Remote Access

Access your OpenClaw (formerly Clawdbot and Moltbot) Gateway remotely via SSH, Tailscale, or discovery

By default, the Gateway runs on loopback (127.0.0.1) for security. However, you can access it remotely using SSH tunnels, Tailscale, or by configuring remote binding with proper authentication.

SSH Tunnels

SSH tunnels provide secure encrypted access to your Gateway:

Creating an SSH Tunnel

SSH Tunnel 
ssh -L 18789:localhost:18789 user@gateway-host

This creates a tunnel from your local port 18789 to the Gateway's port 18789 on the remote host.

Using the Tunnel

Once the tunnel is established:

  • Access Control UI at http://localhost:18789
  • Connect nodes via ws://localhost:18789
  • All traffic is encrypted through SSH

Tailscale

Tailscale provides a secure VPN for remote access:

Gateway Configuration

Configure Gateway to bind to Tailscale:

Tailscale Bind 
openclaw gateway --bind tailnet --token YOUR_TOKEN

Note: Token is required for non-loopback binds.

Tailscale Setup

  1. Install Tailscale on Gateway host
  2. Install Tailscale on client devices
  3. Join same Tailnet
  4. Configure Gateway with --bind tailnet
  5. Access via Tailscale IP

Gateway Discovery

Moltbot supports automatic Gateway discovery:

  • Bonjour/mDNS - Automatic discovery on local network
  • Manual Configuration - Specify Gateway address
  • Pairing - Secure pairing process for nodes

Discovery Methods

  • Local Network - Automatic discovery via mDNS
  • Tailnet - Discovery across Tailscale network
  • Manual - Specify Gateway address directly

Remote Gateway Binding

For production or when you need direct remote access:

Configuration

Remote Bind Config 
{
  "gateway": {
    "bind": "0.0.0.0",
    "port": 18789,
    "auth": {
      "mode": "token",
      "token": "your-secure-token"
    }
  }
}

Security Warning: Only expose Gateway directly if:

  • You have proper authentication configured
  • You understand the security implications
  • You're using a firewall/VPN
  • You've reviewed the security guide

Node Pairing

iOS and Android nodes pair securely with the Gateway:

  1. Start Gateway with pairing enabled
  2. Open node app (iOS/Android)
  3. Scan QR code or enter pairing code
  4. Node connects securely

Pairing ensures only authorized devices can connect.

Best Practices

  • Use SSH Tunnels - Most secure for occasional access
  • Use Tailscale - Best for regular remote access
  • Enable Authentication - Always use tokens for non-loopback
  • Firewall Rules - Restrict Gateway port access
  • VPN First - Prefer VPN over direct exposure
  • Monitor Access - Review Gateway logs regularly

Troubleshooting

Connection Issues

  • Verify Gateway is running: openclaw status
  • Check firewall rules
  • Verify network connectivity
  • Check Gateway logs

Authentication Issues

  • Verify token is correct
  • Check Gateway auth configuration
  • Ensure token is set for non-loopback binds

Learn More