Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

SSL/VPN with Qt [Solved]



  • Hi,

    After long searches I didn't find out anything about the capabilities of Qt to do SSL/VPN client for tunelling to a server.
    Even tough Qt is able to ssl, how far is it possible to use Qt to :

    • tunnel TCP and UDP traffic (ICMP if possible)
    • ability to handle "Dynamic Tunnels", that is the capability of tunneling traffic towards an IP range or a whole subnet without the current "loopback based port forwarding"
    • capability to use Virtual Ip (A virtual IP address (VIP or VIPA) is an IP address that is not connected to a specific computer or network interface card (NIC) on a computer. Incoming packets are sent to the VIP address, but they are redirected to physical network interfaces.) like in proxyArp

    thanks


  • Moderators

    I think you are misunderstanding what Qt does: It is a library, not a tunnel manager.

    Qt provides you with a communication channel between two systems (with SSL encryption, or without), no more, no less. Where the data to send over this channel comes from -- or where the data you receive over this channel is send to -- is for your application to implement.



  • As for me tunneling will be much easier for you if you will use special network libraries (as pcap) or system sockets (especially if you will need raw sockets for "invisible" tunnels). Qt Network is more or less high-leveled and it can be a problem for you.



  • Thank you both for your answer.

    I'm far to be a Qt specialist, but not so far to know what is it through some projects. For example, Qt is neither a graphical server, nevertheless you are able to have Qt with qws to start a Linux with frame buffer without any X server in your embedded devs . Those limits in Qt are sometimes fuzzy and this suits me very well.
    In fact, my question was more 'wide targeted' : how to do tunneling in a Qt project that needs to be implemented onto win/linux/Mac platforms .

    thanks Denis for the libs names. When you say that Qt could be a problem, I'm in front of a Java implementation that have many issues (too high level too) and would like to recode it: could it be a good thing through low level drivers for each platforms that would interact with Qt ?



  • VPN is more a job of the underlying operating system. It has to support some kind of socket and/or network interface "magic". As Denis already mentioned, the tunneling/encryption is done with specialized libraries. Qt might help you with the creation of some configuration tool, that, for example, writes the config files for you or calls the low level tools. Qt will not do the actual tunneling/encryption. It is not the right tool for this goal!

    Once you have a running VPN Qt will happily use it. From Qt's sight it is just another (or "the") network. The packaging into the encrypted data stream is transparent, Qt sends/receives unencrypted data in the sense of VPN encryption; you can always add your own encryption on top of this.

    We don't know what the Java implementation does. In general, almost everything that can be done with Java, can be done with C++ (maybe using Qt) too. I don't know of any exception to this, but surely there will be one out there :-)


Log in to reply