Telnyx Network:为 Openclaw Skills 打造的安全 WireGuard Mesh 网络
作者:互联网
2026-04-06
AI教程
什么是 Telnyx Network?
Telnyx Network 技能提供了一种流式方法,利用 Telnyx 的全球 WireGuard 基础设施来管理私有网格网络和公网 IP 暴露。它专为增强 Openclaw Skills 而构建,为代理通信和外部服务暴露提供安全的加密隧道。无论您是在本地机器还是云服务器上运行代理,此技能都能管理网关和对等连接的基础设施生命周期。
通过利用此技能,开发人员可以克服传统的网络障碍,如 NAT 穿透和复杂的防火墙配置。它既支持用于内部节点间流量的私有网格模式(Mesh Mode),也支持用于分配公网 IP 的暴露模式(Expose Mode),使其成为任何需要高性能、低延迟连接的分布式代理架构的通用工具。
下载入口:https://github.com/openclaw/skills/tree/main/skills/teamtelnyx/telnyx-network
安装与下载
1. ClawHub CLI
从源直接安装技能的最快方式。
npx clawhub@latest install telnyx-network
2. 手动安装
将技能文件夹复制到以下位置之一
全局模式~/.openclaw/skills/
工作区
/skills/ 优先级:工作区 > 本地 > 内置
3. 提示词安装
将此提示词复制到 OpenClaw 即可自动安装。
请帮我使用 Clawhub 安装 telnyx-network。如果尚未安装 Clawhub,请先安装(npm i -g clawhub)。
Telnyx Network 应用场景
- 在不同地理区域安全地连接多个 Openclaw Skills 实例,以进行分布式任务处理。
- 通过专用、稳定的公网 IP 地址将本地开发服务器或 Webhook 暴露给公共互联网。
- 构建用于节点发现的私有注册表,以促进自主代理之间的直接点对点通信。
- 创建多区域网格网络,以确保代理服务的架构高可用性。
- 用户通过选择首选区域(例如 ashburn-va 或 frankfurt-de)并部署 Telnyx WireGuard 网关来初始化网络。
- 通过脚本配置本地 sudoers 权限,允许代理在无需手动输入密码的情况下管理网络接口和 WireGuard 命令。
- 将特定节点加入网格,使用 WireGuard 协议建立私有的加密隧道。
- 节点在云端发现注册表中注册,允许其他 Openclaw Skills 实例使用网格 IP 查找并与之通信。
- 如果需要,可以附加互联网网关(Internet Gateway)以提供公网 IP 并为外部流量开放特定端口。
Telnyx Network 配置指南
确保您拥有 Telnyx API 密钥并在机器上安装了 WireGuard。为了允许 Openclaw Skills 自主管理网络,请先运行 sudoers 设置:
sudo ./setup-sudoers.sh
在特定区域初始化您的网关:
./setup.sh --region ashburn-va
将您的本地机器加入网格网络:
./join.sh --name "my-node" --apply
最后,注册节点以便其他代理可以发现它:
./register.sh --name "my-node"
Telnyx Network 数据架构与分类体系
该技能在本地 config.json 文件中维护所有状态和配置,以管理网络生命周期。
| 属性 | 描述 |
|---|---|
network_id |
Telnyx 上虚拟网络的唯一标识符 |
region |
网络网关的部署区域 |
wireguard_gateway |
包含网关 ID、终结点 IP 和子网的对象 |
internet_gateway |
包含公网 IP 详情的对象(如果启用了暴露模式) |
peers |
所有已连接节点及其对应网格 IP 的列表 |
exposed_ports |
当前允许通过防火墙的端口数组 |
name: telnyx-network
description: Private mesh networking and public IP exposure via Telnyx WireGuard infrastructure. Connect nodes securely or expose services to the internet.
metadata: {"openclaw":{"emoji":"??","requires":{"bins":["wg"],"env":["TELNYX_API_KEY"]},"primaryEnv":"TELNYX_API_KEY"}}
Telnyx Network
Private mesh networking and public IP exposure via Telnyx WireGuard infrastructure.
Requirements
- Telnyx API Key — Get one free
- WireGuard installed on your machine
Agent Use (OpenClaw)
WireGuard requires elevated permissions to create network interfaces. For OpenClaw to manage your mesh autonomously, run this once:
sudo ./setup-sudoers.sh
This adds a sudoers rule allowing WireGuard commands without password prompts. After setup, your agent can:
# Agent can now do all of this without password prompts:
./setup.sh --region ashburn-va
./join.sh --name "my-node" --apply
./register.sh --name "my-node"
./teardown.sh
What it does:
- Adds
/etc/sudoers.d/wireguard- - Only allows
wgandwg-quickcommands (not blanket sudo) - Can be removed anytime:
sudo rm /etc/sudoers.d/wireguard-*
Without this setup, the agent can still create networks and generate configs, but you'll need to manually run sudo wg-quick up to connect.
Two Modes
Mesh Mode (Private)
Connect multiple machines in a private network. Like Tailscale, but on Telnyx infrastructure.
./setup.sh --region ashburn-va
./join.sh --name "laptop"
./join.sh --name "server" # run on server
# Now laptop and server can talk via 172.27.0.x
Cost: $10/month (WireGuard Gateway)
Expose Mode (Public)
Get a public IP and expose services to the internet.
