failing C-MOVE over wireguard vpn tunnel

Hello
Can anyone tell me what am I doing wrong?
I’m able to send dicom’s from horos host to orthanc w/o issues, but when I try to get image from orthanc server i receive error Move Failed

I’m connecting over wireguard VPN from 10.6.0.3 [MBPro] to 192.168.6.8 [Orthanc]
VPN server is working on 192.168.6.1
I configured static route so orthanc host knows where to look for MBPro

traffic over vpn to orthanc

MBP-Pawe:~ pawelt$ traceroute 192.168.6.8

traceroute to 192.168.6.8 (192.168.6.8), 64 hops max, 52 byte packets

1 10.6.0.1 (10.6.0.1) 83.721 ms 63.439 ms 76.976 ms

2 orthanc (192.168.6.8) 78.824 ms 60.584 ms 89.985 ms

traffic from orthanc

root@orthanc ~# ping 10.6.0.3
PING 10.6.0.3 (10.6.0.3) 56(84) bytes of data.
64 bytes from 10.6.0.3: icmp_seq=1 ttl=63 time=73.0 ms
From 192.168.6.254: icmp_seq=2 Redirect Host(New nexthop: 192.168.6.1)
64 bytes from 10.6.0.3: icmp_seq=2 ttl=63 time=185 ms
^C
— 10.6.0.3 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 73.026/129.139/185.252/56.113 ms

Orthanc works behind http reverse-proxy but it’s not important atm, I think
log from orthanc

tail /var/log/orthanc/Orthanc.log
W0603 13:25:53.851653 HttpServer.cpp:1127] You should disable HTTP keep alive, as you are using Mongoose
W0603 13:25:53.851700 HttpServer.cpp:1155] HTTP compression is enabled
W0603 13:25:53.854420 HttpServer.cpp:1062] HTTP server listening on port: 8042 (HTTPS encryption is disabled, remote access is allowed)
W0603 13:25:53.854457 main.cpp:712] Orthanc has started
W0603 13:30:28.295203 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET “HOROS”
E0603 13:30:38.359840 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET “HOROS”: Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))
E0603 13:30:38.364428 MoveScp.cpp:237] IMoveRequestHandler Failed: Error in the network protocol
W0603 13:40:42.811360 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET “HOROS”
E0603 13:40:52.874019 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET “HOROS”: Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))
E0603 13:40:52.874219 MoveScp.cpp:237] IMoveRequestHandler Failed: Error in the network protocol

Zrzut ekranu 2021-06-3 o 13.41.07.png

Zrzut ekranu 2021-06-3 o 13.41.52.png

Regards, Pawel

Hello,

It is really hard to provide you support, as your setup is inherently non-reproducible:
https://book.orthanc-server.com/users/support.html#discussing-a-minimal-working-example

Nonetheless, the two lines below are interesting (note that you should use the “–verbose”, and possibly “–trace-dicom” command-line flags to get more information):

W0603 13:30:28.295203 OrthancMoveRequestHandler.cpp:289] Move-SCU request received for AET “HOROS”
E0603 13:30:38.359840 OrthancException.h:85] Error in the network protocol: DicomUserConnection - connecting to AET “HOROS”: Failed to establish association (0006:0317 Peer aborted Association (or never connected); 0006:031c TCP Initialization Error: Operation now in progress (Timeout))

As can be seen in the timestamps, there is a timeout after 10 seconds, which seems to correspond to the C-STORE association from Orthanc to Horos (that results from the C-MOVE request from Horos to Orthanc). These 10 seconds correspond to the default value of configuration option “DicomScuTimeout” of Orthanc.

As you are over a VPN tunnel, this default value might be insufficient. Try increase “DicomScuTimeout”.

If this doesn’t solve your issue, you’ll have to look for on-site professional assistance:
https://book.orthanc-server.com/users/support.html#finding-professional-assistance

