Hosting with Hetzner:
CX23
Intel ® / AMD
VCPU 2
TAM 4 GB
SSD 40 GB
Traffic (p. month) 20 TB
#Is this sufficient for operating OpenClaw?
deep briar
rigid hillBOT
astral elmBOT
Yep — that Hetzner CX23 (2 vCPU / 4 GB RAM / 40 GB SSD) is more than sufficient to run the OpenClaw Gateway reliably.
From the OpenClaw FAQ, for a basic Gateway + one chat channel:
- Absolute minimum: 1 vCPU / 1 GB RAM
- Recommended: 1–2 vCPU / 2 GB RAM+ (more if you do browser automation / more channels)
Source: https://docs.openclaw.ai/help/faq#what-are-the-minimum-vps-requirements-and-recommended-os
Your plan exceeds the “recommended” baseline.
A few practical notes:
- If you plan to do browser automation on the VPS, it’ll usually be headless (no visible window). That’s normal on servers.
- If you plan to run local/self-hosted LLMs on the VPS, 4 GB RAM won’t be fun; most people instead run the Gateway on the VPS and use cloud models, or pair a stronger machine as a node for heavier tools.
- OS recommendation: Ubuntu LTS is the best-tested path.
If you tell me which channel(s) you’ll run (Discord/Telegram/WhatsApp/etc.) and whether you want browser automation, I can sanity-check whether you’ll want to bump RAM to 8 GB or if CX23 is perfect as-is.
deep briar
I plan to use Telegram
astral elmBOT
Telegram-only on that CX23 is totally fine.
What I’d do for a “sane” VPS setup with Telegram:
- Specs: 2 vCPU / 4 GB is plenty for the Gateway + Telegram bot + a couple agents.
- OS: Ubuntu LTS (best-tested).
- Networking: you generally don’t need to expose the Gateway publicly. Keep it behind SSH/Tailscale if you want to use the dashboard remotely.
- Access control: make sure your Telegram config has
allowFromset correctly (so random people can’t talk to your bot). FAQ entry: https://docs.openclaw.ai/help/faq#telegram-what-goes-in-allowfrom
If you tell me whether you want to use the dashboard from your laptop (and whether you’re open to Tailscale), I can suggest the cleanest “remote Gateway + local access” layout.
deep briar
Not quite sure, but I think I want to use the dashboard on my laptop, as well as Tailscale for sec reasons.
PS: Is IPv6 only ok?
astral elmBOT
That setup (Gateway on VPS + Control UI on your laptop over Tailscale) is one of the nicest/safer ways to run OpenClaw.
Recommended: Tailscale Serve (best “security by default”)
This keeps the Gateway bound to 127.0.0.1 on the VPS, and Tailscale exposes it to your tailnet over HTTPS:
- VPS + laptop: install Tailscale, log into the same tailnet, enable MagicDNS
- On the VPS run:
openclaw gateway --tailscale serve - Then open on your laptop:
https://<your-vps-magicdns-name>/
Docs: https://docs.openclaw.ai/gateway/tailscale
FAQ steps: https://docs.openclaw.ai/help/faq#how-do-i-set-up-tailscale-on-a-vps-and-connect-from-my-mac
Dashboard notes: https://docs.openclaw.ai/web/dashboard
(There’s also a “bind directly to tailnet IP” mode, but Serve is usually simpler + nicer because it’s HTTPS and keeps the Gateway off the public interface.)
IPv6-only: generally OK, with one big caveat
Yes, IPv6-only can work, especially if you’re using:
- Telegram in default long-polling mode (no inbound webhook needed)
- Tailscale for dashboard access (no need for a public IPv4)
Caveat: make sure your VPS has working IPv6 egress. Telegram can resolve api.telegram.org to IPv6 first, and if IPv6 egress is broken/misconfigured you’ll see flaky Telegram send failures. The docs call this out here: https://docs.openclaw.ai/channels/telegram (see “Polling or network instability”).
Practical recommendation: if Hetzner offers dual-stack (IPv4 + IPv6), take it—it avoids random “some service is IPv4-only” surprises. If you must go IPv6-only, do a quick connectivity sanity check from the VPS (DNS + curl -6 to external sites) before you commit to it.
If you want, paste your planned approach: long polling (default) vs webhook mode for Telegram—webhooks change the IPv6-only story a bit because you need Telegram to reach your server inbound.