OpenClaw + Tailscale: Secure Setup for Always-On AI Agent (Zero Public Ports)

Key Takeaways

OpenClaw + Tailscale creates a zero-trust, encrypted mesh network for your AI agent, eliminating public ports and reducing attack surface dramatically.
Official integration auto-configures Tailscale Serve (tailnet-only HTTPS) or Tailscale Funnel (public with password) while keeping the Gateway bound to loopback for maximum security.
Production setups on VPS (Hetzner, DigitalOcean), Mac Mini, or Raspberry Pi achieve always-on operation with ACLs, tags, and sandboxing.
Benchmarks and community deployments show near-zero latency on tailnet access, robust against brute-force and credential-stuffing attacks.
Advanced configurations include Tailscale SSH, identity headers, and strict ACLs to isolate the agent node.

What Is OpenClaw?

OpenClaw is an open-source, self-hosted autonomous AI agent that connects large language models (such as Claude or GPT) to messaging platforms like Telegram, WhatsApp, Discord, and Slack. It executes real-world tasks—including shell commands, file operations, email/calendar management, browser automation, and custom “skills” developed by the community.

Unlike traditional chatbots, OpenClaw runs persistently, supports proactive heartbeats/schedulers, long-term memory via local Markdown files, and self-improvement through dynamic skill creation. Its Gateway component acts as the secure message router and control interface.

The project gained massive traction shortly after launch in late 2025, with rapid community growth around secure, production-grade deployments.

Why Pair OpenClaw with Tailscale?

Exposing the OpenClaw Gateway directly to the internet introduces significant risks: the agent can run arbitrary commands, access files, and use API keys. Public ports invite brute-force attacks, credential stuffing, and potential remote code execution.

Tailscale solves this by providing a WireGuard-based mesh VPN with zero configuration. Devices authenticate via OAuth or auth keys and receive stable, private IPs (100.x.x.x range) and magic DNS hostnames. No port forwarding or public exposure is required.

Analysis shows that Tailscale-integrated OpenClaw deployments achieve:

Zero public attack surface on properly configured hosts.
Automatic HTTPS certificates via Tailscale Serve.
Identity-based authentication using Tailscale user/machine headers.
Seamless remote access from laptops, phones, or other tailnet nodes.

Community feedback indicates this combination is the de facto standard for “invisible bunker” setups on VPS or home servers.

Official OpenClaw Tailscale Integration

OpenClaw’s Gateway natively supports Tailscale automation through configuration and CLI flags.

Supported Modes

serve (recommended for most users): Tailnet-only access. Gateway binds to loopback (127.0.0.1). Tailscale Serve proxies HTTPS traffic with valid certificates and optional identity headers.
funnel: Public HTTPS via Tailscale Funnel, protected by a shared password. Use only when deliberate public access is needed.
off (default): No automation—manual Tailscale configuration required.

Configuration Example (in your OpenClaw config, typically YAML/JSON):

gateway:
  bind: "loopback"
  tailscale:
    mode: "serve"
  # Optional: control UI settings
  controlUi:
    allowInsecureAuth: false  # Enforce HTTPS

CLI One-Liners:

# Tailnet-only (recommended)
openclaw gateway --tailscale serve

# Public with password protection
openclaw gateway --tailscale funnel --auth password

These commands automatically register the appropriate tailscale serve or funnel rules for the dashboard and WebSocket ports. Access the Control UI securely at https://your-machine.tailnet.ts.net from any authenticated device.

Step-by-Step: Secure OpenClaw + Tailscale Setup

1. Provision Host (VPS, Mac Mini, or Pi)

Choose a persistent always-on host. Popular options include Hetzner Cloud (low-cost ARM/AMD), DigitalOcean droplets, or local Mac Mini/Raspberry Pi.

2. Install and Authenticate Tailscale

curl -fsSL https://tailscale.com/install.sh | sh
tailscale up

For headless/automation use auth keys (recommended for VPS):

Create a reusable auth key in the Tailscale admin console with appropriate tags (e.g., tag:infra).

tailscale up --authkey tskey-auth-...

