#Gateway not reachable

I just got openclaw, I'm running o4-mini on it which i'm hosting on azure (i'll upgrade to 5.4 or something when my quota request is approved). anyways, everything seems to work aside from the gateway. whenever i do gateway status, it says its not reachable. there was like one time it briefly said reachable, but when I sent a message in telegram, nothing happened, then I checked again, and it was back to not reachable. any help would be much appreciated. thanks!

First thing: what version are you on?

openclaw --version

Then please run/paste this bundle — it’ll tell us whether the gateway is crashing, not installed/running, or running but unreachable:

openclaw status --all
openclaw gateway status
openclaw gateway probe
openclaw doctor
openclaw channels status --probe

Then tail logs, send one Telegram message, and paste the error lines that appear:

openclaw logs --follow

If logs won’t attach because the gateway is down:

tail -f "$(ls -t /tmp/openclaw/openclaw-*.log | head -1)"

Two likely branches:

• If gateway status says Runtime not running → the gateway service is crashing/stopping.
• If gateway is reachable but Telegram doesn’t reply → check pairing/allowlist:

openclaw pairing list --channel telegram

Docs for the exact triage flow: https://docs.openclaw.ai/help/troubleshooting and https://docs.openclaw.ai/gateway/troubleshooting

OpenClaw status --all

                                           |

| Config | ~.openclaw\openclaw.json
| Dashboard | http://127.0.0.1:18789/
| Tailscale exposure | off
| Channel | stable (default)
| Update | pnpm · npm latest unknown
| Gateway | local · ws://127.0.0.1:18789 (local loopback) · unreachable (missing scope: operator.read) |
| Security | Run: openclaw security audit --deep |
| Gateway self | unknown |
| Gateway service | Scheduled Task installed · registered · running (pid 43140, Startup-folder login item |
| | installed; listener detected on port 18789.)
| Node service | Scheduled Task not installed
| Agents | 1 total · 1 bootstrapping · 1 active · 2 sessions
| Secrets | none

Agents

| Agent | Bootstrap file | Sessions | Active | Store |

| main | PRESENT | 2 | 8m ago | ~.openclaw\agents\main\sessions\sessions.json

Diagnosis (read-only)

Gateway connection details:
Gateway target: ws://127.0.0.1:18789
Source: local loopback
Config: C:\Users\karle.openclaw\openclaw.json
Bind: loopback

✓ Config: C:\Users\karle.openclaw\openclaw.json
✓ Secret diagnostics (0)
✓ Restart sentinel: none
! Port 18789
Port 18789 is already in use.

• pid 43140: node.exe (127.0.0.1:18789)
• Another process is listening on this port.
  ! Tailscale exposure: off · daemon unknown
  ✓ Skills: 8 eligible · 0 missing · C:\Users\karle.openclaw\workspace
  ✓ Plugin compatibility (none)
  ! Channel issues skipped (gateway unreachable)

Gateway health:
missing scope: operator.read

This is a useful clue: the gateway process is running — pid 43140 is listening on 127.0.0.1:18789.

The weird part is:

missing scope: operator.read

So this looks less like “gateway dead” and more like your CLI can connect, but only with limited/no operator scope, so diagnostics can’t read health/channel status.

Try this next:

openclaw gateway probe
openclaw devices list

If devices list shows a pending operator / CLI / browser request, approve the exact request id:

openclaw devices approve <requestId>

Then rerun:

openclaw gateway probe
openclaw channels status --probe

For Telegram specifically, DMs usually require pairing before messages are processed:

openclaw pairing list telegram
openclaw pairing approve telegram <CODE>

Also: the Port 18789 is already in use line is probably just the running gateway itself, not necessarily a conflict, because it names the same node.exe gateway PID.

Docs: https://docs.openclaw.ai/cli/gateway and https://docs.openclaw.ai/channels/pairing

Gateway Status
Reachable: yes
Capability: connected-no-operator-scope
Probe budget: 3000ms

Warning:

• Read-probe diagnostics are limited by gateway scopes (missing operator.read). Connection succeeded, but read-only status calls are incomplete. Hint: pair device identity or use credentials with operator.read.

Discovery (this machine)
Found 0 gateways via Bonjour (local.)
Tip: if the gateway is remote, mDNS won’t cross networks; use Wide-Area Bonjour (split DNS) or SSH tunnels.

Targets
Local loopback ws://127.0.0.1:18789
Connect: ok (16ms) · Capability: connect-only · Read probe: limited - missing scope: operator.read

PS C:\windows\system32> openclaw devices list

🦞 OpenClaw 2026.4.26 (be8c246) — I'm not saying your workflow is chaotic... I'm just bringing a linter and a helmet.

|
o
Paired (1)
+------------------+------------+------------------------------------------------------------+------------+------------+
| Device | Roles | Scopes | Tokens | IP |
+------------------+------------+------------------------------------------------------------+------------+------------+
| 5d5fef4ec174791e | operator | operator.admin, operator.read, operator.write, operator. | operator | |
| 20e82da2be98cd70 | | approvals, operator.pairing, operator.talk.secrets | | |
| 3b69edaee57682cd | | | | |
| 1573c9bcb00df08b | | | | |
+------------------+------------+------------------------------------------------------------+------------+------------+
PS C:\windows\system32>

Nice, that narrows it down: gateway is reachable. The scary bit is only the diagnostic read scope:

Reachable: yes
Capability: connected-no-operator-scope
missing operator.read

Also, Paired (1) means that device table is just wrapping in PowerShell — it’s one paired operator device, not four.

Next I’d run:

openclaw doctor

If doctor mentions stale/missing device auth or token drift, follow its exact suggested command. For your shown device, the likely repair is:

openclaw devices rotate --device 5d5fef4ec174791e --role operator
openclaw gateway probe

Don’t paste any output if it includes a token/secret.

Then debug Telegram separately:

openclaw channels status --probe
openclaw pairing list telegram

If Telegram shows a pending pairing code:

openclaw pairing approve telegram <CODE>

One more clue: your status shows main | Bootstrap file PRESENT | bootstrapping. If gateway/channel auth checks out but messages still don’t reply, paste the openclaw doctor output plus the log lines from:

openclaw logs --follow

Docs: https://docs.openclaw.ai/help/troubleshooting

Health check failed: gateway timeout after 10000ms
Gateway target: ws://127.0.0.1:18789
Source: local loopback
Config: C:\Users\karle.openclaw\openclaw.json
Bind: loopback

That’s a different failure now: the port exists, but the Gateway isn’t answering the health RPC within 10s. So not Azure/firewall — it’s the local Gateway process wedging or stuck during startup/work.

Try a clean restart and longer probe:

openclaw gateway restart
Start-Sleep -Seconds 5
openclaw gateway status --deep
openclaw gateway probe
openclaw health --verbose --timeout 30000

Then check Telegram separately:

openclaw channels status --probe --timeout 30000