ClawHosters ClawHosters
OpenClaw + Tailscale Setup Guide: Secure Remote Access Without Port Forwarding
$ ./blog/guides
Guides

OpenClaw + Tailscale Setup Guide: Secure Remote Access Without Port Forwarding

ClawHosters
ClawHosters by Daniel Samer
5 min read

Port forwarding your AI agent to the public internet is a terrible idea. OpenClaw has broad access to your system, shell, files, network, and it eagerly reaches out to external APIs. Exposing that to the open web is asking for trouble. Tailscale gives you encrypted remote access to your OpenClaw instance through a private mesh network, and you don't need to touch your router config at all.

I've been setting this up for ClawHosters customers who want to self-host but still reach their agent from anywhere. Here's the configuration that actually works, along with the gotchas I ran into.

What You Need Before Starting

Before touching any config files, make sure you have:

  • A working OpenClaw installation (Docker or bare metal)

  • A Tailscale account (free tier works)

  • Tailscale installed on both your OpenClaw machine and whatever device you want to access it from

  • Tailscale v1.38.3 or newer if you plan to use Funnel mode

Both machines need to be on the same tailnet. Run tailscale status on each to confirm they can see each other.

Method 1: Tailscale Serve (Recommended)

Serve mode makes your OpenClaw instance available to every device on your tailnet, but invisible to the rest of the internet. This is what you want for personal use or small teams.

Step 1: Bind OpenClaw to Loopback

In your OpenClaw config, set the gateway to only listen on localhost:

{
  "gateway": {
    "bind": "loopback",
    "tailscale": {
      "mode": "serve"
    },
    "auth": {
      "mode": "token",
      "token": "your-secret-token-here",
      "allowTailscale": true
    },
    "controlUi": {
      "allowedOrigins": ["https://your-machine.tailXXXX.ts.net"]
    }
  }
}

The "bind": "loopback" part is important. It tells OpenClaw to only listen on 127.0.0.1, so nothing outside the machine (or Tailscale tunnel) can reach it.

Step 2: Enable Tailscale Serve

On your OpenClaw machine, run:

tailscale serve --bg https+insecure://localhost:18789

That tells Tailscale to proxy traffic from your tailnet address to the local OpenClaw port. The --bg flag keeps it running after you close the terminal.

Step 3: Access Your Agent

From any device on your tailnet, open:

https://your-machine.tailXXXX.ts.net

That's it. Encrypted, authenticated, no port forwarding. Your router never knows OpenClaw exists.

Common Pitfall: allowedOrigins

This one caught me off guard. OpenClaw doesn't auto-populate the allowedOrigins field with your Tailscale hostname (GitHub issue #27877 tracks this). If you skip it, the Control UI will refuse to load with a CORS error. You need to manually add your *.ts.net address to allowedOrigins in the config.

Method 2: Tailscale Funnel (Public Access)

Funnel exposes your OpenClaw instance to the public internet through Tailscale's network. I'd only recommend this if you have a specific reason, like sharing your agent with someone who isn't on your tailnet.

Funnel has restrictions. It only supports ports 443, 8443, and 10000. And you need v1.38.3 at minimum.

tailscale funnel --bg https+insecure://localhost:18789

Your instance becomes reachable at https://your-machine.tailXXXX.ts.net from anywhere on the internet. Tailscale handles the TLS certificate automatically.

If you're using Funnel, you absolutely need token auth enabled. Don't rely on Tailscale's network alone for security. As of v2026.5.27, OpenClaw actually blocks startup if you try to expose a no-auth instance via Tailscale. Good.

Security Checklist

Before you call this done, run through these:

  • Token auth is enabled with a strong, random token

  • Gateway bind is set to loopback, not 0.0.0.0

  • allowedOrigins includes your Tailscale hostname to avoid CORS issues

  • Tailscale ACLs are configured if you want to restrict which tailnet devices can reach the agent

  • You're using Serve, not Funnel, unless you have a real reason for public access

  • No ports are forwarded on your router to the OpenClaw machine

If you're running Docker, double-check that you haven't mapped port 18789 to the host. That would bypass the whole point of binding to loopback.

For a deeper look at OpenClaw security, the Is OpenClaw Safe? post covers container hardening, firewall rules, and authentication in detail.

When Self-Hosting Gets Old

Tailscale Serve is probably the cleanest way to self-host OpenClaw securely. But it's still self-hosting. You're still managing updates, monitoring uptime, and debugging when something breaks at 2am.

If that sounds like more than you signed up for, ClawHosters handles all of it. Pre-configured security, automatic updates, encrypted connections out of the box. No Tailscale setup required because the networking is already done. You can check the pricing or compare self-hosting vs managed to see what fits.

Frequently Asked Questions

Yes. Set the Docker container to only expose port 18789 to localhost (use `127.0.0.1:18789:18789` in your port mapping, not `0.0.0.0:18789:18789`). Then run `tailscale serve` on the host machine pointing to that local port.

Aperture acts as a proxy between OpenClaw and LLM providers, so your API keys never touch the OpenClaw machine. It's in public beta and free for up to six users. Set `apiKey` to `"-"` in your OpenClaw config and route traffic through Aperture instead.

Serve keeps your agent private to your tailnet. Only devices logged into your Tailscale account can reach it. Funnel exposes it to the public internet through Tailscale's edge network. For an AI agent with shell access, Serve is almost always the right choice.

In my testing, the overhead is around 2 to 8ms depending on geography. For an AI agent where LLM API calls take 500ms or more, you won't notice it.

The free tier supports up to 100 devices and includes both Serve and Funnel. That's more than enough for personal OpenClaw access.
*Last updated: June 2026*

Sources

  1. 1 broad access to your system
  2. 2 ClawHosters
  3. 3 Tailscale account
  4. 4 GitHub issue #27877
  5. 5 Is OpenClaw Safe?
  6. 6 ClawHosters
  7. 7 compare self-hosting vs managed
$ ./related --posts