SSH works and tailscale ping succeeds, but the OpenClaw client times out—why?

Confirm openclaw gateway status shows running and the RPC probe is OK. If the gateway only binds loopback, tailnet peers must reach it through Tailscale Serve or an SSH local forward such as ssh -L 18789:127.0.0.1:18789. Reachability of the Tailscale IP does not imply port 18789 is forwarded to the gateway process.

Why do I keep seeing unauthorized or failed connect challenges?

When using --url overrides, you must pass --token or --password explicitly; overrides do not inherit saved profiles. After rotation, verify both sides use the same generation of credentials. With Serve, if allowTailscale is disabled, expect traditional token or password on every API call.

The gateway refuses to start after enabling Funnel—what changed?

Funnel mode requires password authentication per upstream docs. Set gateway.auth.mode password and OPENCLAW_GATEWAY_PASSWORD. Also verify HTTPS, MagicDNS, funnel tags on the node, and supported listener ports.

Subnet routes are approved but internal services stay unreachable—what should I check?

On the advertising Mac, validate IP forwarding sysctl values, local firewall rules, and return paths to the target LAN. In ACLs, ensure your source devices are allowed to use that subnet route. Test with raw IPs before blaming MagicDNS.

2026 OpenClaw + Tailscale: Rented Mac Gateway, Subnet Routes, Funnel/ACL & Token Rotation

Teams want the OpenClaw Gateway online when laptops sleep and home uplinks flap. Placing it on a rented Mac gives stable listeners, audit boundaries, and room for Tailscale without sharing a personal device. It mirrors docs.openclaw.ai/gateway, remote access, and Tailscale integration: keep gateway.bind on loopback, prefer Serve inside the tailnet, add subnet routes only where RFC1918 reachability is real, and treat Funnel as a gated exception. For install baselines, pair this with our Docker install and hardening walkthrough and first-time SSH and VNC checklist for the same rental host.

Why run the gateway on rented Mac metal

A gateway is closer to infrastructure than a casual CLI session. Moving it off your laptop removes sleep cycles, VPN quirks, and accidental kill -9 during presentations.

Uptime — Rental providers target always-on Mac mini class hosts with predictable power and cooling.
Network posture — You can keep the control plane off the public LAN while still using Tailscale paths your security team already reviews.
Blast-radius control — Pair network ACLs with OpenClaw skill egress limits from sandbox and allowlist hardening so one compromised tool cannot wander the whole tailnet.

Docs alignment: gateway bind and least privilege

Use the table below when you brief security or platform reviewers. Every row maps official guidance to practical choices on a provider-managed Mac.

Topic	Official expectation	Rented Mac practice
gateway.bind	Default loopback; wider binds require token or password auth.	Stay on loopback; front with Serve, SSH -L, or a co-located reverse proxy—avoid raw 18789 on shared LANs.
Tailscale Serve	HTTPS inside the tailnet; optional allowTailscale headers for UI paths.	Keep API routes on explicit tokens; disable identity shortcuts if untrusted workloads share the host.
Funnel	Requires password mode; depends on HTTPS, MagicDNS, funnel-capable nodes.	Enable only for short-lived operator windows; store passwords in environment variables, not world-readable files.
Remote CLI	--url overrides need explicit --token or --password.	Automation must reload secrets after each rotation; tunnels can look healthy while auth stays stale.

Subnet routes versus Serve versus Funnel

Subnet routing lets tailnet devices reach internal-only services through the Mac that advertises the route—think private artifact registries or legacy HTTP helpers. Approve the narrowest prefix in the Tailscale admin UI, enable forwarding on that Mac, and verify return paths before you rely on it in production.

Serve is the default answer for “remote team, private network.” The gateway stays on 127.0.0.1; Tailscale terminates TLS and injects trusted headers where allowed.

Funnel publishes the same entry to the public internet. Reserve it for vendors or contractors who cannot join your tailnet. Expect stricter authentication and operational monitoring.

Experiments (promote to config files for real deployments):

# Tailnet-only path (gateway remains loopback)
openclaw gateway --tailscale serve

# Public internet path (use password auth and policy review)
openclaw gateway --tailscale funnel --auth password

ACL tightening and credential rotation

Sketch the connection graph before you paste JSON into Tailscale: which laptops may hit the Serve endpoint, which tags represent CI runners, and which upstream APIs the gateway needs. Default deny everything else.

Subnet advertisements should map to groups, not “entire company,” unless compliance demands it. Combine tailnet ACLs with OpenClaw-side egress controls so compromised skills cannot pivot through freshly opened RFC1918 corridors.

Token rotation should align with maintenance windows from your Mac rental vendor. Generate a fresh OPENCLAW_GATEWAY_TOKEN, update the remote launch environment, restart the gateway, run openclaw gateway status plus openclaw channels status --probe, then push the new secret to laptops and automation. Revoke the old material and attach a change record when disks might be imaged or reused across tenants.

HowTo: minimal reproducible steps

Join Tailscale on the rental Mac — Confirm version, hostname, and MagicDNS expectations with your admin.
Install OpenClaw using the official path — CLI or Docker; mirror bind and token guidance from the gateway docs.
Start with loopback bind and token auth — Prove openclaw gateway status locally over SSH before exposing anything.
Enable Serve — Validate WebSocket and UI flows from a second tailnet device without opening Funnel.
Add subnet routes only if required — Test with explicit IPs, then tighten ACLs to the operators who need those prefixes.
Optional Funnel — Switch to password mode, document owners, and schedule automatic teardown.
Rotate credentials quarterly or after incidents — Treat gateway tokens like production API keys.

Citable anchors: default listener 127.0.0.1:18789; health endpoints /healthz and /readyz; Tailscale modes serve versus funnel; environment variables OPENCLAW_GATEWAY_TOKEN and OPENCLAW_GATEWAY_PASSWORD.

Connectivity FAQ

Tailscale ping works but WebSockets fail. You probably never forwarded 18789 to the loopback listener. Add Serve or an SSH tunnel, then retest with openclaw gateway status on the server.

Constant unauthorized responses. Check for --url without matching --token, or mismatched generations after a rotation.

Funnel refuses to boot the gateway. Confirm password mode, funnel tags, HTTPS, and MagicDNS prerequisites from the Tailscale documentation set.

Approved subnet routes still drop packets. Inspect sysctl forwarding, host firewalls, and ACL lines that authorize both the route and the destination port.

Summary

Rented Mac gateways convert OpenClaw from a laptop experiment into a service your team can depend on. Keep loopback bind as the anchor, use Tailscale Serve and ACLs for everyday remote access, and treat Funnel plus subnet routes as explicit risk decisions backed by monitoring. Rotate OPENCLAW_GATEWAY_TOKEN on a schedule to bound exposure from shared infrastructure.

When you are ready for dedicated capacity, open pricing and purchase to compare Mac mini M4 tiers—both pages stay readable without forcing login. Need break-fix help? Use support.