Cross cluster replication connection issue

HI ,

Im having an issue with connecting to a remote cluster.
first I tried to connect one node of es to another node and that was fine.

I am implementing the same steps I took to connect to remote clusters before but this time I have a 3 node cluster connecting to one node. I have tried to sort out all issues but still I am not getting any connection to be successful. I have opened up port 9300 on both sides.

is there a different way to set it up when connecting to the public IP on cluster or is it an ssl issue

really would appreciate some help !

Please provide more information;

  • What version?
  • What does your config look like?
  • What do your logs show?

Both Elasticsearch and kibana are on 7.15.0

all configs look like this:

cluster.name: Elasticsearch 
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: data
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: ["private.ip","public.ip","localhost"]

# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#
#discovery.seed_hosts: ["private.ip","public.ip","localhost"]

discovery.seed_hosts: ["private.ip","public.ip","localhost"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:

cluster.initial_master_nodes: ["data1"]
# For more information, consult the discovery and cluster formation module documentation.

   # ---------------------------------- Various -----------------------------------
#Require explicit names when deleting indices:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

logs:

[2021-10-11T09:14:57,954][WARN ][o.e.t.TcpTransport       ] [data-1] exception caught on transport layer [Netty4TcpChannel{localAddress=/local.ip:43870, remoteAddress=/remote.ip:9300, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I can see that it says SSL issue and I do get an error at times due to ssl when curling.
but I also cannot connect through private IP through telnet, even though I have opened the port.

I changed the CA and self signed the ca again.