Viscosity version 1.11.4 is now available for Windows! It brings improvements to the DNS engine, an updated version of OpenSSL, as well as many small bug fixes and enhancements.

In particular, the performance of the DNS engine for both Full and Split DNS has been significantly improved, with faster responses and improved memory consumption. It also resolves an issue that could result in large memory spikes when receiving an invalid or malformed DNS reply from a DNS server. The chance of receiving an invalid reply should be extremely low, however we observed that some DNS servers may reply with a corrupted reply when under heavy load. Some home routers, as well as some virtual machine solutions (notably VMWare Fusion), can exhibit this behaviour when a large volume of requests are made.

Version 1.11.4 Windows Release Notes:

The 1.11.4 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.11.4 is now available for macOS! This update focuses on improving the performance of VPN connections using a TAP (bridged) setup on macOS 15, and includes an updated version of OpenSSL, as well as many small bug fixes and enhancements.

Unfortunately the recent macOS 15.0.1 update restricted access to the APIs Viscosity needs to implement its Virtual Ethernet driver for TAP connections. Older versions of Viscosity will automatically fall back to its secondary driver (so TAP VPN connections continue to function), however the performance of this driver was limited. This update significantly improves the performance (both throughput and latency) of Viscosity's secondary driver. This means that for almost all users with TAP connections they should see full performance on macOS 15.0.1+.

We're still working on restoring Viscosity's Virtual Ethernet driver functionality on macOS 15.0.1+ and expect to have it fully available again in the future as well. If you still encounter any issues connecting a TAP connection, please ensure that the TAP Driver is set to “Automatic” under Settings->Advanced.

This update also includes significant behind-the-scenes improvements, as we continue to modernise Viscosity's code base. In particular, this update has performance improvements to VPN connection management, as well as general memory safety improvements.

Version 1.11.4 Mac Release Notes:

The 1.11.4 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.11.3 is now available for both macOS and Windows! This update is another small maintenance release, with an updated version of OpenVPN, minor enhancements, and several bug fixes to keep your VPN connections working reliably.

We've taken user feedback on board and have made Viscosity more selective about when displaying an authentication failed message to avoid unnecessary prompting. In particular, older OpenVPN servers may send an authentication failed message for a reason unrelated to the username/password used (particularly when static challenge authentication is used), and Viscosity should now ignore these when appropriate.

On the macOS side, this update contains a fix where identities (when using Viscosity's System Identity feature) on an external token may not be correctly discovered. On the Windows side, SOCKS proxies that require authentication are now correctly supported, and an issue has been fixed that could result in certain dynamic challenge requests not being processed.

Finally, this version also updates OpenVPN to version 2.6.12, which addresses a minor security issue and several small bug fixes.

Version 1.11.3 Mac Release Notes:

Version 1.11.3 Windows Release Notes:

The 1.11.3 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.11.2 is now available for both macOS and Windows! This update is a small maintenance release that includes bug fixes, an updated version of OpenSSL, and minor enhancements to keep Viscosity running smoothly.

In particular, the Mac version adds a newsystem-identity-domain command that allows System Identity matches to be limited to particular Keychain domains. For example, matches can be limited to identities stored in the User's keychain, the System keychain, or removable keychains such as tokens and smartcards. This command can be used to avoid Keychain authentication prompts when matching an identity in a keychain an end user doesn't have access to.

The Windows version also resolves a very rare Blue Screen of Death (BSOD) that could occur during system sleep when certain filter drivers were attached to the virtual network interface. Special thanks to Thomas Loupe for helping us diagnose and debug the issue.

Version 1.11.2 Mac Release Notes:

Version 1.11.2 Windows Release Notes:

The 1.11.2 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.11.1 is now available for both macOS and Windows! This update is a small maintenance release, with an updated version of OpenVPN, several bug fixes, and minor enhancements, to keep Viscosity running smoothly.

To help support the transition to OpenVPN 2.6, which was introduced in Viscosity 1.11, the "ncp-disable" command will now be automatically removed from VPN connections. OpenVPN 2.6 removed support for this command, and it was a common sticking point for many users importing configuration files designed for old versions of OpenVPN.

