{"id":199,"date":"2022-10-26T12:53:00","date_gmt":"2022-10-26T12:53:00","guid":{"rendered":"https:\/\/blog.lottabytes.com\/?p=199"},"modified":"2022-10-26T22:54:51","modified_gmt":"2022-10-26T22:54:51","slug":"security-onion-ip-routed-error-on-install","status":"publish","type":"post","link":"https:\/\/blog.lottabytes.com\/index.php\/2022\/10\/26\/security-onion-ip-routed-error-on-install\/","title":{"rendered":"Security Onion – IP Routed Error on Install"},"content":{"rendered":"\n

On my first attempt to install Security Onion in my Security-Appliance-in-a-Box<\/a>, I ran into a weird networking issue. The install script failed with the error “The IP being routed by Linux is not the IP address assigned to the management interface (ens1)<\/strong>“. Looking around online, I discovered that I’m not the first person to experience this, but there wasn’t an obvious solution. Here’s the steps I followed, and the root cause.<\/p>\n\n\n\n

Security Onion does work out-of-the-box with dual NICs of the same type. For example, if I select ens1 and my management interface from the below, no issues.<\/p>\n\n\n\n

\"\"
Working with dual NICs of same type<\/figcaption><\/figure>\n\n\n\n

If I select eth1 from the below options, where ens and eth adapters are mixed, even this will work without an issue.<\/p>\n\n\n\n

\"\"
Works with dual NICs of different types<\/figcaption><\/figure>\n\n\n\n

However, if I attempt to select the below management interface, it will fail.<\/p>\n\n\n\n

\"\"
Doesn’t work with reversed order<\/figcaption><\/figure>\n\n\n\n

Here’s the error…<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

It appears from looking at the network configuration that both my NICs have an IP address (not surprising). The management interface (ens1) was correctly configured by the wizard, and my network tap interface has a DHCP address. <\/p>\n\n\n\n

\"\"
IP Configuration<\/figcaption><\/figure>\n\n\n\n

However, what is surprising is that I’m getting two default routes set. One on my management interface (correctly), and one incorrectly applied on my private network for span port traffic.<\/p>\n\n\n\n

\"\"
IP Route Configurations<\/figcaption><\/figure>\n\n\n\n

The following code is detecting this first line as the default route, when in fact, that record is errant. Naturally, this record doesn’t reflect the gateway of my ens1 interface, and thus fails the check.<\/p>\n\n\n\n

# \/home\/gateway-admin\/SecurityOnion\/setup\/so-functions - line 2446\nMAINIP=$(ip route get 1 | awk '{print $7;exit}')<\/code><\/pre>\n\n\n\n
By deleting this errant routing record, you are now able to re-run the so-setup script and it will complete successfully.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
ip route delete default via 192.168.122.1 dev eth0<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
On my first attempt to install Security Onion in my Security-Appliance-in-a-Box, I ran into a weird networking issue. The install script failed with the error “The IP being routed by Linux is not the IP address assigned to the management interface (ens1)“. Looking around online, I discovered that I’m not the first person to experience … <\/p>\n
Read more “Security Onion – IP Routed Error on Install”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[60,57,61,51,62],"class_list":["post-199","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ip","tag-nids","tag-routed","tag-security-onion","tag-supported-configuration"],"_links":{"self":[{"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/posts\/199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/comments?post=199"}],"version-history":[{"count":5,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/posts\/199\/revisions"}],"predecessor-version":[{"id":215,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/posts\/199\/revisions\/215"}],"wp:attachment":[{"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/media?parent=199"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/categories?post=199"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lottabytes.com\/index.php\/wp-json\/wp\/v2\/tags?post=199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}