🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Telnyx Network

by @teamtelnyx

Private mesh networking and public IP exposure via Telnyx WireGuard infrastructure. Connect nodes securely or expose services to the internet.

Versionv1.0.0
Downloads1,498
TERMINAL
clawhub install telnyx-network

πŸ“– About This Skill


name: telnyx-network description: Private mesh networking and public IP exposure via Telnyx WireGuard infrastructure. Connect nodes securely or expose services to the internet. metadata: {"openclaw":{"emoji":"🌐","requires":{"bins":["wg"],"env":["TELNYX_API_KEY"]},"primaryEnv":"TELNYX_API_KEY"}}

Telnyx Network

Private mesh networking and public IP exposure via Telnyx WireGuard infrastructure.

Requirements

  • Telnyx API Key β€” Get one free
  • WireGuard installed on your machine
  • Agent Use (OpenClaw)

    WireGuard requires elevated permissions to create network interfaces. For OpenClaw to manage your mesh autonomously, run this once:

    sudo ./setup-sudoers.sh
    

    This adds a sudoers rule allowing WireGuard commands without password prompts. After setup, your agent can:

    # Agent can now do all of this without password prompts:
    ./setup.sh --region ashburn-va
    ./join.sh --name "my-node" --apply
    ./register.sh --name "my-node"
    ./teardown.sh
    

    What it does:

  • Adds /etc/sudoers.d/wireguard-
  • Only allows wg and wg-quick commands (not blanket sudo)
  • Can be removed anytime: sudo rm /etc/sudoers.d/wireguard-*
  • Without this setup, the agent can still create networks and generate configs, but you'll need to manually run sudo wg-quick up to connect.

    Two Modes

    Mesh Mode (Private)

    Connect multiple machines in a private network. Like Tailscale, but on Telnyx infrastructure.

    ./setup.sh --region ashburn-va
    ./join.sh --name "laptop"
    ./join.sh --name "server"  # run on server
    

    Now laptop and server can talk via 172.27.0.x

    Cost: $10/month (WireGuard Gateway)

    Expose Mode (Public)

    Get a public IP and expose services to the internet.

    ./setup.sh --region ashburn-va
    ./join.sh --name "server" --apply
    ./add-public-ip.sh
    ./expose.sh 443
    

    Now https://64.16.x.x:443 reaches your server

    Cost: $60/month (WireGuard Gateway + Internet Gateway)

    Commands

    | Command | Description | |---------|-------------| | sudo ./setup-sudoers.sh | Enable passwordless sudo for WireGuard (one-time, for agent use) | | ./setup.sh --region | Create network + WireGuard gateway | | ./join.sh --name | Add this machine to the mesh | | ./peers.sh | List all connected peers | | ./add-public-ip.sh | Add internet gateway (public IP) | | ./expose.sh | Open a port | | ./unexpose.sh | Close a port | | ./status.sh | Show full status | | ./teardown.sh | Delete everything | | ./register.sh --name | Register node in mesh registry | | ./discover.sh | Discover other nodes on mesh | | ./unregister.sh --name | Remove node from registry |

    Node Discovery

    Nodes on the mesh can find each other using a registry stored in Telnyx Storage. This enables OpenClaw instances to automatically discover and communicate with each other.

    Register This Node

    After joining the mesh, register your node so others can find it:

    ./register.sh --name "home-server"
    

    Discover Other Nodes

    Find all registered nodes on the mesh:

    ./discover.sh

    Output:

    NAME IP HOSTNAME REGISTERED

    home-server 172.27.0.1 macbook.local 2026-01-31 βœ…

    work-laptop 172.27.0.2 thinkpad 2026-01-31 βœ…

    JSON output for scripts

    ./discover.sh --json

    Unregister

    Remove a node from the registry:

    ./unregister.sh --name "old-server"
    

    Use Case: Multi-OpenClaw Communication

    # On OpenClaw A
    ./join.sh --name "openclaw-a" --apply
    ./register.sh --name "openclaw-a"

    On OpenClaw B

    ./join.sh --name "openclaw-b" --apply ./register.sh --name "openclaw-b"

    Either can now discover the other

    ./discover.sh

    β†’ Shows both openclaw-a and openclaw-b with their mesh IPs

    Direct communication works via mesh IPs

    curl http://172.27.0.2:18789/health # OpenClaw B's gateway

    This completes the "host-to-local node sessions" and "direct comms between OpenClaws" use cases.

