A complete guide to setting up OpenClaw on a VPS with Claude Max, secure VPN access, and automatic file sync to your laptop.
Create accounts, order a VPS, install Tailscale, set up SSH keys.
~30 minutesPaste a prompt into Claude Code — it SSHs into your VPS and installs everything automatically.
AutomatedThe manual steps — about 30 minutes of your time.
You need four accounts. Most are free. Follow each one in order:
| # | Service | What for | Cost |
|---|---|---|---|
| 1 | Claude Max | Powers your AI agent (Opus 4) | £80/mo |
| 2 | IONOS VPS | Server to run everything | ~£5/mo |
| 3 | Tailscale | Private VPN between devices | Free |
| 4 | GitHub | Workspace backup & versioning | Free |
Claude Max gives you access to Claude Opus 4 with high usage limits — this is what powers your AI agent.
This is the server your agent will live on — running 24/7 even when your laptop is off.
After ordering, IONOS will email you a VPS IP address (like 194.35.xx.xx) and a root password. Save both — you need them soon.
Tailscale creates a private encrypted network between your laptop and VPS. No port forwarding, no firewall headaches.
GitHub stores a backup of your agent’s workspace — its personality, skills, and memory. Free for private repos.
Already have a GitHub account? Skip this — just make sure you can log in.
This is the only time you need to SSH into the VPS directly. After this, everything goes through the VPN.
Mac: Press Cmd+Space, type “Terminal”, hit Enter
Windows: Press the Windows key, type “PowerShell”, hit Enter
Connect to your VPS using the IP and password from the IONOS email:
# Replace YOUR_VPS_IP with the IP from your IONOS email
ssh root@YOUR_VPS_IPIt’ll ask “Are you sure you want to continue connecting?” — type yes and press Enter.
Then paste or type the root password from the IONOS email (it won’t show as you type — that’s normal).
Once you’re logged into the VPS, run these two commands:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upIt’ll print a URL like https://login.tailscale.com/a/abc123...
Copy that URL and open it in your browser. Log into Tailscale with the same account you created in Step A1. This connects your VPS to your private network.
Type exit and press Enter to disconnect from the VPS.
If you have Homebrew installed:
brew install tailscaleOtherwise, download the app from tailscale.com/download and drag it to Applications.
Download the installer from tailscale.com/download and run it.
Sign in with the same Tailscale account you used in Step A2.
tailscale statusYou should see your VPS listed with a 100.x.x.x IP address. Write this down — that’s your VPS’s private IP from now on.
Test it:
# Replace with your actual Tailscale IP
ping 100.x.x.xIf you see replies, you’re connected. Press Ctrl+C to stop the ping.
Make sure you can SSH to the VPS through the VPN:
# Replace 100.x.x.x with your VPS's Tailscale IP
ssh root@100.x.x.xIf that works, exit and set up an SSH key so Claude Code can connect without passwords:
# On your LAPTOP (exit the VPS first if connected)
# Generate a key — press Enter at each prompt, no passphrase needed
ssh-keygen -t ed25519
# Copy it to your VPS (replace 100.x.x.x with your Tailscale IP)
ssh-copy-id root@100.x.x.xTest it:
ssh root@100.x.x.x "echo 'SSH key works!'"If it prints “SSH key works!” without asking for a password, you’re golden.
Mac (with Homebrew):
brew install nodeMac (without Homebrew) or Windows: Download from nodejs.org — pick the LTS version, run the installer.
npm install -g @anthropic-ai/claude-codeclaudeIt’ll open a browser window to authenticate with your Claude Max account. Sign in, approve the connection, and you’re set.
Nimbalyst is a free desktop app that gives you a visual workspace for Claude Code. It lets you view and edit markdown files, manage agent sessions on a kanban board, preview diagrams, and review changes your agent makes — all without touching a terminal.
.md files.
Your agent’s workspace (personality, skills, memory) will be backed up here. Version history means you can always roll back.
my-openclaw-workspaceLeave that page open — you’ll need the repo URL later (it looks like https://github.com/YOUR_USERNAME/my-openclaw-workspace.git).
git --version to check. Windows: download from git-scm.com.
That’s everything you need to do manually. You should now have:
ssh root@100.x.x.xNow move on to Part B — paste a single prompt into Claude Code and it handles everything else.
Open Claude Code on your laptop, paste the prompt below, and watch it set up your entire stack.
