OpenClaw Install / Docs / Gateway / Skills
EN
Get Started
Home

Switch language

简体中文 English
Start Install GuideQuick StartDocs Overview
Docs ChannelsModels & APIGateway OpsTools & Skills
More ArticlesResourcesHelp Center
Get Started
Documentation navigation Gateway Ops

Current Section

On This Page

Gateway Ops 2 sections

SSH / Tailnet

Remote Access

The standard remote model is one always-on Gateway host that your laptop, desktop or nodes connect to through SSH tunnels or a tailnet. The key idea is that all state, channels and sessions remain centered on that Gateway host.

Tailscale Authentication Security

Common Remote Patterns

Tailnet

Always-on remote Gateway

The best fit for a VPS or a home server: the Gateway stays resident and clients reach it through Tailscale Serve or an SSH tunnel.

Desktop

Home desktop as the primary host

The laptop becomes a remote controller only, while the desktop runs the agent and the Gateway itself.

Laptop

Gateway on a laptop, other devices connect in

Useful for temporary development or personal use. Even then, keep the Gateway on loopback and expose it through a secure tunnel or Serve.

Nodes

Nodes are not a second Gateway

Nodes are peripheral devices and should not carry the main state or channel integrations unless you intentionally design a multi-instance setup.

SSH Tunnels and Remote Defaults

Local port forwarding to Gateway

ssh -N -L 18789:127.0.0.1:18789 user@host

CLI remote defaults

{
  gateway: {
    mode: "remote",
    remote: {
      url: "ws://127.0.0.1:18789",
      token: "your-token"
    }
  }
}