Reddit 实测:Tailnet 场景下 configure 后仍回落 localhost 的排障流程
问题/场景:希望 tailnet 远程访问,但 configure 后 gateway 仍绑定 localhost。前置条件:已安装 Tailscale 且有 gateway 管理权限。实施步骤:核对 bind/auth 约束、用 probe 确认监听地址、必要时显式 `--bind tailnet --tailscale serve`。关键命令:`openclaw gateway status`、`openclaw gateway probe --json`。验证:tailnet 端可稳定连接。风险:非 loopback 无鉴权会被策略拦截。
REDDITDiscovered 2026-02-16Author u/Toontje
Prerequisites
- Tailscale is installed and the host is online in your tailnet.
- Gateway token/password auth is available (required for non-loopback binds).
Steps
- Run status + probe to confirm whether listener is still loopback-only.
- Re-check configure bind/auth options and ensure non-loopback bind is paired with token/password auth.
- If inconsistent, start gateway with explicit tailnet flags and verify probe output again.
- Connect from another tailnet device using explicit URL+token and verify handshake stability.
Commands
openclaw gateway statusopenclaw gateway probe --jsonopenclaw gateway --bind tailnet --tailscale serve --token <TOKEN>openclaw gateway health --url ws://127.0.0.1:18789Verify
Probe shows tailnet-reachable endpoint and remote client authenticates repeatedly without fallback to localhost-only mode.
Caveats
- Non-loopback without auth is blocked by design; do not bypass it.
- Some failures may come from firewall/Tailscale ACL rather than OpenClaw config(需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