failing C-MOVE over wireguard vpn tunnel

[Pawel Tyniec]

Hello 

Can anyone tell me what am I doing wrong?

I'm able to send dicom's from horos host to orthanc w/o issues, but when I try to get image from orthanc server i receive error Move Failed

I'm connecting over wireguard VPN from 10.6.0.3 [MBPro] to 192.168.6.8 [Orthanc]

VPN server is working on 192.168.6.1 

I configured static route so orthanc host knows where to look for MBPro

traffic over vpn to orthanc

MBP-Pawe:~ pawelt$ traceroute 192.168.6.8

traceroute to 192.168.6.8 (192.168.6.8), 64 hops max, 52 byte packets

 1  10.6.0.1 (10.6.0.1)  83.721 ms  63.439 ms  76.976 ms

 2  orthanc (192.168.6.8)  78.824 ms  60.584 ms  89.985 ms

traffic from orthanc

root@orthanc ~# ping 10.6.0.3

PING 10.6.0.3 (10.6.0.3) 56(84) bytes of data.

64 bytes from 10.6.0.3: icmp_seq=1 ttl=63 time=73.0 ms

From 192.168.6.254: icmp_seq=2 Redirect Host(New nexthop: 192.168.6.1)

64 bytes from 10.6.0.3: icmp_seq=2 ttl=63 time=185 ms

^C

--- 10.6.0.3 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 2ms

rtt min/avg/max/mdev = 73.026/129.139/185.252/56.113 ms

Orthanc works behind http reverse-proxy but it's not important atm, I think

log from orthanc

tail /var/log/orthanc/Orthanc.log

W0603 13:25:53.851653 HttpServer.cpp:1127] You should disable HTTP keep alive, as you are using Mongoose

W0603 13:25:53.851700 HttpServer.cpp:1155] HTTP compression is enabled

W0603 13:25:53.854420 HttpServer.cpp:1062] HTTP server listening on port: 8042 (HTTPS encryption is disabled, remote access is allowed)

W0603 13:25:53.854457 main.cpp:712] Orthanc has started

W0603 13:30:28.295203 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET "HOROS"

E0603 13:30:38.359840 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET "HOROS": Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))

E0603 13:30:38.364428 MoveScp.cpp:237] IMoveRequestHandler Failed: Error in the network protocol

W0603 13:40:42.811360 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET "HOROS"

E0603 13:40:52.874019 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET "HOROS": Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))

E0603 13:40:52.874219 MoveScp.cpp:237] IMoveRequestHandler Failed: Error in the network protocol

Regards, Pawel

[Sébastien Jodogne]

Hello,

It is really hard to provide you support, as your setup is inherently non-reproducible:

https://book.orthanc-server.com/users/support.html#discussing-a-minimal-working-example

Nonetheless, the two lines below are interesting (note that you should use the "--verbose", and possibly "--trace-dicom" command-line flags to get more information):

W0603 13:30:28.295203 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET "HOROS"

E0603 13:30:38.359840 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET "HOROS": Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))

As can be seen in the timestamps, there is a timeout after 10 seconds, which seems to correspond to the C-STORE association from Orthanc to Horos (that results from the C-MOVE request from Horos to Orthanc). These 10 seconds correspond to the default value of configuration option "DicomScuTimeout" of Orthanc.

As you are over a VPN tunnel, this default value might be insufficient. Try increase "DicomScuTimeout".

If this doesn't solve your issue, you'll have to look for on-site professional assistance:

https://book.orthanc-server.com/users/support.html#finding-professional-assistance

HTH,

Sébastien-

Regards, Pawel

[Pawel Tyniec]

I've found weird information in orthanc logs, which I'll further investigate - Horos is seen with internal IP of VPN server, and should be seen with 10.6.0.3, and which is even more frustrating, it lists queried studies 🤔

T0605 10:17:22.041311 ServerContext.cpp:202] Serializing the content of the jobs engine

T0605 10:17:32.065607 ServerContext.cpp:202] Serializing the content of the jobs engine

I0605 10:17:32.258713 CommandDispatcher.cpp:511] Association Received from AET HOROS on IP 192.168.6.1

I0605 10:17:32.259099 main.cpp:195] Incoming connection from AET HOROS on IP 192.168.6.1, calling AET ORTHANC

I0605 10:17:32.259278 CommandDispatcher.cpp:714] Association Acknowledged (Max Send PDV: 16372)

I0605 10:17:32.391682 main.cpp:215] Incoming Find request from AET HOROS on IP 192.168.6.1, calling AET ORTHANC

