OpenClaw + Tailscale: Secure Remote Agent Access From Anywhere

Most self-hosters expose OpenClaw through a reverse proxy with a public IP. That works — but it means you're one misconfigured nginx rule away from an open agent endpoint. Tailscale eliminates that surface entirely. Your OpenClaw gateway stays off the public internet and becomes reachable only through the encrypted mesh. We've used this setup on a dozen client deployments as of early 2025, and it's the one we now recommend as the default for self-hosted agents.

Why Tailscale and OpenClaw Are a Natural Pair

OpenClaw's gateway exposes an HTTP API and WebSocket connections. You need those reachable from wherever you run your clients — your laptop, your phone, your CI pipeline. The traditional answer is a domain name, a TLS certificate, and a public-facing reverse proxy. That's three more moving parts to maintain and three more attack surfaces to harden.

Tailscale replaces all of that. It uses WireGuard under the hood — a modern, audited VPN protocol — and adds a coordination layer that handles key exchange, NAT traversal, and device authentication. The result: every device on your "tailnet" can reach every other device directly, regardless of where they are or what NAT they're behind.

For OpenClaw specifically, the advantages stack up fast. Your gateway token stops being the only line of defense. Network-level isolation means only authenticated Tailscale devices can even attempt a connection. You don't need Nginx, Caddy, or Traefik for the security layer. And you can still add a reverse proxy on top if you want HTTPS for browser-based clients — but it's optional, not mandatory.

Installing Tailscale on Your OpenClaw Host

The fastest path is installing Tailscale directly on the host OS. This works for bare metal, VMs, and cloud instances.

# Install Tailscale on Ubuntu/Debian
curl -fsSL https://tailscale.com/install.sh | sh

# Start and authenticate
sudo tailscale up

# Confirm your tailnet IP
tailscale ip -4
# Output example: 100.94.12.47

# Enable IP forwarding for subnet routing (optional but useful)
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

The tailscale up command opens an authentication URL. Visit it in any browser, sign in with your Tailscale account, and the device joins your tailnet immediately. No reboot, no service restart.

Enable MagicDNS for Hostname Access

In the Tailscale admin console, go to DNS settings and enable MagicDNS. Once active, your OpenClaw host becomes reachable at http://your-hostname:8080 from any other tailnet device — no need to remember 100.x.x.x addresses.

This is the detail most people skip on first setup. Coming back three months later and not remembering your tailnet IP is frustrating. Enable MagicDNS now.

# Test connectivity from another tailnet device
curl http://openclaw-host:8080/health
# Expected: {"status":"ok","version":"1.x.x"}

# Or use the tailnet IP directly
curl http://100.94.12.47:8080/health

Connecting OpenClaw to Your Tailnet

OpenClaw doesn't need any Tailscale-specific configuration. Once Tailscale is running on your host, OpenClaw's gateway binds to its normal port (default 8080) and becomes reachable at your tailnet IP. That's it.

What you do need to configure is where OpenClaw's gateway.yaml points clients. If your agents and your clients are all on the same tailnet, use the tailnet hostname or IP as your gateway URL.

# gateway.yaml
gateway:
  url: http://openclaw-host:8080    # MagicDNS hostname
  token: your-gateway-token-here
  bind: 0.0.0.0:8080               # Binds to all interfaces including tailscale0

agents:
  - name: research-agent
    model: gpt-4o
    system_prompt: "You are a research assistant."

The bind: 0.0.0.0:8080 setting means OpenClaw listens on all network interfaces, including the tailscale0 interface Tailscale creates. If you want to restrict it to Tailscale only, replace with your tailnet IP: bind: 100.94.12.47:8080.

Tailscale ACLs: Locking Down Agent Access

By default, all devices on your tailnet can reach all other devices. For a personal setup, that's fine. For a team deployment, you want more control — specifically, only authorized machines should be able to hit your OpenClaw gateway port.

Tailscale's ACL system handles this through a policy file in the admin console. Here's a working policy that allows only tagged client machines to reach the OpenClaw server on port 8080.

{
  "tagOwners": {
    "tag:openclaw-server": ["autogroup:admin"],
    "tag:openclaw-client": ["autogroup:admin"]
  },
  "acls": [
    {
      "action": "accept",
      "src": ["tag:openclaw-client"],
      "dst": ["tag:openclaw-server:8080"]
    },
    {
      "action": "accept",
      "src": ["autogroup:admin"],
      "dst": ["tag:openclaw-server:*"]
    }
  ]
}

Tag your OpenClaw host with tag:openclaw-server and your client machines with tag:openclaw-client. Only tagged clients can now reach port 8080. Admins retain full access for management. Every other device on the tailnet is blocked at the network level — before a single packet reaches your OpenClaw process.

