OpenClaw Security: Docker + Tailscale Sandbox Setup (2026)

Exposing OpenClaw to the public internet is asking for trouble. Every exposed instance is a target for automated attacks, credential stuffing, and CVE exploitation.

The solution? Don’t expose it. Run OpenClaw in a Docker container with Tailscale mesh networking—private, encrypted, and accessible only to authorized devices. No public IPs. No open ports. No attack surface.

Here’s the complete 2026 setup guide for a secure OpenClaw sandbox.

Architecture Overview

┌─────────────────┐     Tailscale      ┌──────────────────┐
│ Your Laptop     │◄─────mesh VPN─────►│ OpenClaw Server  │
│ (Tailscale IP)  │    100.x.x.x       │ (Docker +        │
└─────────────────┘    encrypted        │  Tailscale sidecar)│
                       WireGuard        └──────────────────┘
                              │
                              │ No public internet
                              ▼
                       ┌──────────────┐
                       │ Anthropic API│
                       │ (egress only)│
                       └──────────────┘

Key principles:

1. No public ingress: Zero open ports on the internet
2. Egress filtering: Only required APIs can be reached
3. Mesh networking: Authorized devices connect directly via Tailscale
4. Container isolation: Filesystem and process isolation via Docker

Prerequisites

• A server (any cloud VM or local machine)
• Docker and Docker Compose installed
• Tailscale account (free tier sufficient)
• Anthropic API key

Step 1: Tailscale Setup

Install Tailscale on Your Server

# Ubuntu/Debian
curl -fsSL https://tailscale.com/install.sh | sh

# Enable and start
sudo systemctl enable --now tailscaled

# Authenticate (generates auth key for headless)
sudo tailscale up --advertise-exit-node --accept-dns

Create Auth Key for Docker

Generate a reusable auth key in the Tailscale admin console:

1. Go to Settings → Keys
2. Generate auth key
3. Enable: Reusable, Ephemeral, Pre-approved
4. Tags: tag:openclaw
5. Copy the key (starts with tskey-auth-)

Save this key securely—you’ll need it for the Docker container.

Install Tailscale on Your Devices

# macOS
brew install --cask tailscale

# Windows
# Download from tailscale.com/download

# Linux
curl -fsSL https://tailscale.com/install.sh | sh

Connect all devices to the same Tailnet. They’ll get 100.x.x.x IPs that work from anywhere.

Step 2: Docker Configuration

Dockerfile with Tailscale Sidecar

# Dockerfile.openclaw
FROM ghcr.io/all-hands-ai/openclaw:2026.2.23

# Install Tailscale
USER root
RUN apt-get update && apt-get install -y \
    curl \
    iptables \
    iproute2 \
    && rm -rf /var/lib/apt/lists/*

# Download and install Tailscale
RUN curl -fsSL https://tailscale.com/install.sh | sh

# Create non-root user for OpenClaw
RUN useradd -m -s /bin/bash openclaw

# Setup directories
RUN mkdir -p /var/run/tailscale /var/cache/tailscale /var/lib/tailscale
RUN chown -R openclaw:openclaw /workspace

# Copy startup script
COPY start.sh /usr/local/bin/start.sh
RUN chmod +x /usr/local/bin/start.sh

USER openclaw
WORKDIR /workspace

ENTRYPOINT ["/usr/local/bin/start.sh"]

Startup Script

#!/bin/bash
# start.sh - runs inside container

# Start Tailscale in background
sudo tailscaled --tun=userspace-networking --socks5-server=localhost:1055 &

# Wait for tailscaled
sleep 2

# Authenticate with auth key
sudo tailscale up --authkey=${TAILSCALE_AUTH_KEY} --hostname=openclaw-sandbox --accept-dns

# Verify connection
echo "Tailscale IP: $(tailscale ip -4)"

# Start OpenClaw
exec openclaw-agent --workspace /workspace

Docker Compose Configuration

# docker-compose.yml
version: '3.8"

services:
  openclaw:
    build:
      context: .
      dockerfile: Dockerfile.openclaw
    container_name: openclaw-sandbox
    
    # Security: No ports exposed publicly
    # Access via Tailscale 100.x.x.x IP only
    
    environment:
      # Required API keys
      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
      - GITHUB_TOKEN=${GITHUB_TOKEN}
      
      # Tailscale auth
      - TAILSCALE_AUTH_KEY=${TAILSCALE_AUTH_KEY}
      
      # OpenClaw settings
      - OPENCLAW_WORKSPACE=/workspace
      - OPENCLAW_MODE=sandbox
    
    volumes:
      # Persistent workspace
      - openclaw-workspace:/workspace
      
      # Config files (read-only)
      - ./config:/config:ro
      
      # Logs
      - ./logs:/var/log/openclaw
    
    # Resource limits
    deploy:
      resources:
        limits:
          cpus: '2.0"
          memory: 4G
        reservations:
          cpus: '0.5"
          memory: 1G
    