3. Harden the Host

Create a dedicated non-root openclaw user.
Disable password SSH; enable Tailscale SSH (tailscale up --ssh).
Configure firewall (UFW/firewalld): allow only Tailscale interface (tailscale0) or block all inbound except established connections.
Enable sandboxing in OpenClaw for risky operations (containers/Podman).

Example UFW Rules (VPS):

ufw default deny incoming
ufw default allow outgoing
ufw allow from 100.64.0.0/10 to any  # Tailscale range (adjust as needed)
ufw enable

4. Install OpenClaw

Follow official methods (npm global, install script, or Docker). Run the onboarding wizard:

openclaw onboard --install-daemon

Configure LLM API keys, messaging channels (Telegram recommended for mobile control), and skills.

5. Enable Tailscale Integration

Apply the gateway.bind: loopback + tailscale.mode: serve configuration. Restart the Gateway daemon.

Access the dashboard privately via Tailscale IP or magic DNS. Test WebSocket connectivity for real-time agent interaction.

6. Optional: Tailnet ACLs and Tags

In the Tailscale admin console, define ACLs to isolate the OpenClaw node:

{
  "acls": [
    {
      "action": "accept",
      "src": ["tag:admin"],
      "dst": ["tag:infra:*"]
    }
  ]
}

This prevents the agent node from initiating connections to other sensitive devices while allowing admin access.

Advanced Configurations and Edge Cases

Mac Mini 24/7 Setup: Install Tailscale via brew, run OpenClaw as daemon. Use brainpack for seamless brain/memory migration when switching hosts. Add a daily heartbeat skill for weather/calendar summaries.
Docker / DigitalOcean App Platform: Use pre-built images with TAILSCALE_ENABLE=true and TS_AUTHKEY secret. Persist data via volumes or object storage.
Zero Public Ports on VPS: Combine loopback bind, Tailscale Serve, and host firewall. Many production users report no successful attacks after months of operation.
Remote Access Alternatives: SSH tunnels or Tailscale SSH as fallback when Serve is unavailable.
High-Security Isolation: Run OpenClaw inside Podman/Docker with limited capabilities; use Tailscale subnet routers only if needed.
Common Pitfalls:
- Installing Tailscale after OpenClaw without restarting the daemon (causes connectivity loss).
- Binding Gateway to 0.0.0.0 or public interfaces unnecessarily.
- Using weak Tailscale ACLs that allow lateral movement.
- Forgetting to enable sandboxing for shell/browser skills.
- Public Funnel without strong password or rate limiting.

Performance Insight: Tailnet latency is typically <50ms even across continents; HTTPS termination is handled efficiently by Tailscale. Benchmarks from community VPS deployments show negligible overhead compared to direct binding.

Troubleshooting Common Issues

Gateway dies after Tailscale install: Restart OpenClaw daemon and verify tailscale status.
Dashboard requires insecure auth: Switch to Tailscale Serve mode instead of allowing allowInsecureAuth.
WebSocket connection failures: Ensure both client and server are on the same tailnet; check firewall rules for Tailscale interface.
Auth key expiration: Use reusable keys or automate rotation via Tailscale API.

Monitor logs with journalctl (systemd) or Docker logs. Official docs provide detailed remote access runbooks.

Conclusion

Combining OpenClaw with Tailscale delivers the ideal balance of power and security for a self-hosted autonomous AI agent. By keeping the Gateway on loopback and leveraging Tailscale Serve for private HTTPS access, operators achieve true zero-trust networking while maintaining full functionality across devices.

This approach has become the gold standard in the OpenClaw community for production, always-on deployments on VPS, home servers, or dedicated hardware.

Ready to secure your AI agent? Start by installing Tailscale on your host, then follow the official OpenClaw Gateway Tailscale configuration. Explore the growing ecosystem of skills and join community discussions for the latest optimizations.

Take control of your personal AI today—privately, securely, and without exposing a single public port.