Running OpenClaw + Tailscale in Docker

If OpenClaw runs in Docker, the cleanest approach is adding a Tailscale sidecar to your compose stack. The sidecar joins the tailnet and routes traffic to the OpenClaw gateway container.

services:
  openclaw:
    image: openclaw/openclaw:latest
    container_name: openclaw
    environment:
      - OPENCLAW_GATEWAY_TOKEN=your-gateway-token
      - OPENCLAW_BIND=0.0.0.0:8080
    volumes:
      - ./config:/app/config
      - ./data:/app/data
    networks:
      - openclaw-net
    restart: unless-stopped

  tailscale:
    image: tailscale/tailscale:latest
    container_name: tailscale-sidecar
    hostname: openclaw-docker
    environment:
      - TS_AUTHKEY=tskey-auth-your-auth-key-here
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_EXTRA_ARGS=--advertise-tags=tag:openclaw-server
    volumes:
      - tailscale-state:/var/lib/tailscale
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    network_mode: "service:openclaw"
    restart: unless-stopped

networks:
  openclaw-net:

volumes:
  tailscale-state:

The key detail here is network_mode: "service:openclaw". This puts the Tailscale container in the same network namespace as the OpenClaw container. Tailscale exposes the OpenClaw port on the tailnet without needing any host-level networking changes. Generate a reusable auth key from the Tailscale admin console and set it as TS_AUTHKEY.

Verify the Docker Setup

# Check Tailscale status inside the sidecar
docker exec tailscale-sidecar tailscale status

# Verify OpenClaw is reachable from another tailnet device
curl http://openclaw-docker:8080/health

# Check which IP was assigned
docker exec tailscale-sidecar tailscale ip -4

Once this is running, OpenClaw is on your tailnet without a single port published to the Docker host. The host machine doesn't expose port 8080 at all. Traffic enters only through the encrypted Tailscale tunnel.

Common Mistakes With This Setup

• Using an ephemeral auth key for production — ephemeral keys expire and the container drops off the tailnet. Use a reusable key for persistent deployments, or configure key expiry in the Tailscale admin console to match your deployment lifecycle.
• Forgetting to persist Tailscale state — without the tailscale-state volume, the container re-authenticates from scratch on every restart. Persisting /var/lib/tailscale means the device keeps its tailnet IP and doesn't use up auth key allocations.
• Binding OpenClaw to localhost only — if gateway.yaml binds to 127.0.0.1:8080, the Tailscale interface can't route traffic to it. Bind to 0.0.0.0 or your specific tailnet IP.
• Skipping MagicDNS — tailnet IPs can change if a device is removed and re-added. Hostnames through MagicDNS are stable. Always use MagicDNS for your gateway URL in gateway.yaml.
• Leaving default ACLs that allow all devices — the default Tailscale policy allows all devices to reach all devices. That's fine for personal use but a problem for team deployments. Set up tag-based ACLs before sharing the tailnet with others.

Frequently Asked Questions

Do I need to open any firewall ports to use OpenClaw with Tailscale?

No open ports required. Tailscale creates an encrypted mesh network between devices using WireGuard. Your OpenClaw host never exposes anything to the public internet. All traffic routes through Tailscale's coordination server for NAT traversal, then flows directly peer-to-peer once connected.

What is the Tailscale IP address format for OpenClaw connections?

Tailscale assigns every device a stable 100.x.x.x IP address. Your OpenClaw gateway becomes reachable at that address from any other device on your tailnet. Enable MagicDNS to use hostnames like http://openclaw-host:8080 instead of numeric IPs for more stable configuration.

Can I restrict which devices can reach my OpenClaw gateway on Tailscale?

Yes, through Tailscale ACLs. Define rules in the Access Controls section of the Tailscale admin console to allow only specific devices or tags to connect to your OpenClaw host on port 8080. This is far more granular than firewall rules and applies instantly across your tailnet.

Does Tailscale work when OpenClaw is running inside Docker?

Yes. Run the Tailscale container alongside OpenClaw in the same Docker compose stack using network_mode: "service:openclaw". The Tailscale sidecar bridges the container network to your tailnet, exposing OpenClaw without publishing any ports to the Docker host.

What happens to my OpenClaw connection if Tailscale disconnects?

OpenClaw connections drop when Tailscale disconnects, but agents continue running locally. Tailscale automatically reconnects within seconds for most network interruptions. Persist the Tailscale state directory and use reusable auth keys to ensure automatic reconnection on restart.

Is Tailscale free for OpenClaw self-hosted setups?

Tailscale's free plan supports up to 3 users and 100 devices, which covers most home lab and small team setups. For larger teams needing SSO, custom ACLs, or more than 100 devices, paid plans start at $6 per user per month. The free tier handles most self-hosted OpenClaw scenarios.