    # Security options
    security_opt:
      - no-new-privileges:true
    
    cap_drop:
      - ALL
    cap_add:
      - NET_ADMIN  # Required for Tailscale
      - NET_RAW
    
    # Network isolation
    networks:
      - openclaw-net
    
    # DNS through Tailscale
    dns:
      - 100.100.100.100  # Tailscale DNS
    
    restart: unless-stopped

volumes:
  openclaw-workspace:

networks:
  openclaw-net:
    driver: bridge
    internal: true  # No default internet access

Step 3: Network Isolation

Egress Filtering

Restrict outbound connections to required APIs only:

# Add to docker-compose.yml services
services:
  openclaw:
    # ... other config ...
    
    # Custom network with egress control
    networks:
      - openclaw-isolated

networks:
  openclaw-isolated:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: openclaw-br

Firewall Rules (Host Level)

#!/bin/bash
# setup-firewall.sh - run on host

# Flush existing rules
sudo iptables -F
sudo iptables -X

# Default deny
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP

# Allow loopback
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT

# Allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# Allow Tailscale
sudo iptables -A INPUT -i tailscale0 -j ACCEPT
sudo iptables -A OUTPUT -o tailscale0 -j ACCEPT

# Allow DNS (required for Tailscale)
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

# Allow HTTPS to specific APIs only
sudo iptables -A OUTPUT -p tcp --dport 443 -d api.anthropic.com -j ACCEPT
sudo iptables -A OUTPUT -p tcp --dport 443 -d api.github.com -j ACCEPT

# Save rules
sudo iptables-save > /etc/iptables/rules.v4

Step 4: Accessing Your Sandbox

From Your Laptop

Once connected to Tailscale:

# Get the Tailscale IP of your OpenClaw container
tailscale status
# Look for openclaw-sandbox

# SSH into the server (if needed)
ssh [email protected]  # Replace with actual IP

# Or access OpenClaw directly via Tailscale
# (if running web interface)
curl http://100.x.x.x:3000

SSH Over Tailscale

More secure than traditional SSH:

# On your server, enable SSH in Tailscale
sudo tailscale up --ssh

# From any authorized device
tailscale ssh user@openclaw-sandbox

No SSH keys to manage. No open port 22. Authentication through Tailscale’s identity provider.

Step 5: Verification & Testing

Verify Network Isolation

# Enter the container
docker exec -it openclaw-sandbox bash

# Try to reach the internet (should fail)
ping google.com
# Expected: ping: google.com: Temporary failure in name resolution

# Try to reach allowed APIs (should work)
curl -I https://api.anthropic.com
# Expected: HTTP/2 200

# Check Tailscale connection
tailscale status
# Expected: Connected, with 100.x.x.x IP

Test File Isolation

# Inside container
touch /workspace/test-file.txt
ls /
# Should see limited filesystem (no /etc access in chroot if configured)

Security Benefits Summary

Troubleshooting

Tailscale Won’t Connect

# Check logs
docker logs openclaw-sandbox | grep -i tailscale

# Verify auth key is valid
tailscale status  # inside container

# Common fix: Reset state
sudo tailscale down
sudo tailscale up --authkey=${TAILSCALE_AUTH_KEY}

OpenClaw Can’t Reach APIs

# Verify egress rules
sudo iptables -L -v -n | grep 443

# Test from container
docker exec -it openclaw-sandbox curl -v https://api.anthropic.com

Container Exits Immediately

# Check for port conflicts
docker-compose logs openclaw

# Verify environment variables are set
echo $ANTHROPIC_API_KEY
echo $TAILSCALE_AUTH_KEY

Pre-Configured Secure Containers

Setting this up correctly takes 4-6 hours of careful configuration and testing. Each layer—Docker hardening, Tailscale integration, egress filtering, seccomp profiles—requires expertise and ongoing maintenance.

On ShipTasks, every deployment includes:

• Container isolation by default—each agent runs in its own sandbox
• Private networking—no public exposure, mesh VPN between components
• Egress filtering—only required APIs accessible
• Automatic security updates—containers patched without downtime
• Audit logging—every action recorded to tamper-proof storage

The Docker + Tailscale configuration above is exactly what runs under the hood—minus the setup complexity.

Deploy pre-configured secure containers. ShipTasks provides Docker sandboxing and private networking by default—so you get zero-trust security without the configuration headache.

Related: OpenClaw Security 2026: All CVEs + Hardening Checklist | Preventing Rogue OpenClaw Agents