Viscosity now also has support for a new "static-challenge-acknowledge" command. This command enables prompting the user for a required action during the authentication phase, for example prompting to approve or acknowledge a two-factor authentication request on their phone or other device.

On macOS this update also improves support for locally installed authenticator software that is designed to communicate with a web authentication session. For example, links and buttons should now correctly activate Okta Verify when required.

On the Windows side, this update addresses two issues that could arise during enterprise deployments: identities loaded from the Local Machine certificate store will now be correctly detected, and Single Adapter Mode will no longer create additional virtual network adapters under some circumstances. While not directly part of the update, the ADMX templates have also been updated to support Microsoft Intune deployment.

Finally, this update also addresses two low-severity security issues in third-party components: Sparkle (on macOS) which is used for automatic updates, and the Legacy OpenVPN TAP Adapter (on Windows) which is an optional VPN adapter driver.

The Sparkle update addresses a potential security vulnerability that could allow an attacker to bypass Sparkle's signing checks on update packages. This isn't considered to be exploitable due to other validation methods, however it nevertheless is an important additional security layer. The Legacy OpenVPN TAP Adapter update addresses an issue that could allow an attacker to trigger an integer overflow and crash the driver. The Legacy OpenVPN TAP Adapter is not used by default by Viscosity, and instead it is only used if the Adapter Type has been changed under Advanced Settings.

Version 1.11.1 Mac Release Notes:

Version 1.11.1 Windows Release Notes:

The 1.11.1 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity 1.11 is now available for both macOS and Windows! This is a big update, with OpenVPN 2.6 support, OpenSSL 3.0, significant behind-the-scenes upgrades and improvements, enhanced system identity and token support, IPv6 support improvements, and lots of other new features, improvements, and bug fixes.

OpenVPN 2.6 is a big change that brings several new security and network features to VPN connections. OpenVPN 2.6 is backwards compatible with servers running older versions of OpenVPN, and Viscosity 1.11 will allow you to seamlessly update and use its new features for the vast majority of connections.

As part of this update, Viscosity has also moved to using OpenSSL 3.0. OpenSSL is the security library that Viscosity and OpenVPN use, and it provides the encryption and security protocols used by VPN connections. OpenSSL 3.0 offers many security improvements, as well as deprecating older encryption ciphers, digests, and protocols that are no longer considered secure.

For most users upgrading to OpenVPN 2.6 and OpenSSL 3.0 should be seamless: Viscosity will automatically handle updating most VPN connection configurations. However, some older OpenVPN server setups may not be compatible with OpenVPN 2.6 out-of-the-box. To help ease the transition when connecting to these servers, Viscosity 1.11 introduces a new "Compatibility" setting that makes it easier to connect to servers running older versions of OpenVPN.

The Compatibility setting combines OpenVPN 2.6's new "compat-mode" option with a number of cipher, TLS, and compression changes to match those expected by older versions of OpenVPN. For more information on the Compatibility setting, or for help migrating from OpenVPN 2.5 to version 2.6, please seeMigrating from OpenVPN 2.5 to OpenVPN 2.6.

The macOS version also includes several DNS support improvements and fixes, and users of Viscosity 1.11 should see improved DNS performance and reliability.

The Windows version has also had its PKCS#11 support upgraded, with support for additional token and slot types. In particular, it now supports Slot 9c on YubiKey tokens, which has been a requested feature. Signing using the Windows Certificate Store has also been improved, with additional key types supported. The Windows version also includes several IPv6 improvements, including support for assigning DNS servers and domains via RDNSS and DNSSL.

Finally, macOS 10.15 (Catalina) is no longer supported. Users are strongly encouraged to update to macOS 11 or later. Older Viscosity releases can still be found at theLegacy Downloads page if required.

Version 1.11 Mac Release Notes:

Version 1.11 Windows Release Notes:

The 1.11 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.10.8 is now available for macOS! This update is a maintenance release with internal improvements, bug fixes, and minor enhancements to keep Viscosity running smoothly.

