Promiscuous mode

I am trying to use Orthanc in the so-called promiscuous mode. I uploaded some DICOM images to it, and am trying to access the server from a client on a different computer. I made sure that the routers/firewalls are configured properly by capturing requests/replies on the Wireshark, and the network is OK. However, the reply from Osthanc is that there are no images/studies. I looked into the log for Orthanc and I see: Unknown remote DICOM modality AET: “RADIANT”. So this tells me that I need to describe it somehow in the configuration file. Furthermore, I need to do this for every user to ever communicate to the Orthanc server. Is there a way to configure it to not bother with this authentication?

If not, then how do I specify this? I could not find a description of how one specifies things in the DICOM modality field of the config file. For example this sample line is directly from the config file:

// “sample” : [ “STORESCP”, “localhost”, 2000 ]

What is what here? STORESCP is maybe the AET of the client. The localhost is the IP, but the IPs of clients over the Internet can change through DHCP leases with ISPs, so specifying the IP is kind of pointless. If I can specify the IP and the network mask, that would a better thing to do, but how does one do that? My firewall on the router takes care of security. 2000 is maybe the port, but clients use various source ports. Orthanc listens on the default 4242, so should 20000 in the sample above be 4242 in my case? And then finally what is “sample”. Since all my security is taken care of by the firewall in the router, I would like to configure Orthanc to not authenticate AETs. Can that be done?

Sincerely,

Boris

Hi Boris,

Hope you are using the Configuration setting as described in this link. Once this is done open the right configuration.json and set the following attribute to false.

// Check whether the called AET corresponds during a DICOM request
“DicomCheckCalledAet” : false,

Hope this helps

with regards
Rady

Dear Boris,

I am trying to use Orthanc in the so-called promiscuous mode. I uploaded some DICOM images to it, and am trying to access the server from a client on a different computer.

First of all, pay attention to the fact that, to allow HTTP connections, the option “RemoteAccessAllowed” must be set to “true” in the configuration file. The remote access is disallowed by default for security reasons.

I made sure that the routers/firewalls are configured properly by capturing requests/replies on the Wireshark, and the network is OK. However, the reply from Osthanc is that there are no images/studies. I looked into the log for Orthanc and I see: Unknown remote DICOM modality AET: “RADIANT”. So this tells me that I need to describe it somehow in the configuration file.

Indeed, as far as DICOM connections are concerned, you have to specify the AET, the hostname and the DICOM port, for each Query/Retrieve client. This is the way any DICOM server works in practice. Note however that no such configuration is required to receive DICOM files through the DICOM protocol: By default, any host can send images to Orthanc (through C-Store SCU).

Furthermore, I need to do this for every user to ever communicate to the Orthanc server. Is there a way to configure it to not bother with this authentication?

No, this is the only way. The DICOM Query/Retrieve process (aka. “C-Move”) requires both peers to know about each other.

If not, then how do I specify this? I could not find a description of how one specifies things in the DICOM modality field of the config file. For example this sample line is directly from the config file:

// “sample” : [ “STORESCP”, “localhost”, 2000 ]

What is what here? STORESCP is maybe the AET of the client.

These are, in order, the AET, the (possibly symbolic) hostname and the DICOM port of the Query/Retrieve client.

The localhost is the IP, but the IPs of clients over the Internet can change through DHCP leases with ISPs, so specifying the IP is kind of pointless. If I can specify the IP and the network mask, that would a better thing to do, but how does one do that?

You are not obliged to use IP addresses: Symbolic names (e.g. allocated through dynamic DNS) are OK too.

My firewall on the router takes care of security. 2000 is maybe the port, but clients use various source ports. Orthanc listens on the default 4242, so should 20000 in the sample above be 4242 in my case?

Your Query/Retrieve client is required to have a single DICOM port (most often 104).

And then finally what is “sample”.

This is a symbolic name that is used by Orthanc to identify each of its peer modalities. It is local to Orthanc, and must be unique in Orthanc.

Since all my security is taken care of by the firewall in the router, I would like to configure Orthanc to not authenticate AETs. Can that be done?

No. DICOM security requires each peer to know the AET of the other peer.

HTH,
Sébastien-