Node Connect
Goal: find the one real route from node -> gateway, verify OpenClaw is advertising that route, then fix pairing/auth.
Topology first
Decide which case you are in before proposing fixes:
- - same machine / emulator / USB tunnel
- same LAN / local Wi-Fi
- same Tailscale tailnet
- public URL / reverse proxy
Do not mix them.
- - Local Wi-Fi problem: do not switch to Tailscale unless remote access is actually needed.
- VPS / remote gateway problem: do not keep debugging
localhost or LAN IPs.
If ambiguous, ask first
If the setup is unclear or the failure report is vague, ask short clarifying questions before diagnosing.
Ask for:
- - which route they intend: same machine, same LAN, Tailscale tailnet, or public URL
- whether they used QR/setup code or manual host/port
- the exact app text/status/error, quoted exactly if possible
- whether
openclaw devices list shows a pending pairing request
Do not guess from can't connect.
Canonical checks
Prefer openclaw qr --json. It uses the same setup-code payload Android scans.
CODEBLOCK0
If this OpenClaw instance is pointed at a remote gateway, also run:
CODEBLOCK1
If Tailscale is part of the story:
CODEBLOCK2
Read the result, not guesses
INLINECODE4� success means:
- -
gatewayUrl: this is the actual endpoint the app should use. - INLINECODE6�: this tells you which config path won.
Common good sources:
- -
gateway.bind=lan: same Wi-Fi / LAN only - INLINECODE8�: direct tailnet access
- INLINECODE9� or
gateway.tailscale.mode=funnel: Tailscale route - INLINECODE11�: explicit public/reverse-proxy route
- INLINECODE12�: remote gateway route
Root-cause map
If openclaw qr --json says Gateway is only bound to loopback:
- - remote node cannot connect yet
- fix the route, then generate a fresh setup code
- INLINECODE15� is not enough if the effective QR route is still loopback
- same LAN: use �INLINECODE16
- same tailnet: prefer
gateway.tailscale.mode=serve or use �INLINECODE18 - public internet: set a real
plugins.entries.device-pair.config.publicUrl or �INLINECODE20
If gateway.bind=tailnet set, but no tailnet IP was found:
- - gateway host is not actually on Tailscale
If qr --remote requires gateway.remote.url:
- - remote-mode config is incomplete
If the app says pairing required:
- - network route and auth worked
- approve the pending device
CODEBLOCK3
If the app says bootstrap token invalid or expired:
- - old setup code
- generate a fresh one and rescan
- do this after any URL/auth fix too
If the app says unauthorized:
- - wrong token/password, or wrong Tailscale expectation
- for Tailscale Serve,
gateway.auth.allowTailscale must match the intended flow - otherwise use explicit token/password
Fast heuristics
- - Same Wi-Fi setup + gateway advertises
127.0.0.1, localhost, or loopback-only config: wrong. - Remote setup + setup/manual uses private LAN IP: wrong.
- Tailnet setup + gateway advertises LAN IP instead of MagicDNS / tailnet route: wrong.
- Public URL set but QR still advertises something else: inspect
urlSource; config is not what you think. - INLINECODE30� shows pending requests: stop changing network config and approve first.
Fix style
Reply with one concrete diagnosis and one route.
If there is not enough signal yet, ask for setup + exact app text instead of guessing.
Good:
Bad:
Node Connect
目标:找到从节点到网关的唯一真实路由,验证OpenClaw是否正在通告该路由,然后修复配对/认证。
先确定拓扑结构
在提出修复方案前,先判断你属于哪种情况:
- - 同一台机器/模拟器/USB隧道
- 同一局域网/本地Wi-Fi
- 同一Tailscale tailnet
- 公共URL/反向代理
不要混用。
- - 本地Wi-Fi问题:除非确实需要远程访问,否则不要切换到Tailscale。
- VPS/远程网关问题:不要继续调试localhost或局域网IP。
如果不明确,先提问
如果配置不清晰或故障报告含糊不清,在诊断前先提出简短的问题进行澄清。
询问:
- - 他们打算使用哪种路由:同一台机器、同一局域网、Tailscale tailnet或公共URL
- 他们是使用二维码/设置码还是手动输入主机/端口
- 确切的应用程序文本/状态/错误,如果可能的话直接引用原文
- openclaw devices list是否显示待处理的配对请求
不要从无法连接中猜测。
标准检查
优先使用openclaw qr --json。它使用与Android扫描相同的设置码负载。
bash
openclaw config get gateway.mode
openclaw config get gateway.bind
openclaw config get gateway.tailscale.mode
openclaw config get gateway.remote.url
openclaw config get gateway.auth.mode
openclaw config get gateway.auth.allowTailscale
openclaw config get plugins.entries.device-pair.config.publicUrl
openclaw qr --json
openclaw devices list
openclaw nodes status
如果此OpenClaw实例指向远程网关,还要运行:
bash
openclaw qr --remote --json
如果涉及Tailscale:
bash
tailscale status --json
读取结果,而非猜测
openclaw qr --json成功意味着:
- - gatewayUrl:这是应用程序应该使用的实际端点。
- urlSource:这告诉你哪个配置路径胜出。
常见的正确来源:
- - gateway.bind=lan:仅限同一Wi-Fi/局域网
- gateway.bind=tailnet:直接tailnet访问
- gateway.tailscale.mode=serve或gateway.tailscale.mode=funnel:Tailscale路由
- plugins.entries.device-pair.config.publicUrl:明确的公共/反向代理路由
- gateway.remote.url:远程网关路由
根本原因映射
如果openclaw qr --json显示网关仅绑定到回环地址:
- - 远程节点尚无法连接
- 修复路由,然后生成新的设置码
- 如果有效的二维码路由仍然是回环地址,gateway.bind=auto是不够的
- 同一局域网:使用gateway.bind=lan
- 同一tailnet:优先使用gateway.tailscale.mode=serve或使用gateway.bind=tailnet
- 公共互联网:设置真实的plugins.entries.device-pair.config.publicUrl或gateway.remote.url
如果设置了gateway.bind=tailnet,但未找到tailnet IP:
如果qr --remote需要gateway.remote.url:
如果应用程序显示需要配对:
bash
openclaw devices list
openclaw devices approve --latest
如果应用程序显示引导令牌无效或已过期:
- - 旧的设置码
- 生成新的设置码并重新扫描
- 在任何URL/认证修复后也要执行此操作
如果应用程序显示未授权:
- - 令牌/密码错误,或Tailscale期望不匹配
- 对于Tailscale Serve,gateway.auth.allowTailscale必须与预期流程匹配
- 否则使用明确的令牌/密码
快速启发式判断
- - 同一Wi-Fi设置 + 网关通告127.0.0.1、localhost或仅回环配置:错误。
- 远程设置 + 设置/手动使用私有局域网IP:错误。
- Tailnet设置 + 网关通告局域网IP而非MagicDNS/tailnet路由:错误。
- 设置了公共URL但二维码仍然通告其他内容:检查urlSource;配置并非你所想的那样。
- openclaw devices list显示待处理请求:停止更改网络配置,先批准。
修复风格
回复一个具体的诊断和一个路由。
如果信号不足,先询问设置和确切的应用程序文本,而不是猜测。
好的示例:
- - 网关仍然是仅回环模式,因此另一个网络上的节点永远无法到达它。启用Tailscale Serve,重启网关,再次运行openclaw qr,重新扫描,然后批准待处理的设备配对。
不好的示例:
- - 可能是局域网,可能是Tailscale,可能是端口转发,可能是公共URL。