    Regions

    | Region | Code | Location | |--------|------|----------| | US East | ashburn-va | Ashburn, VA | | US Central | chicago-il | Chicago, IL | | EU | frankfurt-de | Frankfurt, DE | | EU | amsterdam-nl | Amsterdam, NL |

    Get full list:

    ./setup.sh --region help
    

    Safety

    Blocked Ports (need --force)

  • 22 (SSH)
  • 23 (Telnet)
  • 3306 (MySQL)
  • 5432 (PostgreSQL)
  • 6379 (Redis)
  • 27017 (MongoDB)
  • Firewall

    Only explicitly exposed ports accept traffic on the WireGuard interface. All other ports are blocked by default.

    Configuration

    All state is stored in config.json:

    {
      "network_id": "...",
      "region": "ashburn-va",
      "wireguard_gateway": {
        "id": "...",
        "endpoint": "64.16.x.x:5107",
        "subnet": "172.27.0.1/24"
      },
      "internet_gateway": {
        "id": "...",
        "public_ip": "64.16.x.x"
      },
      "peers": [...],
      "exposed_ports": [443, 80]
    }
    

    Use Cases

    1. Connect OpenClaw Instances

    # On main server
    ./setup.sh --region ashburn-va
    ./join.sh --name "openclaw-main" --apply

    On secondary server

    ./join.sh --name "openclaw-backup" --apply

    Now they can communicate securely

    2. Expose Webhook Endpoint

    ./add-public-ip.sh
    ./expose.sh 443
    

    Configure your webhook URL as https://64.16.x.x/webhook

    3. Multi-Region Mesh

    ./setup.sh --region ashburn-va
    ./join.sh --name "us-east-server"

    Same network, different region gateway

    ./setup.sh --region frankfurt-de --name same-network ./join.sh --name "eu-server"

    Pricing

    | Component | Monthly Cost | |-----------|--------------| | WireGuard Gateway | $10 | | Internet Gateway | $50 | | Peers | Free | | Traffic | Free (beta) |

    Troubleshooting

    "Gateway still provisioning"

    Wait 5-10 minutes after setup for the gateway to be ready.

    "Connection refused"

  • Check WireGuard is running: sudo wg show
  • Check port is exposed: ./status.sh
  • Check firewall: sudo iptables -L -n
  • "Permission denied"

    WireGuard requires root. Run with sudo or use --apply flag.

    License

    MIT

    ⚑ When to Use

    TriggerAction
    ```bash
    # On main server
    ./setup.sh --region ashburn-va
    ./join.sh --name "openclaw-main" --apply
    # On secondary server
    ./join.sh --name "openclaw-backup" --apply
    # Now they can communicate securely
    ```
    ### 2. Expose Webhook Endpoint
    ```bash
    ./add-public-ip.sh
    ./expose.sh 443
    # Configure your webhook URL as https://64.16.x.x/webhook
    ```
    ### 3. Multi-Region Mesh
    ```bash
    ./setup.sh --region ashburn-va
    ./join.sh --name "us-east-server"
    # Same network, different region gateway
    ./setup.sh --region frankfurt-de --name same-network
    ./join.sh --name "eu-server"
    ```

    βš™οΈ Configuration

    All state is stored in config.json:

    {
      "network_id": "...",
      "region": "ashburn-va",
      "wireguard_gateway": {
        "id": "...",
        "endpoint": "64.16.x.x:5107",
        "subnet": "172.27.0.1/24"
      },
      "internet_gateway": {
        "id": "...",
        "public_ip": "64.16.x.x"
      },
      "peers": [...],
      "exposed_ports": [443, 80]
    }
    

    πŸ“‹ Tips & Best Practices

    "Gateway still provisioning"

    Wait 5-10 minutes after setup for the gateway to be ready.

    "Connection refused"

  • Check WireGuard is running: sudo wg show
  • Check port is exposed: ./status.sh
  • Check firewall: sudo iptables -L -n
  • "Permission denied"

    WireGuard requires root. Run with sudo or use --apply flag.