuses on improving support for High DPI Scaling and multi-monitor setups on Windows. In particular, Viscosity will now fully handle setups where the DPI scaling varies from monitor to monitor, and support for High DPI user interface elements has been improved. To allow for DPI Scaling improvements, Viscosity now also requires .NET 4.8 or later.

Finally, we’ve also identified and fixed an issue that could cause a DNS domain to fail to be correctly used as a DNS suffix when using the legacy OpenVPN TAP Adapter.

Version 1.9.2 Windows Release Notes:

The 1.9.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.

Viscosity version 1.9.2 is now available for macOS! This is a small update designed to address a single issue related to system updates on macOS 11 (Big Sur). Version 1.9.1 remains the latest Windows version.

We've identified a situation where Viscosity could inadvertently trigger a bug in the macOS update process when updating macOS 11 from version 11.0 or 11.1 to version 11.2.x. This bug can result in the update process stalling at a black screen (with an Apple logo and progress bar) for affected installs.

While this appears to be a bug in the macOS update process, and not directly with Viscosity itself, as it is highly disruptive to those impacted we've elected to push out this update with a workaround in Viscosity to avoid it. If you're running macOS 11 and haven't yet updated it to the latest version, we strongly encourage you to update Viscosity to version 1.9.2 before proceeding.

It's only possible for this bug to be triggered in a small number of instances, and so the vast majority of Viscosity users will not be impacted. Users not updating between the above versions of macOS shouldn't be affected. Users connecting TUN connections are not affected. Users connecting TAP connections may be affected depending on the VPN configuration and cached network settings.

If you've already tried updating macOS 11 and the update has stalled, you can boot your computer into Safe Mode (please note that the process differs between Intel and Apple Silicon Macs) and re-run the update from there. It may be necessary to download and run the full macOS 11 installer from the App Store to complete the update. It is not necessary to erase your computer or restore from Time Machine. If you're unable to boot your computer into Safe Mode, then the cause for the stalled update is unlikely to be related to Viscosity.

Special thanks to Tobias Punke for initially reporting this issue.

Version 1.9.2 Mac Release Notes:

The 1.9.2 update can be automatically installed from inside Viscosity, or downloaded and manually installed. For support with this version please visit our support section.