Using Elastic Defend with VPN

Hello,
I use Elastic-Agent with Wireguard like this:

I use a vpn because I don't want to expose my elasticsearch cluster on the internet

I configured the Wireguard client to run on a custom network namespace where I run the elastic agent (by modifying the elastic-agent.service file).
This works very well with the elastic agent with simple integration like the system one.

Recently, I wanted to add Elastic Defend integration. The problem is that with this integration, another program is running (elastic-endpoint) and not in my custom network namespace. So I got this error:
{"@timestamp":"2023-11-14T23:15:07.507674172Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"info","origin":{"file":{"line":90,"name":"AgentConnectionInfo.cpp"}}},"message":"AgentConnectionInfo.cpp:90 Failed to find connection to validate. Is Agent listening on 127.0.0.1:6788?","process":{"pid":873,"thread":{"id":1114}}}

It seems that my way of using a vpn for the elastic agent is not compatible with this integration, is there another way to use a vpn connection or another way to expose an elasticsearch cluster without a vpn?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.