This is the final release to ship with OpenVPN 2.5 and the 1.1.1 branch of OpenSSL. Future versions of Viscosity will be moving to OpenVPN 2.6 and OpenSSL 3.0. We will have more information about these upcoming changes in a future post.

Version 1.10.8 Mac Release Notes:

The 1.10.8 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.10.6 is now available for Windows! This update includes significant changes to fully natively support ARM64 machines, updates to modernize framework and API usage on Windows, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update now completes Viscosity's ARM64 support. Viscosity first introduced support for Windows on ARM64 (WoA) inversion 1.8.2, with all of Viscosity's core components (including OpenVPN connections) ported to run natively. However there was one component that we couldn't port at the time: Viscosity's user interface. Viscosity's user interface relies on the Windows WinForms and WPF frameworks, which didn't have native ARM64 support at the time. However with ARM64 support introduced for these in .NET 4.8.1, we're pleased to announce that Viscosity's user interface is now running natively on ARM64 as well.

This update also resolves several display and rendering issues on the most recent versions of Windows 11, including an issue that could cause Viscosity's toolbar to render in the wrong system color or not respect dark mode. Web authentication (SSO and SAML) support has also been improved, with a number of small issues resolved that could cause an authentication request to fail or a session token to be rejected.

To better support modern versions of Windows (as well as for ARM64 support), Viscosity now requires .NET 4.8.1 and the Visual C++ 2022 runtime. Viscosity's installer will automatically handle upgrading these if required.

Finally, Windows 10 version 2004 (also known as 20H1 and Build 19041) and earlier are no longer supported. Viscosity now requires Windows 10 version 20H2 (Build 19042) or later. With Microsoft no longer issuing security updates for these older versions, we encourage any existing users of these versions to update their copy of Windows.

Version 1.10.6 Windows Release Notes:

The 1.10.6 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.10.7 is now available for macOS! This update is a small maintenance release with bug fixes and minor enhancements to keep Viscosity running smoothly.

In particular, this version fixes a number of DNS related issues that could cause domains to fail to resolve with certain upstream DNS servers, as well as an issue that could cause DNS settings to remain after a VPN connection is disconnected (typically resulting in DNS lookups to fail).

This update also resolves some issues that could cause reachability checks to fail shortly after connecting or when a macOS routing change occurs, resulting in the associated VPN connection being disconnected.

Version 1.10.7 Mac Release Notes:

The 1.10.7 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.

Viscosity version 1.10.6 is now available for macOS! This update includes significant enhancements to DNS functionality, IPv6 support improvements, updates to better support the upcoming macOS 14 (Sonoma) release, an updated version of OpenSSL, and many bug fixes and enhancements.

In particular, this update overhauls Viscosity's DNS engine, allowing Viscosity to support DNS servers and domains set via IPv6 router advertisements (RDNSS and DNSSL), better support for DNS resolution in mixed-IP environments, smarter server fallback selection when one or more DNS servers are unavailable, and general reliability improvements for macOS 13.

IPv6 support has also been improved for bridged (TAP) VPN connections. For those that desire full IPv6 auto-configuration of the VPN connection, Viscosity now supports a new "route-ipv6-gateway auto" flag that allows the IPv6 gateway provided by a router advertisement to be used as the default VPN gateway. This can be added as anadvanced command in Viscosity.

This update also improves web authentication (SSO and SAML), and resolves a number of small issues that could cause an authentication request to mistakenly fail. In particular, this update should resolve occasional authentication issues when using Azure Active Directory as the SAML backend.

This will be the last release to support macOS 10.15. Future updates will require macOS 11 or later. With Apple no longer issuing security updates for macOS 10.15, we encourage any existing 10.15 users to update to macOS 11 or later.

For the Windows users, the Windows version of Viscosity 1.10.6 will be available later this month (with some exciting ARM64 improvements!).

Version 1.10.6 Mac Release Notes:

The 1.10.6 update can be automatically installed from inside Viscosity, ordownloaded and manually installed. For support with this version please visit oursupport section.