Independent Field Manual — Not affiliated with, endorsed by, or operated by OpenClaw
ClawReady.in
Setup Help

Type to search guides, troubleshooting, and recipes.

↑↓ Navigate Enter Open Esc Close Search by Pagefind
Navigation

Guide Hub

Start
What Is OpenClaw?
Install
Fresh Ubuntu VPS Setup for OpenClaw Install on an Ubuntu VPS Install Without Docker Node 24 Setup for OpenClaw Hostinger VPS Setup for OpenClaw Run After Logout
Secure
Understanding Gateway Port 18789 Performing an Security Audit Tailscale Private Access Setup for OpenClaw VPS Security Checklist
Channels
Why You Need a Dedicated WhatsApp Number for OpenClaw Telegram Allowlist Guide Understanding Telegram Pairing in OpenClaw Telegram Setup & Safety WhatsApp Setup

security

Tailscale Private Access Setup for OpenClaw

Use a Tailscale private network to safely access the OpenClaw Gateway from your laptop without exposing port 18789 to the public internet.

Difficulty
intermediate
Duration
15 minutes
Tested On
Ubuntu 22.04 LTS & macOS/Windows
Access Mode
Private network (Tailscale)
Pre-flight status
Pre-Flight Approved
Risk medium
Gateway Private
On this page
On this page

Tailscale lets you create a secure, private network (a “Tailnet”) between your laptop and your VPS. Once set up, you can access the OpenClaw Gateway dashboard securely without opening port 18789 on your firewall.

In India, where ISPs often use CGNAT or dynamic IPs, Tailscale is much more reliable and easier to configure than a traditional IP whitelist.

1. Install Tailscale on your Laptop

Before configuring the VPS, install Tailscale on your local computer (the one you’ll use to view the dashboard).

  1. Create a free account at Tailscale.com.
  2. Download and install the Tailscale client for your OS (Windows, macOS, or Linux).
  3. Log in to the app. Your laptop is now part of your private Tailnet.

2. Install Tailscale on your VPS

SSH into your Ubuntu VPS. Run the official Tailscale installation script:

bash
curl -fsSL https://tailscale.com/install.sh | sh

Once installed, start Tailscale and authenticate your server:

bash
sudo tailscale up 
To authenticate, visit:
https://login.tailscale.com/a/xxxxxxxxx

Copy the URL from your terminal output, paste it into your laptop’s browser, and log in. Your VPS is now securely connected to your Tailnet.

3. Find your VPS’s Tailscale IP

Every device on your Tailnet gets a static IP address starting with 100.x.x.x. You need the VPS’s Tailscale IP to access the Gateway.

Run this command on the VPS:

bash
tailscale ip -4 
100.123.45.67

Note this IP down. We’ll refer to it as 100.x.x.x in the next steps.

4. Bind OpenClaw Gateway to Tailscale

By default, OpenClaw Gateway might be binding to localhost (127.0.0.1) or all interfaces (0.0.0.0).

If it’s on 127.0.0.1, you can’t reach it from your laptop (even with Tailscale). If it’s on 0.0.0.0, it’s listening to the public internet (which is dangerous).

We need to tell OpenClaw to listen only on the Tailscale IP.

Open your .env file where OpenClaw is running:

bash
nano .env

Ensure you have the host configuration set to your Tailscale IP:

bash
OPENCLAW_HOST=100.x.x.x\nOPENCLAW_PORT=18789

(Replace 100.x.x.x with the IP you got in Step 3).

Save the file and restart your Gateway:

bash
pm2 restart openclaw-gateway

5. Verify the Connection

On your laptop, make sure Tailscale is running and connected. Open your web browser and navigate to:

http://100.x.x.x:18789

You should now see the OpenClaw Gateway dashboard!

Troubleshooting

  • Page won’t load: Ensure Tailscale says “Connected” on your laptop’s menu bar/system tray.
  • Connection refused: Run sudo ss -tlnp | grep 18789 on the VPS. Ensure it shows the 100.x.x.x IP and not 127.0.0.1.
  • Can’t ping VPS: By default, Tailscale blocks pings if UFW is running strictly. Tailscale traffic bypasses UFW by default, but if you’ve locked down tailscale0 interfaces, you may need to allow it: sudo ufw allow in on tailscale0.

ClawReady.in is an independent educational resource and setup service. It is not affiliated with, endorsed by, or operated by OpenClaw.