HTH,
Sébastien-

I’ve found weird information in orthanc logs, which I’ll further investigate - Horos is seen with internal IP of VPN server, and should be seen with 10.6.0.3, and which is even more frustrating, it lists queried studies :thinking:
T0605 10:17:22.041311 ServerContext.cpp:202] Serializing the content of the jobs engine
T0605 10:17:32.065607 ServerContext.cpp:202] Serializing the content of the jobs engine
I0605 10:17:32.258713 CommandDispatcher.cpp:511] Association Received from AET HOROS on IP 192.168.6.1
I0605 10:17:32.259099 main.cpp:195] Incoming connection from AET HOROS on IP 192.168.6.1, calling AET ORTHANC
I0605 10:17:32.259278 CommandDispatcher.cpp:714] Association Acknowledged (Max Send PDV: 16372)
I0605 10:17:32.391682 main.cpp:215] Incoming Find request from AET HOROS on IP 192.168.6.1, calling AET ORTHANC
I0605 10:17:32.391776 main.cpp:143] No limit on the number of C-FIND results at the Patient, Study and Series levels
I0605 10:17:32.391809 main.cpp:153] No limit on the number of C-FIND results at the Instance level
I0605 10:17:32.398902 OrthancFindRequestHandler.cpp:596] DICOM C-Find request at level: Study
I0605 10:17:32.398952 OrthancFindRequestHandler.cpp:602] (0008,0005) SpecificCharacterSet = ISO_IR 101
I0605 10:17:32.399030 OrthancFindRequestHandler.cpp:602] (0008,0020) StudyDate =
I0605 10:17:32.399090 OrthancFindRequestHandler.cpp:602] (0008,0030) StudyTime =
I0605 10:17:32.399158 OrthancFindRequestHandler.cpp:602] (0008,0050) AccessionNumber =
I0605 10:17:32.399228 OrthancFindRequestHandler.cpp:602] (0008,0052) QueryRetrieveLevel = STUDY
I0605 10:17:32.399302 OrthancFindRequestHandler.cpp:602] (0008,0061) ModalitiesInStudy =
I0605 10:17:32.399362 OrthancFindRequestHandler.cpp:602] (0008,0080) InstitutionName =
I0605 10:17:32.399454 OrthancFindRequestHandler.cpp:602] (0008,0090) ReferringPhysicianName =
I0605 10:17:32.399573 OrthancFindRequestHandler.cpp:602] (0008,1030) StudyDescription =
I0605 10:17:32.399654 OrthancFindRequestHandler.cpp:602] (0008,1050) PerformingPhysicianName =
I0605 10:17:32.399732 OrthancFindRequestHandler.cpp:602] (0010,0010) PatientName =
I0605 10:17:32.399856 OrthancFindRequestHandler.cpp:602] (0010,0020) PatientID =
I0605 10:17:32.399956 OrthancFindRequestHandler.cpp:602] (0010,0030) PatientBirthDate =
I0605 10:17:32.400062 OrthancFindRequestHandler.cpp:602] (0020,000d) StudyInstanceUID =
I0605 10:17:32.400179 OrthancFindRequestHandler.cpp:602] (0020,0010) StudyID =
I0605 10:17:32.400281 OrthancFindRequestHandler.cpp:602] (0020,1208) NumberOfStudyRelatedInstances =
I0605 10:17:32.400391 OrthancFindRequestHandler.cpp:602] (0032,4000) RETIRED_StudyComments =
I0605 10:17:32.400505 OrthancFindRequestHandler.cpp:602] (4008,0212) RETIRED_InterpretationStatusID =
I0605 10:17:32.400767 PluginsManager.cpp:172] Preparing MySQL statement: SELECT studies.publicId, MIN(instances.publicId) FROM (SELECT studies.publicId, studies.internalId FROM Resources AS studies WHERE studies.resourceType = 1) studies INNER JOIN Resources series ON series.parentId = studies.internalId INNER JOIN Resources instances ON instances.parentId = series.internalId GROUP BY studies.publicId

Note that if you are not able to get the proper IP for Horos, and if C-FIND works, you should have success with C-GET (instead of C-MOVE) to retrieve the images from Orthanc to Horos:
https://book.orthanc-server.com/dicom-guide.html#dicom-get

Sébastien-

Maybe my question seems obvious but … Did you check the ports that you opened to establish the sockets between Horos and Orthanc?

Best regards
Gufer

That might be an issue because
from orthanc prespective:

nmap 10.6.0.3 -p11112

Starting Nmap 7.70 ( https://nmap.org ) at 2021-06-07 14:13 CEST
Nmap scan report for 10.6.0.3
Host is up (0.018s latency).

PORT STATE SERVICE
11112/tcp filtered dicom

Nmap done: 1 IP address (1 host up) scanned in 0.69 seconds

and from fw prespective

nmap 10.6.0.3 -p11112

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-07 14:18 CEST
Nmap scan report for 10.6.0.3
Host is up (0.017s latency).

PORT STATE SERVICE
11112/tcp open dicom

Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds

ufw route allow in on eth0 out on wg0 to 10.0.0.0/8 from 192.168.0.0/16 did the trick, uff
Big, Big Thank You all :slight_smile:

Additionally, 11112 is not the default port for Orthanc neither Horos.
Best regards

Yes, that’s correct :slight_smile:
I’ve used it to check assumption if specific port or all traffic is blocked.