Accessing OpenClaw Remotely
OpenClaw's dashboard runs on localhost by default (port 3000). To access it from another device — such as your phone, tablet, or a remote workstation — you need a secure tunnel. Never expose OpenClaw directly to the public internet.
Recommended Methods
1. Tailscale (Recommended)
Tailscale creates a private WireGuard-based mesh VPN between your devices. It requires zero port forwarding and works behind NATs and firewalls.
# Install Tailscale on both machines
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
# Access OpenClaw via your Tailscale IP
http://100.x.x.x:30002. SSH Tunnel
If you already have SSH access to your OpenClaw server:
ssh -L 3000:localhost:3000 user@your-serverThen access the dashboard at http://localhost:3000 on your local machine.
3. Cloudflare Tunnel
For more permanent setups, Cloudflare Tunnel provides authenticated access without exposing ports:
cloudflared tunnel create openclaw
cloudflared tunnel route dns openclaw dashboard.yourdomain.com
cloudflared tunnel run openclawSecurity Checklist for Remote Access
- Never expose port 3000 directly to the internet
- Always use encrypted tunnels (WireGuard, SSH, or TLS)
- Enable authentication on the OpenClaw dashboard
- Use strong, unique passwords or certificate-based authentication
- Monitor access logs for unauthorized connection attempts
Prompt Guardian
Protect your AI agent from prompt injection and malicious commands.