๐ Tailscale Setup
Secure remote access to your OpenClaw without exposing ports
What is Tailscale?
Tailscale creates a secure, encrypted mesh VPN between your devices. Instead of exposing your OpenClaw to the internet, you access it through Tailscale's private network. It's free for personal use (up to 100 devices).
Why Use Tailscale?
๐ No Open Ports
Your gateway stays on localhost. Nothing exposed to the public internet.
๐ Access Anywhere
Reach your OpenClaw from phone, laptop, or any device on your tailnet.
โก Easy Setup
Install, login, done. No port forwarding or firewall rules needed.
๐ Free Tier
100 devices, 3 users free. More than enough for personal use.
Create a Tailscale Account
Sign up at tailscale.com โ you can use Google, Microsoft, or GitHub to sign in. The free tier is all you need.
Install Tailscale on Your OpenClaw Machine
# Option 1: Homebrew (recommended) brew install tailscale sudo tailscaled tailscale up # Option 2: Download the app # Get it from: https://tailscale.com/download/mac
# Debian/Ubuntu curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # Check status tailscale status
# Install on Raspberry Pi OS curl -fsSL https://tailscale.com/install.sh | sh sudo tailscale up # Enable on boot sudo systemctl enable tailscaled # Check your Tailscale IP tailscale ip -4
# Download from: https://tailscale.com/download/windows # Or use winget: winget install tailscale.tailscale # Then login via the system tray icon
Get Your Tailscale IP
After connecting, find your machine's Tailscale IP address:
tailscale ip -4 # Example output: 100.64.123.45 # Or see all devices on your network: tailscale status
Your Tailscale IP will be in the 100.x.x.x range. This is your private IP that only devices on your tailnet can reach.
Configure OpenClaw
Keep OpenClaw bound to loopback or bind it to your Tailscale IP:
# Option A: Keep loopback (most secure) # Access via: http://localhost:3000 (local) or SSH tunnel gateway: bind: "loopback" # Option B: Bind to Tailscale IP (for direct access) # Access via: http://100.64.123.45:3000 gateway: bind: "100.64.123.45" # Your Tailscale IP # Option C: Bind to all interfaces but use firewall # Make sure your firewall blocks port 3000 from non-Tailscale gateway: bind: "0.0.0.0"
Install Tailscale on Your Phone/Other Devices
Install Tailscale on any device you want to access OpenClaw from:
- iOS: App Store
- Android: Play Store
- Other computers: tailscale.com/download
Login with the same account. All devices automatically see each other.
Access Your OpenClaw
From any device on your tailnet:
# If bound to Tailscale IP, access directly: http://100.64.123.45:3000 # Or use the Tailscale hostname (MagicDNS): http://your-mac-mini:3000 # Test connectivity: ping 100.64.123.45 curl http://100.64.123.45:3000/health
โ ๏ธ Don't Forget
Tailscale must be running on both ends. If your OpenClaw machine disconnects from Tailscale, you won't be able to reach it remotely. Consider enabling Tailscale to start at boot.
Bonus: MagicDNS
Tailscale can automatically give your devices friendly hostnames. Enable MagicDNS in your Tailscale admin console.
# Instead of remembering 100.64.123.45, use: http://mac-mini:3000 http://raspberry-pi:3000 # Enable MagicDNS at: # https://login.tailscale.com/admin/dns
Troubleshooting
Can't connect to OpenClaw?
# 1. Check Tailscale is running on both devices tailscale status # 2. Check OpenClaw is running and bound correctly openclaw status lsof -i :3000 # 3. Test connectivity ping [tailscale-ip] curl http://[tailscale-ip]:3000/health # 4. Check firewall isn't blocking # Tailscale traffic should bypass most firewalls, but check anyway
Tailscale disconnects when laptop sleeps?
For always-on access, run OpenClaw on a device that doesn't sleep (Raspberry Pi, Mac Mini, VPS). Your phone can still access it via Tailscale from anywhere.
Related Guides
- Security Checklist โ Full security hardening
- Cloudflare Tunnel โ Alternative to Tailscale
- Raspberry Pi Setup โ 24/7 always-on install