Open your terminal and type claude to start Claude Code. Then paste this prompt (edit the values in CAPS first):
I need you to set up OpenClaw on my VPS. Here are my details:
- VPS Tailscale IP: YOUR_TAILSCALE_IP (e.g. 100.64.0.2)
- My username for the VPS: YOUR_NAME (lowercase, no spaces)
- My GitHub repo: https://github.com/YOUR_USERNAME/my-openclaw-workspace.git
- My GitHub email: YOUR_EMAIL
Please SSH into the VPS at the Tailscale IP as root and do the following:
## 1. Base server setup
- apt update && apt upgrade -y
- Create a non-root user with my username, add to sudo and docker groups
- Install Docker CE and Docker Compose
- Install Node.js 20+ and pnpm globally (npm install -g pnpm)
- Install git
- Fix SSH rate limiting: add "MaxStartups 50:30:100" to /etc/ssh/sshd_config and restart sshd
## 2. Install OpenClaw
- As the non-root user, mkdir ~/openclaw && cd ~/openclaw
- Run: npx openclaw@latest init
- Follow the setup wizard
- Configure the model as anthropic/claude-opus-4-6
- I will provide the setup-token when you need it (run "claude setup-token" on my laptop)
- Start the gateway with docker compose up -d
- Verify: docker ps should show the gateway container as "Up"
## 3. Connect GitHub
- Configure git with my name and email
- Generate an SSH key on the VPS
- Show me the public key so I can add it to GitHub
- Link the OpenClaw workspace directory to my private repo
- Set up a cron job or git hook to auto-push workspace changes
## 4. Install Syncthing
- Install Syncthing on the VPS
- Set up as a systemd service running as my user
- Create ~/openclaw-files/ as a shared directory
- Configure Syncthing to only listen on the Tailscale interface
- Show me the device ID so I can pair it with my laptop
## 5. Lock down security
- Set up UFW firewall: allow SSH only from Tailscale range (100.64.0.0/10)
- Disable root password login via SSH
- Ensure all services (Syncthing UI on 8384) only bind to the Tailscale IP
## 6. Verify everything
- docker ps: OpenClaw gateway is "Up"
- Send a test message to agent via WhatsApp/Telegram
- Syncthing is running and ready to pair
- GitHub workspace backup is pushing
Go step by step. Ask me for input when needed (setup-token, QR code scanning, GitHub key approval, etc).After pasting the prompt, Claude Code will start SSHing into your VPS and running commands. It’ll pause and ask you for input at a few key moments:
Claude will ask you to run claude setup-token in a separate terminal. Copy the output and paste it back.
For WhatsApp: you’ll scan a QR code with your phone. For Telegram: you’ll create a bot via @BotFather and share the token.
Claude will show you a public key. Copy it, go to github.com/settings/ssh/new, paste it in, and click “Add SSH key”.
Claude will show you a Syncthing device ID. You’ll add this in the Syncthing app on your laptop to pair the devices.
This is the one thing you install locally (Claude can’t install apps on your laptop):
brew install syncthing
brew services start syncthingDownload from syncthing.net/downloads and run the installer.
http://localhost:8384 in your browser (Syncthing UI)dynamic to:# Replace with your VPS's Tailscale IP
tcp://100.x.x.x:22000~/openclaw-files)~/openclaw-files/business-proposal.md appears on your laptop. Open it in Word, Pages, Google Docs — whatever you prefer. Edit it there and changes sync back.
Run through this checklist:
Quick test command you can run in a terminal:
# Replace 100.x.x.x and YOUR_NAME with your values
ssh YOUR_NAME@100.x.x.x 'echo "Hello from your VPS!" > ~/openclaw-files/test.txt'
# Check it appeared on your laptop:
cat ~/openclaw-files/test.txt| Service | Cost |
|---|---|
| Claude Max | £80/month |
| IONOS VPS (M plan) | ~£5/month |
| Tailscale | Free |
| Syncthing | Free |
| GitHub (private repo) | Free |
| Nimbalyst | Free |
| Total | ~£85/month |
Message it on WhatsApp like texting a colleague:
Anything the agent writes lands in ~/openclaw-files/ on your laptop. Open in Nimbalyst for beautifully rendered markdown with diagrams and tables, or use Word, Pages, Google Docs — whatever you prefer.
Give it a personality, specific skills, and recurring tasks. Edit SOUL.md in the workspace to define who your agent is.
Ready to manage your agent with goals, task boards, and governance? Add Paperclip — an open-source dashboard that turns your agent into a managed employee.
Turn your OpenClaw agent into a managed employee. Set company goals, assign tasks on a kanban board, track heartbeats, and scale to multi-agent teams with org charts and budgets. Free, open source.
Check Tailscale is running on both devices: tailscale status. If the VPS isn’t listed, SSH in via the public IP temporarily and re-run tailscale up.
Your setup token expired. Run claude setup-token on your laptop, then on the VPS:
openclaw models auth paste-token --provider anthropic
# Paste the new token, then restart OpenClawCheck both devices show “Connected” in the Syncthing UI. Verify device addresses use tcp://TAILSCALE_IP:22000 not dynamic.
SSH in and run free -h. If under 1 GB free, consider upgrading the IONOS plan.
Your VPS may have aggressive SSH rate limiting. Fix it:
ssh root@YOUR_TAILSCALE_IP 'echo "MaxStartups 50:30:100" >> /etc/ssh/sshd_config && systemctl restart sshd'