Fix “Relay Not Reachable/Authenticated” in OpenClaw

What Does “Relay Not Reachable/Authenticated” Mean?

When you see the error relay not reachable/authenticated at start in the OpenClaw browser relay Chrome extension, it means the extension tried to connect to your OpenClaw gateway but either:

• Not reachable — The extension cannot reach the gateway URL at all (network issue, wrong URL, firewall, or gateway not running)
• Not authenticated — The extension reached the gateway but the authentication token was rejected (wrong token, expired, or misconfigured)

This is one of the most common errors users encounter when setting up the OpenClaw browser relay for Chrome. The error appears in the extension popup and prevents the relay from starting.

Quick Fix Checklist

Before diving into detailed troubleshooting, run through this quick checklist. Most “relay not reachable” errors are caused by one of these issues:

1. Is your OpenClaw gateway running? — Check with docker ps | grep openclaw. If the container is not running, start it with docker start openclaw.
2. Is the gateway URL correct? — The URL in the Chrome extension must match your gateway exactly (e.g., https://your-domain.com or http://localhost:18789).
3. Is the token correct? — Copy-paste the token from your openclaw.json config file. Even one extra space or newline will cause authentication to fail.
4. Is port 18789 accessible? — Check firewall rules and Docker port mapping (-p 18789:18789).
5. Are you using HTTPS? — Chrome blocks mixed content. If your site uses HTTPS, the gateway WebSocket must also be WSS (via a reverse proxy).

Fix 1: Verify the Gateway Token

The most common cause of the “not authenticated” part of this error is a token mismatch between the Chrome extension and the OpenClaw config. To verify your token:

# Check the token in your OpenClaw config
cat ~/.openclaw/openclaw.json | grep -A2 '"auth"'

# If using Docker, check inside the container
docker exec openclaw cat /home/node/.openclaw/openclaw.json | grep -A2 '"auth"'

The output should show your gateway auth token:

"auth": {
  "token": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Copy this token exactly and paste it into the Chrome extension's token field. Common mistakes:

• Extra spaces or newlines before/after the token
• Including the quotes in the pasted value
• Using a different token than what's in the config file
• The config file was not mounted correctly into Docker

Fix 2: Check Gateway Reachability

If the token is correct but you still see “relay not reachable,” the Chrome extension cannot reach your OpenClaw gateway over the network. Test connectivity:

# Test from your local machine
curl -v https://your-domain.com:18789

# Or if using a reverse proxy
curl -v https://your-domain.com

# Test from the server itself
curl -v http://localhost:18789

If the server responds but your browser cannot connect, common causes include:

• Firewall blocking port 18789 — On Ubuntu/Debian: sudo ufw allow 18789. On cloud providers, check the security group/firewall rules in the dashboard.
• Docker port not mapped — Ensure your Docker run command includes -p 18789:18789. Check with docker port openclaw.
• Reverse proxy not forwarding WebSocket — The browser relay uses WebSocket connections. Nginx needs proxy_set_header Upgrade $http_upgrade and proxy_set_header Connection "upgrade". Caddy handles this automatically.
• SSL certificate issue — If your gateway is behind HTTPS, ensure the certificate is valid. Self-signed certs will cause silent connection failures in Chrome.

Fix 3: Enable allowInsecureAuth

If you are connecting to the gateway remotely (not from localhost), you need to disable device-identity pairing. Without this, the gateway may reject the browser relay's connection even with a valid token.

{
  "gateway": {
    "controlUi": {
      "allowInsecureAuth": true
    },
    "auth": {
      "token": "your-secret-token-here"
    }
  }
}

After updating the config, restart OpenClaw:

docker restart openclaw

Then reconnect the Chrome extension. See our gateway pairing troubleshooting guide for a detailed explanation of this setting.

Fix 4: Reinstall the Chrome Extension

If none of the above fixes work, the Chrome extension itself may be in a bad state. Try a clean reinstall:

1. Open chrome://extensions/ in your browser
2. Find the OpenClaw browser relay extension and click Remove
3. Close and reopen Chrome
4. Go to the Chrome Web Store and search for "OpenClaw browser relay" or "ClawdBot browser relay"
5. Install the extension fresh
6. Enter your gateway URL and token, then click Connect

Fix 5: Check the OpenClaw Container Logs

The OpenClaw container logs often reveal exactly why the relay connection is failing:

# View the last 100 lines of logs
docker logs openclaw --tail 100

# Follow logs in real time while testing the connection
docker logs openclaw -f

Look for messages like:

• invalid token or authentication failed — Token mismatch
• pairing required — Need to enable allowInsecureAuth
• config parse error — Invalid JSON in openclaw.json
• EADDRINUSE — Port 18789 is already in use by another process

Common Scenarios and Solutions

Relay Was Working, Then Stopped

If the browser relay was previously working and suddenly shows “not reachable,” the most likely causes are:

• The OpenClaw container was restarted or crashed — check with docker ps -a
• Your server's IP address changed (common on cloud providers without a static IP)
• The SSL certificate expired (if using Let's Encrypt, check auto-renewal)
• Chrome updated and reset extension permissions

Relay Works on Localhost but Not Remotely

This is almost always a combination of missing allowInsecureAuth: true and/or firewall rules blocking port 18789. Follow Fix 2 and Fix 3 above.

Relay Shows “Connected” but Agent Cannot Browse

If the extension shows a green “Connected” status but your AI agent cannot use browser commands, the browser relay skill may not be enabled in your OpenClaw configuration. Check that the browser relay skill is installed and active in your OpenClaw setup.

The Easy Way: Use OpenClaw Launch

Debugging relay connections, token mismatches, firewall rules, and WebSocket proxying is time-consuming. OpenClaw Launch eliminates all of these issues with managed hosting that handles gateway configuration, SSL, and authentication automatically.

With OpenClaw Launch, your browser relay connects on the first try because the gateway URL, token, and HTTPS are all pre-configured. No firewall debugging, no token copy-paste errors, no WebSocket proxy configuration.

Frequently Asked Questions

Why does my OpenClaw browser relay say “not reachable”?

The “relay not reachable” error means the Chrome extension cannot establish a connection to your OpenClaw gateway. Common causes: the gateway is not running, the URL is wrong, a firewall is blocking port 18789, or HTTPS/WebSocket is not configured correctly on your reverse proxy.

How do I verify my OpenClaw browser relay token?

Check the token in your config file with cat ~/.openclaw/openclaw.json | grep -A2 auth. If using Docker, run docker exec openclaw cat /home/node/.openclaw/openclaw.json. Copy the exact token value (without quotes) and paste it into the Chrome extension.

Does the OpenClaw browser relay work with Chrome and other browsers?

The OpenClaw browser relay extension is available for Chrome and Chromium-based browsers (Edge, Brave, Arc). Search for “OpenClaw browser relay” or “ClawdBot browser relay” in the Chrome Web Store.

Can I use the OpenClaw browser relay without a Chrome extension?

OpenClaw also supports headless browser automation without the Chrome extension. However, the Chrome extension provides the most seamless experience for interactive browsing. For server-side automation without a browser UI, see the OpenClaw browser automation guide.

Related Guides

• OpenClaw Browser Relay & Chrome Extension Setup — Initial setup guide
• Fix Gateway “Pairing Required” Error — Related gateway authentication issue
• OpenClaw Gateway Token Setup — Complete guide to configuring your gateway token
• OpenClaw Browser Automation — Automate web tasks with your AI agent