OpenClaw + Tailscale: The Right Way to Access Your Agent Remotely

The default OpenClaw setup binds the gateway to localhost:18789. That's good for security — nothing external can reach it — but it creates an obvious problem: you can only access your agent from the same machine it's running on.

Most people solve this by opening the port to the internet. That's the wrong answer.

Tailscale is the right answer. It gives you secure remote access to your OpenClaw gateway without exposing any ports publicly. This is how properly deployed OpenClaw setups work, and it's supported natively in the official OpenClaw configuration.

What Does Tailscale Do?

Tailscale creates a private mesh network (called a Tailnet) between your devices. Your laptop, phone, cloud server, and any other device you authorize can communicate over this network as if they were on the same local network — but encrypted, authenticated, and without any public exposure.

For OpenClaw, the practical benefit is this: your gateway can stay bound to 127.0.0.1 (never exposed to the internet) while still being reachable from your phone, laptop, or anywhere else on your Tailnet.

OpenClaw's Native Tailscale Support

OpenClaw supports Tailscale configuration directly in gateway.yaml. There are three modes:

`serve` — Uses Tailscale Serve to expose the gateway on your tailnet at your MagicDNS hostname (e.g., https://hostname.your-tailnet.ts.net). The gateway stays on loopback; Tailscale proxies requests to it with HTTPS and optional identity headers.

`funnel` — Uses Tailscale Funnel to expose the gateway publicly over HTTPS. Requires a shared password. Use with extreme caution — this makes your gateway reachable from the public internet.

`off` — Default. No Tailscale automation. You configure access manually.

For most deployments, serve is what you want.

Recommended Configuration: Tailnet-Only (Serve)

OpenClaw's recommended Tailscale configuration uses serve mode, which keeps the gateway on loopback while only Tailscale-authenticated devices can reach it. The gateway stays on loopback; only Tailscale-authenticated devices can reach it.

In ~/.openclaw/gateway.yaml:

{
 gateway: {
 bind: "loopback",
 tailscale: { mode: "serve" },
 },
}

Access your gateway at: https://<magicdns>/ (using your Tailscale MagicDNS hostname)

What this achieves:

• Gateway never binds to a public interface
• All traffic encrypted by Tailscale
• Only devices on your Tailnet can connect
• Tailscale injects identity headers so you know which device is connecting

Direct Tailnet Bind (No Serve)

OpenClaw also supports binding the gateway directly to your Tailnet IP rather than proxying through Tailscale Serve. on your Tailnet IP rather than proxying through Tailscale Serve:

{
 gateway: {
 bind: "tailnet",
 auth: { mode: "token", token: "your-token" },
 },
}

Connect from another Tailnet device using your Tailscale IP:

• Control UI: http://<tailscale-ip>:18789/
• WebSocket: ws://<tailscale-ip>:18789

Note: http://127.0.0.1:18789 will not work in this mode — the gateway is bound to the Tailnet IP, not loopback.

Public Access (Funnel) — Handle With Care

For cases where you genuinely need public access to your gateway:

{
 gateway: {
 bind: "loopback",
 tailscale: { mode: "funnel" },
 auth: { mode: "password", password: "replace-me" },
 },
}

Funnel mode refuses to start unless auth is set to password. This is intentional — OpenClaw won't let you expose a public gateway without authentication. Use the environment variable OPENCLAW_GATEWAY_PASSWORD rather than committing a password to disk.

What Authentication Modes Does OpenClaw Support with Tailscale?

OpenClaw provides three authentication modes when using Tailscale, each suited to different security requirements and deployment scenarios. for how authentication works:

Token auth (default when OPENCLAW_GATEWAY_TOKEN is set) — A bearer token required on every connection. Good for API access and automation.

Password auth — A shared secret. Required for Funnel mode.

Tailscale identity headers — When using Serve mode with gateway.auth.allowTailscale: true, valid requests from Tailscale's proxy can authenticate via the tailscale-user-login header. OpenClaw verifies the connecting device's identity against the local Tailscale daemon before accepting it.

To use Tailscale identity auth:

{
 gateway: {
 bind: "loopback",
 tailscale: { mode: "serve" },
 auth: {
 allowTailscale: true,
 },
 },
}

To require explicit credentials regardless (more paranoid, reasonable for shared Tailnets):

{
 gateway: {
 auth: {
 allowTailscale: false,
 mode: "password",
 },
 },
}

CLI Shortcuts

You can also configure Tailscale mode from the command line:

openclaw gateway --tailscale serve
openclaw gateway --tailscale funnel --auth password

How Does Browser Control Work Across Machines?

OpenClaw supports a specific pattern for running the gateway on one machine while driving a browser on a different machine for automation tasks. on one machine but driving a browser on a different machine (for automation tasks), there's a specific pattern for this:

Run a node host on the browser machine and keep both machines on the same Tailnet. The Gateway proxies browser actions to the node. No separate control server or Serve URL needed.

Don't use Funnel for browser control. Treat node pairing like operator access — it should be on your private Tailnet, not the public internet.

Prerequisites and Known Limits

Before setting up Tailscale integration, confirm:

• Tailscale CLI is installed and you're logged in (tailscale status)
• HTTPS is enabled for your tailnet (required for Serve — the CLI will prompt if it's missing)
• For Funnel: Tailscale v1.38.3+, MagicDNS enabled, HTTPS enabled, funnel node attribute set
• Funnel only supports ports 443, 8443, and 10000 over TLS
• Funnel on macOS requires the open-source Tailscale variant (not the App Store version)

Cleanup on Shutdown

OpenClaw can automatically undo its Tailscale Serve or Funnel configuration when it shuts down using the resetOnExit setting. its Tailscale Serve or Funnel configuration when it shuts down:

{
 gateway: {
 tailscale: {
 mode: "serve",
 resetOnExit: true,
 },
 },
}

Without this, the Tailscale configuration persists after OpenClaw stops running.

Which Mode Should You Use?

| Scenario | Config | |----------|--------| | Personal VPS, access from your devices only | bind: "loopback", tailscale: { mode: "serve" } | | Direct Tailnet IP binding, no proxy | bind: "tailnet" | | Public HTTPS (shared access, requires password) | bind: "loopback", tailscale: { mode: "funnel" } | | No Tailscale, localhost only | bind: "loopback" (default) |

For almost all personal deployments: use Serve mode. Your gateway stays on loopback, Tailscale handles the encrypted access layer, and your bot is never exposed to the internet.

Links:

• Tailscale Serve docs: tailscale.com/kb/1312/serve
• Tailscale Funnel docs: tailscale.com/kb/1223/tailscale-funnel
• OpenClaw docs: docs.openclaw.ai

Need more help with Tailscale? The Security Hardening Guide covers Tailscale integration in detail, or ask in the community.