./setup.sh --region ashburn-va
./join.sh --name "server" --apply
./add-public-ip.sh
./expose.sh 443
# Now https://64.16.x.x:443 reaches your server
Cost: $60/month (WireGuard Gateway + Internet Gateway)
Commands
| Command | Description |
|---|---|
sudo ./setup-sudoers.sh |
Enable passwordless sudo for WireGuard (one-time, for agent use) |
./setup.sh --region |
Create network + WireGuard gateway |
./join.sh --name |
Add this machine to the mesh |
./peers.sh |
List all connected peers |
./add-public-ip.sh |
Add internet gateway (public IP) |
./expose.sh |
Open a port |
./unexpose.sh |
Close a port |
./status.sh |
Show full status |
./teardown.sh |
Delete everything |
./register.sh --name |
Register node in mesh registry |
./discover.sh |
Discover other nodes on mesh |
./unregister.sh --name |
Remove node from registry |
Node Discovery
Nodes on the mesh can find each other using a registry stored in Telnyx Storage. This enables OpenClaw instances to automatically discover and communicate with each other.
Register This Node
After joining the mesh, register your node so others can find it:
./register.sh --name "home-server"
Discover Other Nodes
Find all registered nodes on the mesh:
./discover.sh
# Output:
# NAME IP HOSTNAME REGISTERED
# home-server 172.27.0.1 macbook.local 2026-01-31 ?
# work-laptop 172.27.0.2 thinkpad 2026-01-31 ?
# JSON output for scripts
./discover.sh --json
Unregister
Remove a node from the registry:
./unregister.sh --name "old-server"
Use Case: Multi-OpenClaw Communication
# On OpenClaw A
./join.sh --name "openclaw-a" --apply
./register.sh --name "openclaw-a"
# On OpenClaw B
./join.sh --name "openclaw-b" --apply
./register.sh --name "openclaw-b"
# Either can now discover the other
./discover.sh
# → Shows both openclaw-a and openclaw-b with their mesh IPs
# Direct communication works via mesh IPs
curl http://172.27.0.2:18789/health # OpenClaw B's gateway
This completes the "host-to-local node sessions" and "direct comms between OpenClaws" use cases.
Regions
| Region | Code | Location |
|---|---|---|
| US East | ashburn-va |
Ashburn, VA |
| US Central | chicago-il |
Chicago, IL |
| EU | frankfurt-de |
Frankfurt, DE |
| EU | amsterdam-nl |
Amsterdam, NL |
Get full list:
./setup.sh --region help
Safety
Blocked Ports (need --force)
- 22 (SSH)
- 23 (Telnet)
- 3306 (MySQL)
- 5432 (PostgreSQL)
- 6379 (Redis)
- 27017 (MongoDB)
Firewall
Only explicitly exposed ports accept traffic on the WireGuard interface. All other ports are blocked by default.
Configuration
All state is stored in config.json:
{
"network_id": "...",
"region": "ashburn-va",
"wireguard_gateway": {
"id": "...",
"endpoint": "64.16.x.x:5107",
"subnet": "172.27.0.1/24"
},
"internet_gateway": {
"id": "...",
"public_ip": "64.16.x.x"
},
"peers": [...],
"exposed_ports": [443, 80]
}
Use Cases
1. Connect OpenClaw Instances
# On main server
./setup.sh --region ashburn-va
./join.sh --name "openclaw-main" --apply
# On secondary server
./join.sh --name "openclaw-backup" --apply
# Now they can communicate securely
2. Expose Webhook Endpoint
./add-public-ip.sh
./expose.sh 443
# Configure your webhook URL as https://64.16.x.x/webhook
3. Multi-Region Mesh
./setup.sh --region ashburn-va
./join.sh --name "us-east-server"
# Same network, different region gateway
./setup.sh --region frankfurt-de --name same-network
./join.sh --name "eu-server"
Pricing
| Component | Monthly Cost |
|---|---|
| WireGuard Gateway | $10 |
| Internet Gateway | $50 |
| Peers | Free |
| Traffic | Free (beta) |
Troubleshooting
"Gateway still provisioning"
Wait 5-10 minutes after setup for the gateway to be ready.
"Connection refused"
- Check WireGuard is running:
sudo wg show - Check port is exposed:
./status.sh - Check firewall:
sudo iptables -L -n
"Permission denied"
WireGuard requires root. Run with sudo or use --apply flag.
License
MIT
相关推荐
专题
+ 收藏
+ 收藏
+ 收藏
+ 收藏
+ 收藏
+ 收藏
最新数据
相关文章
客户 CRM:管理客户关系与销售 - Openclaw Skills
课程创作者:自动化在线课程设计与销售 - Openclaw Skills
Config Diff:比较与合并配置文件 - Openclaw Skills
自主行动:自我发起的 AI 智能体任务 - Openclaw Skills
审批队列:人机协同工作流管理 - Openclaw Skills
智能路由:智能 AI 模型选择 - Openclaw Skills
分析追踪:GA4 和 GTM 实施指南 - Openclaw Skills
主机 Ping:Openclaw Skills 的实时网络连通性工具
OpenClaw 自愈:AI 驱动的网关恢复 - Openclaw Skills
NSFW Detector Pro:高级 AI 内容审核 - Openclaw Skills
AI精选
MCP协议设计与实现-第20章 从零构建一个生产级 MCP Server
MCP协议设计与实现-第16章 服务发现与客户端注册
MCP协议设计与实现-第18章 Elicitation、Roots 与配置管理
MCP协议设计与实现-第10章 Python Server 实现剖析
MCP协议设计与实现-第17章 sampling
MCP协议设计与实现-第09章 TypeScript Client 实现剖析
MCP协议设计与实现-第19章 Claude Code 的 MCP 客户端:12 万行的实战
MCP协议设计与实现-第12章 STDIO 传输:本地进程通信