There seems to be conflicting information in the documentation and prior staff replies.
If you look at references to port 11214 and 11215, it indicates SSL for XDCR.
But in the xdcr documentation listed above, it talks about VPN is required for secure XDCR.
Now what is the real story?
Will the server make SSL XDCR communication between clusters or will it be un-encrypted and require VPN?
What is the configuration to force using 18091 and 18092 for XDCR instead of 8091.8092?
Does couchbase have more competent and organized information about network ports, linux routes, and firewall settings?