I0605 10:17:32.391776 main.cpp:143] No limit on the number of C-FIND results at the Patient, Study and Series levels

I0605 10:17:32.391809 main.cpp:153] No limit on the number of C-FIND results at the Instance level

I0605 10:17:32.398902 OrthancFindRequestHandler.cpp:596] DICOM C-Find request at level: Study

I0605 10:17:32.398952 OrthancFindRequestHandler.cpp:602]   (0008,0005)  SpecificCharacterSet = ISO_IR 101

I0605 10:17:32.399030 OrthancFindRequestHandler.cpp:602]   (0008,0020)  StudyDate = 

I0605 10:17:32.399090 OrthancFindRequestHandler.cpp:602]   (0008,0030)  StudyTime = 

I0605 10:17:32.399158 OrthancFindRequestHandler.cpp:602]   (0008,0050)  AccessionNumber = 

I0605 10:17:32.399228 OrthancFindRequestHandler.cpp:602]   (0008,0052)  QueryRetrieveLevel = STUDY

I0605 10:17:32.399302 OrthancFindRequestHandler.cpp:602]   (0008,0061)  ModalitiesInStudy = 

I0605 10:17:32.399362 OrthancFindRequestHandler.cpp:602]   (0008,0080)  InstitutionName = 

I0605 10:17:32.399454 OrthancFindRequestHandler.cpp:602]   (0008,0090)  ReferringPhysicianName = 

I0605 10:17:32.399573 OrthancFindRequestHandler.cpp:602]   (0008,1030)  StudyDescription = 

I0605 10:17:32.399654 OrthancFindRequestHandler.cpp:602]   (0008,1050)  PerformingPhysicianName = 

I0605 10:17:32.399732 OrthancFindRequestHandler.cpp:602]   (0010,0010)  PatientName = 

I0605 10:17:32.399856 OrthancFindRequestHandler.cpp:602]   (0010,0020)  PatientID = 

I0605 10:17:32.399956 OrthancFindRequestHandler.cpp:602]   (0010,0030)  PatientBirthDate = 

I0605 10:17:32.400062 OrthancFindRequestHandler.cpp:602]   (0020,000d)  StudyInstanceUID = 

I0605 10:17:32.400179 OrthancFindRequestHandler.cpp:602]   (0020,0010)  StudyID = 

I0605 10:17:32.400281 OrthancFindRequestHandler.cpp:602]   (0020,1208)  NumberOfStudyRelatedInstances = 

I0605 10:17:32.400391 OrthancFindRequestHandler.cpp:602]   (0032,4000)  RETIRED_StudyComments = 

I0605 10:17:32.400505 OrthancFindRequestHandler.cpp:602]   (4008,0212)  RETIRED_InterpretationStatusID = 

I0605 10:17:32.400767 PluginsManager.cpp:172] Preparing MySQL statement: SELECT studies.publicId, MIN(instances.publicId) FROM (SELECT studies.publicId, studies.internalId FROM Resources AS studies WHERE studies.resourceType = 1) studies INNER JOIN Resources series    ON series.parentId    = studies.internalId INNER JOIN Resources instances ON instances.parentId = series.internalId GROUP BY studies.publicId 

[Sébastien Jodogne]

Note that if you are not able to get the proper IP for Horos, and if C-FIND works, you should have success with C-GET (instead of C-MOVE) to retrieve the images from Orthanc to Horos:

https://book.orthanc-server.com/dicom-guide.html#dicom-get

Sébastien-

[Gustavo Fernandez Guirland]

Maybe my question seems obvious but .... Did you check the ports that you opened to establish the sockets between Horos and Orthanc?

Best regards

Gufer

[Pawel Tyniec]

That might be an issue because 

from orthanc prespective:

# nmap 10.6.0.3 -p11112

Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-07 14:13 CEST

Nmap scan report for 10.6.0.3

Host is up (0.018s latency).

PORT      STATE    SERVICE

11112/tcp filtered dicom

Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds

and from fw prespective 

# nmap 10.6.0.3 -p11112

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-07 14:18 CEST

Nmap scan report for 10.6.0.3

Host is up (0.017s latency).

PORT      STATE SERVICE

11112/tcp open  dicom

Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds

[Pawel Tyniec]

ufw route allow in on eth0 out on wg0 to 10.0.0.0/8 from 192.168.0.0/16 did the trick, uff

Big, Big Thank You all :-)

[Gustavo Fernandez Guirland]

Additionally, 11112 is not the default port for Orthanc neither Horos.

Best regards

[Pawel Tyniec]

Yes, that’s correct :-) 

I’ve used it to check assumption if specific port or all traffic is blocked.