Skip to content

[Bug]: The Control UI is not accessible via Tailscale (or any remote network) in version 2026.2.26, despite having correct configuration settings. #30990

Closed
#31088
#31058
Closed
[Bug]: The Control UI is not accessible via Tailscale (or any remote network) in version 2026.2.26, despite having correct configuration settings.#30990
#31088
#31058
Labels
bugSomething isn't workingregressionBehavior that previously worked and now fails
@robotphil

Description

@robotphil
robotphil
opened on Mar 1, 2026

Bug type

Regression (worked before, now fails)

Summary

Environment

  • OpenClaw version: 2026.2.26
  • OS: Linux 6.8.0-101-generic (x64)
  • Node: v22.22.0
  • Gateway mode: local
  • Bind mode: lan (also tested with auto, tailnet)

Configuration

{
  "gateway": {
    "port": 18789,
    "mode": "local",
    "bind": "lan",
    "controlUi": {
      "enabled": true,
      "allowedOrigins": ["*"]
    }
  }
}                                                                     

## Root Cause Analysis
After investigation, found that the Control UI HTTP server binds to localhost (127.0.0.1) only, not to the same interface as the WebSocket gateway.

$ ss -tlnp | grep openclaw
LISTEN 0 511 0.0.0.0:18789 ← WebSocket gateway (all interfaces)
LISTEN 0 511 127.0.0.1:18791 ← Control UI (localhost ONLY)
LISTEN 0 511 127.0.0.1:18792 ← Unknown


The gateway WebSocket correctly binds to all interfaces (0.0.0.0), but the Control UI HTTP server is hardcoded to localhost (127.0.0.1), making it unreachable remotely.

### Steps to reproduce

1. Update to OpenClaw v2026.2.26
2. Configure gateway.bind to "lan" or "auto"
3. Set gateway.controlUi.allowedOrigins to ["*"]
4. Attempt to access Control UI via Tailscale URL
5. Observe origin not allowed error

### Expected behavior

## Expected Behavior                                                  
Access the Control UI via Tailscale URL

### Actual behavior

## Actual Behavior                                                    
WebSocket connection is rejected with error:  origin not allowed (open the Control UI from the gateway host or allow it in gateway.controlUi.allowedOrigins)   

### OpenClaw version

OpenClaw version: 2026.2.26

### Operating system

OS: Linux 6.8.0-101-generic (x64)

### Install method

_No response_

### Logs, screenshots, and evidence

```shell

Impact and severity

No response

Additional information

  • This worked in previous version (2026.2.22-2)
  • Setting gateway.bind to different modes ("auto", "tailnet", "lan") does not affect Control UI binding
  • The gateway.controlUi.allowedOrigins setting appears to be ignored for remote access
  1. Update to OpenClaw v2026.2.26
  2. Configure gateway.bind to "lan" or "tailnet"
  3. Set gateway.controlUi.allowedOrigins to ["*"]
  4. Attempt to access Control UI via Tailscale URL
  5. Observe origin not allowed error

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingregressionBehavior that previously worked and now fails

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions