2026 OpenClaw Telegram and WhatsApp channels on MacLogin cloud Mac: pairing, dmPolicy, and probe troubleshooting
Teams that already finished openclaw onboard --install-daemon on a MacLogin mini often hit a different wall: openclaw gateway status is green, Control UI loads over SSH forwarding, but Telegram DMs stay silent and WhatsApp groups never trigger the agent. This 21 May 2026 runbook explains how to configure Telegram botToken + dmPolicy, relink WhatsApp QR sessions, and use openclaw channels status --probe with logs—not guesswork. You get a policy matrix, channel-specific steps, a symptom triage table, and region/proxy baselines for Hong Kong, Japan, Korea, Singapore, and United States nodes. Start from onboard + daemon bootstrap, add health curl monitoring, and use stderr triage when probes fail mysteriously. Links: help, pricing, VNC.
Who needs messaging channels on a leased gateway—and what “connected but mute” really means
The reader runs OpenClaw as an always-on agent front door for ops or revenue teams: alerts should land in Telegram, account managers want WhatsApp group mentions, and engineering still SSHes into the same Mac mini. The failure mode is subtle—channels register in config, yet human senders see no replies because pairing queues, mention rules, or stale webhooks block delivery.
- Pairing backlog: first DM requires
openclaw pairing listapproval; without it, policy rejects silently. - Token loading race: referencing
${TELEGRAM_BOT_TOKEN}without the variable present at gateway start yields 401 atgetMe. - WhatsApp QR drift: Baileys sessions expire; operators confuse “linked yesterday” with “valid now.”
- Group mention gates:
requireMentiondefaults leave groups quiet unless someone @-tags the bot. - Plugin/config clutter: recent regressions show empty channel lists when experimental
pluginsblocks channel init—doctor may suggest unsetting them.
openclaw status → openclaw gateway status → openclaw channels status --probe → openclaw logs --follow → openclaw doctor. Skipping probe and jumping to token rotation wastes hours.Channel policy matrix: dmPolicy, pairing, and group mention rules
Pick policies deliberately per environment; mixing production strictness with staging permissiveness on one gateway creates “works for Alice, not Bob” tickets.
| Channel | Control knob | Strict (prod) | Permissive (staging) | Common mistake |
|---|---|---|---|---|
| Telegram DM | dmPolicy + pairing |
Pairing required; approve per sender | Allowlist test bot chat only | Token valid but pairing never approved |
| Telegram groups | Privacy mode / mentions | Bot must be @-mentioned | Disable privacy via BotFather for lab | Expecting replies without mention |
| WhatsApp DM | Session + allowFrom | Explicit allow list | Single operator phone for pilot | Stale QR after lease handoff |
| WhatsApp groups | requireMention |
Mention required | Temporarily off for demo | High-volume group spam when off |
Prerequisites: healthy gateway before any channel token
Channels are not a shortcut around a broken daemon. Confirm:
openclaw gateway statusreports runtime running and RPC probe OK.- Loopback listener on 18789 matches your SSH tunnel recipe from the onboard article.
- Outbound HTTPS from the mini reaches
api.telegram.organd WhatsApp web endpoints—test withcurl -Ifrom the host, not your laptop. - Node semver pinned in CMDB (commonly 22.14+, newer gateways on 24.x).
Telegram: bot token, webhook cleanup, and pairing approval
Create a bot via @BotFather, copy the token, and place it in gateway channel config as plaintext during debugging if env injection races caused empty startup. If you previously used webhooks on the same token elsewhere, clear stale state:
curl "https://api.telegram.org/bot<TOKEN>/deleteWebhook"
Restart the gateway, then run openclaw channels status --probe. Send /start from a test account; if policy requires pairing, approve via openclaw pairing list telegram and the documented approve subcommand. Capture the approval event ID in your change ticket.
WhatsApp: QR relink, proxy env, and group mention drills
WhatsApp uses the gateway-linked web session. Open Control UI over your SSH tunnel or VNC per VNC guidance, start linking, scan QR within 60 seconds. If login returns 408, set reachable HTTPS_PROXY for the mini’s region and add NO_PROXY exceptions only when security approves.
After link, run a DM canary, then a group message that @-mentions the bot if requireMention is enabled. Random disconnect loops: openclaw gateway restart, relink if probes still fail.
Nine-step channel rollout from zero to verified replies
- Freeze a 20-minute window and announce in the channel covering HK/JP/KR/SG/US operators.
- Verify gateway health with status + curl probe runbook—not only UI gut feel.
- Write Telegram token into config; run
openclaw doctorbefore restart. - Delete stale Telegram webhook if migrating from another host.
- Restart gateway via launchd kickstart or approved reload script.
- Run
channels status --probeand archive JSON output to the ticket. - Approve pairing for the first DM sender; screenshot policy screen for auditors.
- Link WhatsApp QR; store session path and lease ID in CMDB.
- Run group + DM canaries; tail logs for 10 minutes before declaring success.
Probe triage matrix when status looks fine but users hear nothing
| Symptom | Probe / log signal | Likely cause | First fix |
|---|---|---|---|
Channel missing from openclaw status |
No telegram/whatsapp rows | Plugin block or config not loaded | openclaw config unset plugins; restart |
| Telegram 401 at startup | getMe returned 401 |
Bad token or env race | Inline token; regenerate via BotFather |
| DM ignored | Pairing pending in list | dmPolicy | Approve sender or relax staging policy |
| Group silent | No mention events in logs | requireMention |
@ bot or adjust policy temporarily |
| Replies minutes late | Stale TUI clients in doctor | Client backlog | openclaw doctor --fix |
| WhatsApp disconnect loop | Probe flaps connected/disconnected | Proxy or session corruption | Fix proxy; relink QR; restart gateway |
Region, proxy, and DNS baselines on MacLogin metros
Place the gateway near users and near messaging APIs. Illustrative RTT targets from a well-routed corporate network (measure yours):
| MacLogin region | Typical use | Watch-out |
|---|---|---|
| Hong Kong (HK) | Greater Bay ops bots | Cross-border proxy rules affecting WhatsApp web |
| Japan (JP) | Tokyo daytime support | IPv6 preference quirks—test curl -4 |
| Korea (KR) | Seoul engineering alerts | Corporate MITM replacing certs—pin carefully |
| Singapore (SG) | ASEAN hub groups | Low RTT but strict egress allowlists |
| United States (US) | Americas customers | Long Pacific path if users still in APAC |
Document HTTPS_PROXY, HTTP_PROXY, and NO_PROXY in the lease record when channels depend on them.
FAQ: channels vs hooks, multi-gateway, and security
Are channels the same as webhooks? Related but distinct—channels maintain messenger transports; HTTP webhooks are separate ingress. You may use both; do not disable one while debugging the other unless intentional.
Can I run two gateways on one mini? Avoid port 18789 collisions; prefer two leases or distinct loopback ports with explicit SSH maps.
Is storing botToken in config safe? Treat the mini as a secrets host: restrict SSH, rotate tokens on offboarding, prefer vault injection once env races are solved.
Does VNC help? Yes for QR scan UX; pairing still lives in CLI/UI commands.
Why Mac mini M4 on MacLogin fits always-on messaging gateways
Channels need a stable Node process, persistent session files, and outbound HTTPS—not a laptop that sleeps. Apple Silicon M4 minis keep thermals steady under polling loops, and MacLogin’s HK/JP/KR/SG/US footprint lets you place the gateway beside both users and APIs. Renting means you can spin a dedicated “channels only” mini with isolated WhatsApp sessions instead of overloading a developer’s daily driver machine.
Compare core counts and regions on pricing, and keep help open for SSH/VNC access patterns while you link messengers.
Run OpenClaw channels beside your users
Lease Apple Silicon in HK, JP, KR, SG, or US, finish onboard, then wire Telegram and WhatsApp with probe-backed confidence.