Tailscale + 非 loopback 绑定启动崩溃排障:先收敛监听地址再放开网络面
解决 gateway 在 Tailscale 与非 loopback 绑定同时出现时的启动崩溃。前置:可调整 gateway bind/address 与网络代理配置。步骤:最小化监听配置复现→按接口分离本地与 Tailscale 访问→重启并观察日志→逐步恢复反代/防火墙规则。关键命令:`openclaw gateway status/restart`。验证:重启后服务稳定且局域网/Tailscale 访问均正常。风险:错误监听暴露会扩大外网攻击面。
GITHUBDiscovered 2026-02-15Author yinghaosang
Prerequisites
- Host uses Tailscale and custom bind host/port for OpenClaw gateway.
- You can change gateway config and run controlled restart windows.
Steps
- Start from a known-good local-only bind (`127.0.0.1`) and confirm gateway boots cleanly.
- Introduce Tailscale-facing address incrementally and verify port exposure with firewall restrictions in place.
- Check startup logs for bind conflicts/interface resolution errors before enabling reverse proxy paths.
- After stable boot, run connectivity checks from local LAN and Tailscale peer separately.
Commands
openclaw gateway statusopenclaw gateway restartopenclaw statusVerify
Gateway survives repeated restarts with no crash loop, and both local and Tailscale clients complete pairing normally.
Caveats
- Never expose privileged gateway endpoints directly to public internet without auth hardening.
- Exact interface-selection behavior can differ across Linux distro/network stack(需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