The video topic is remote dashboard access, but the safest written version is not 'make the control UI public'. Keep the gateway on loopback or a private tailnet and bring your browser to it with a tunnel.
Quick answer
Do not publish the dashboard port directly. Keep the gateway local, print the dashboard link on the host, and use SSH tunneling or Tailscale to reach it from outside.
Command line steps
1. Confirm the gateway is running locally
Start from a healthy local gateway before you layer on any remote access method.
BASH
$openclaw gateway status --require-rpc
openclaw dashboard --no-open
2. Use SSH port forwarding instead of opening the port
This keeps the OpenClaw gateway private and only forwards it into your local browser session.
BASH
$ssh -L 18789:127.0.0.1:18789 user@your-host
# keep the SSH session open, then open http://127.0.0.1:18789 locally
3. If you already use Tailscale, keep access on the tailnet
A tailnet is safer than raw port forwarding because the gateway is not exposed as an open public service.
BASH
$openclaw gateway --tailscale serve
openclaw dashboard --no-open
What to check if it still fails
- If you see pairing or auth issues, regenerate the dashboard URL with
openclaw dashboard --no-openon the host itself. - If you changed bind settings earlier, inspect them with
openclaw config get gateway.bindand avoidlanunless you have a reason. - If remote access is failing, debug the gateway first with
openclaw gateway status --require-rpcandopenclaw logs --follow.