Does Tailscale work with Docker?

Yes. Install Tailscale on the Docker host, then bind OpenClaw to the host's Tailscale IP. You can also run Tailscale inside a Docker container for more advanced setups.

Is Tailscale free for personal use?

Yes. Tailscale offers a free Personal plan with up to 100 devices and 3 users. For teams, paid plans start at $6/user/month.

Can I still use HTTPS with Tailscale?

Yes. Tailscale supports automatic HTTPS via Tailscale Funnel, or you can configure your own reverse proxy with Let's Encrypt certificates.

What if I need to access OpenClaw from a device without Tailscale?

Use Tailscale Funnel to expose OpenClaw to the public internet via a secure HTTPS URL. This is safer than exposing it directly on your own IP.

🛡️Security & Hardening

How to Set Up Tailscale with OpenClaw

Intermediate30-60 minutesUpdated 2025-01-14

Exposing OpenClaw to the public internet is risky. Tailscale creates a private, encrypted mesh network so you can access your OpenClaw instance from anywhere without opening firewall ports, configuring VPNs, or managing certificates. This guide shows you how to deploy OpenClaw on Tailscale, configure access controls, and enable MagicDNS for seamless private connectivity.

Why This Is Hard to Do Yourself

These are the common pitfalls that trip people up.

🌍

Public internet exposure

Running OpenClaw on 0.0.0.0 exposes it to port scanners, bots, and attackers scanning for vulnerabilities.

🔐

VPN complexity

Traditional VPNs require server setup, certificate management, and client configuration on every device.

🚪

Firewall rules

Opening ports like 3000 or 8080 creates attack surface. Forgetting to close them leaves you vulnerable.

📱

Multi-device access

Accessing OpenClaw from laptop, phone, and tablet without exposing it publicly requires complex routing.

Step-by-Step Guide

Step 1

Install Tailscale on the OpenClaw host

Install Tailscale on the machine running OpenClaw.

Step 2

Start Tailscale and authenticate

Connect your machine to your Tailscale network.

Step 3

Configure OpenClaw to listen on Tailscale IP

Bind OpenClaw to the Tailscale network interface only.

Warning: Do NOT use 0.0.0.0 or 127.0.0.1 as the bind host. Use your actual Tailscale IP (starts with 100.x.x.x) to ensure OpenClaw is only accessible via Tailscale.

Step 4

Set up Tailscale ACLs

Control which Tailscale devices can access OpenClaw.

Step 5

Enable MagicDNS for easy access

Access OpenClaw via hostname instead of IP.

Step 6

Install Tailscale on client devices

Install Tailscale on devices that need to access OpenClaw.

Step 7

Test private access

Verify OpenClaw is accessible only via Tailscale.

Tailscale Setup Taking Too Long?

We configure production-grade Tailscale deployments with ACLs, subnet routing, exit nodes, and monitoring. Get secure private access to OpenClaw in hours, not days.

Browse Security experts →

Learn more about our expert service →

Get matched with a specialist who can help.

Frequently Asked Questions

Related Guides

🛡️Security & Hardening

How to Configure OpenClaw Gateway Authentication

Intermediate45-90 minutes

🛡️Security & Hardening

How to Set Up Firewall Rules for OpenClaw

Intermediate30-60 minutes