If you've ever opened OpenClaw and gotten no response, seen a "gateway unreachable" error, or wondered why your Telegram bot stopped working after a reboot — the gateway is almost always involved.
But most documentation assumes you already know what the gateway is. This guide doesn't. Start here.
What Is the Gateway?
The OpenClaw gateway is a local background service — a small web server that runs on your machine and acts as the central hub for everything OpenClaw does.
Think of it this way:
Every message you send, every tool your agent runs, every channel it listens on — all of it flows through the gateway. When the gateway is down, nothing works. When it's misconfigured, things work inconsistently. When it's running clean, it's invisible.
What the Gateway Actually Does
- Routes inbound messages from Telegram, WhatsApp, Discord, iMessage, etc. to your agents
- Handles authentication — verifies who's allowed to talk to your agents and how
- Manages sessions — keeps track of which conversation is which
- Runs the web UI — the dashboard at
http://127.0.0.1:18789is served by the gateway - Executes tool calls — when your agent needs to run a shell command, read a file, or call a web API, the gateway coordinates it
- Loads plugins and channels — channel integrations (Telegram bot, Discord, etc.) are gateway plugins
Simple rule: If OpenClaw isn't responding, check the gateway first. 80% of the time, that's the problem.
Checking Gateway Status
The fastest diagnostic is one command:
openclaw gateway statusThis tells you:
- Whether the gateway is running (and its PID)
- Whether it's reachable at its configured address
- Which channels are connected and their state
- Any configuration warnings or security issues
- Session count and active agents
For a deeper diagnostic:
openclaw status --deepThis runs active connectivity tests against each channel, verifies tokens, and checks external reachability.
Starting, Stopping, and Restarting
# Check status
openclaw gateway status
# Start the gateway
openclaw gateway start
# Stop the gateway
openclaw gateway stop
# Restart (most common fix)
openclaw gateway restartAfter any config change to openclaw.json — adding a channel, changing a token, updating a model — you need to restart the gateway for changes to take effect. This is the single most common "why isn't my change working?" answer.
Making the Gateway Start Automatically
By default, you have to manually start the gateway after a reboot. For a machine you want running 24/7, that's not acceptable. The fix is to install the gateway as a system service.
On Linux (systemd):
openclaw gateway install
# Then enable and start it:
systemctl --user enable openclaw-gateway
systemctl --user start openclaw-gatewayOn macOS (launchd):
openclaw gateway install
# Starts automatically on loginVerify it survived a reboot: Restart your machine, then run openclaw gateway status. If it shows "running" without you doing anything — you're set.
WSL users (Windows Subsystem for Linux): The systemd service works but WSL doesn't start on Windows boot by default. You'll need to either start WSL manually, or use the Windows Task Scheduler to launch WSL + the gateway at startup. This is a common gap for NUC / Windows home server setups.
Common Problems and Fixes
openclaw gateway start or openclaw gateway restart. Check status after.openclaw.json but didn't restart the gateway.openclaw gateway restart — always required after config edits.openclaw gateway install then enable the service (see above).openclaw.json, restart gateway.gateway.bind in openclaw.json — should be "127.0.0.1:18789" for local-only. Run lsof -i :18789 to check for conflicts.openclaw gateway stop, then verify with ps aux | grep openclaw. Kill any lingering processes, then start fresh.The Gateway Config (What You Actually Need to Know)
Gateway settings live in ~/.openclaw/openclaw.json under the gateway key. The ones that matter most:
{
"gateway": {
"bind": "127.0.0.1:18789", // listen address — keep local unless you need remote
"authToken": "your-token", // required for remote access
"trustedProxies": [] // set if behind a reverse proxy
}
}Security note: If you change gateway.bind to expose it on a public IP (e.g. 0.0.0.0:18789), set a strong authToken and configure trustedProxies. An exposed gateway with no auth token is an open door to your entire machine.
Keeping the Gateway Healthy Long-Term
- Monthly restarts — even a healthy gateway benefits from a monthly restart to clear accumulated session state and release memory
- Monitor with status — add
openclaw gateway statusto your mental checklist when something feels off - Update carefully — always restart the gateway after OpenClaw updates; some updates change the gateway binary
- Log rotation — if you're running the gateway as a service, check that logs aren't filling your disk over time (
journalctl --user -u openclaw-gateway --disk-usageon systemd)
Once it's set up as a service and you understand the restart command — the gateway becomes invisible. You'll go weeks without thinking about it. That's the goal.
🦞 Gateway Giving You Trouble?
Gateway misconfiguration is one of the most common things we fix in ClawReady audits. If you're hitting persistent issues — channel not connecting, agents not responding, reboot survival — book a call and we'll sort it.
Book a Free 15-Min Call →