Local vLLM inference from sandbox on WSL2 + RTX 5090 — workaround documented

[soy-tuber]

Summary

I got local vLLM (Nemotron Nano 9B v2) working from inside a NemoClaw sandbox on WSL2 + RTX 5090. The provider system (--type openai with custom OPENAI_BASE_URL) works at the API level, but the sandbox network isolation requires three manual workarounds to let traffic through:

1. Host iptables — Allow Docker bridge → vLLM port in DOCKER-USER chain
2. TCP relay — Python relay in pod main namespace to bridge sandbox veth → Docker bridge
3. Sandbox iptables — nsenter to inject ACCEPT rule before the OUTPUT REJECT

All three are volatile (reset on restart). Network policy update is the only persistent piece.

Beyond basic inference, I also got tool call execution working with the opencode agent inside the sandbox. Nemotron 9B outputs tool calls as <TOOLCALL>[...]</TOOLCALL> text, which isn't compatible with OpenAI's structured tool_calls format. A custom gateway between the agent and vLLM buffers SSE streams and translates the text format into structured tool call objects, enabling the agent to actually execute tools (file read/write, shell commands, etc.) via local inference.

References

• Blog post (detailed walkthrough): https://media.patentllm.org/en/blog/gpu-inference/nemoclaw-local-vllm-sandbox

Environment

• WSL2 (Ubuntu 24.04), RTX 5090, CUDA 13.1
• openshell 0.0.7
• vLLM 0.15.1+ (OpenAI-compatible API)

Context

Not a bug report or feature request — just sharing what it took to make this work in case it's useful for the team. Related: #305.

[soy-tuber]

Update: I have cleaned up and published the repository containing the setup scripts, partial network policies, and the TCP relay mentioned above. It is now publicly available for reference here:

https://github.com/soy-tuber/nemoclaw-local-inference-guide

(Note: As stated in the repository's disclaimer, it is published strictly for reference and educational purposes, and the configurations may need adjustments depending on your specific environment.)

[soy-tuber]

Follow-up: Analysis of the underlying architectural issue

I wrote up a deeper analysis of why this workaround was necessary in the first place — covering the protocol-level design debt in the local AI ecosystem (OpenAI-compatible HTTP interface making local inference indistinguishable from cloud APIs at the kernel level), and a proposal for a three-tier trust model with kernel-verified local inference as Tier 1.

https://media.patentllm.org/en/blog/gpu-inference/nemoclaw-local-vllm-sandbox-motivation

I also attempted to build a co-located architecture (vLLM + agent inside the same sandbox, no network boundary) but was unable to achieve it with the current NemoClaw protocol. If NemoClaw could natively support this kind of --network=none + local inference co-location, the TCP relay workaround documented in this issue would become unnecessary.

[jieunl24]

Thanks for the detailed analysis! I've been testing local vLLM inference and found a simpler path that avoids the TCP relay, iptables workarounds, and custom tool-call gateway.

Networking: The sandbox doesn't need direct access to vLLM. The OpenShell gateway already proxies inference requests via https://inference.local/v1 inside the sandbox. You configure the gateway to point at vLLM:

openshell provider create --name vllm-local --type openai \
  --credential "OPENAI_API_KEY=dummy" \
  --config "OPENAI_BASE_URL=http://host.openshell.internal:8000/v1"

openshell inference set --provider vllm-local --model <your-model>

e.g. openshell inference set --provider vllm-local --model nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8

No iptables, no TCP relay, no network policy changes needed for inference. The sandbox OpenClaw config should use https://inference.local/v1 as the baseUrl (not the direct vLLM URL, matching how cloud inference is already routed). There seems to be a bug where onboarding wrote the direct URL - fix is in #380.

Tool calls / reasoning: Newer vLLM versions (I'm on 0.17.1) have built-in parsers. Check your model's HuggingFace card for the correct --tool-call-parser and --reasoning-parser flags - they vary per model.

For example, for Nemotron 3 Nano 4B I've used
--tool-call-parser qwen3_coder
--reasoning-parser nemotron_v3

Exact command I've used

vllm serve nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8 --enable-auto-tool-choice --tool-call-parser qwen3_coder --reasoning-parser nemotron_v3 --max-model-len 32768 --max-num-seqs 1 --trust-remote-code --gpu-memory-utilization 0.85 --kv-cache-dtype fp8 --host 0.0.0.0

Other notes from testing:

• vLLM must listen on --host 0.0.0.0 for the gateway container to reach it
• OpenShell 0.0.10+ is needed for host.openshell.internal to resolve inside the gateway container

[soy-tuber]

Tested the approach from your comment + PR #412 (via jieunl24/NemoClaw fork).

• OpenShell 0.0.11, WSL2 + RTX 5090
• NEMOCLAW_EXPERIMENTAL=1 nemoclaw onboard with vLLM provider
• inference.local routing works — no iptables/relay/nsenter needed
• OpenClaw TUI successfully runs with local Nemotron 9B

The 3-layer network hack from my original setup is fully eliminated. Thanks @jieunl24.

Note: had to patch onboard.js to change gateway port from 8080 (conflicted with existing service).

[soy-tuber]

I wrote up our research findings from this issue — covering the V1→V2 transition, vLLM parser setup (including built-in parser incompatibility with Nemotron v2), and observations on agent prompt engineering with OpenClaw.

https://github.com/soy-tuber/nemoclaw-local-inference-guide/blob/master/BLOG-openclaw-agent-engineering.md

Thanks again to @jieunl24 for the quick response and fixes (PR #412, #380).

[jhthompson12]

@soy-tuber and @jieunl24 thank you for your contributions! So far this thread is the closest I have seen to how I am trying to use NemoClaw with vLLM. Im curious if you have any suggestions for me. Some background:

• Install NemoClawmacbook (M4, Colima, Docker)
• Instead of running vLLM from the same host that is running NemoClaw I want to use a self-hosted instance of gpt- which is run with vLLM on a GPU server on my company's corporate network (OPENAI_BASE_URL=https://gpt-oss-120b.ai-lab.my-company.com/v1)

the nemoclaw.sh install script runs successfully, but with NEMOCLAW_EXPERIMENTAL=1 I was hoping to see a vLLM inference option where I could put in my OPENAI_BASE_URL but I only get the "Nvidia Cloud API" or "install ollama" options.

The content above goes over my head right now, but it does look pretty close to what i imagine I need to be doing. but just pointing openshell provider create to my external vLLM host rather than local? but im curious how relevant the issues you're discussing are to my situation and if you have any ideas for connecting my NemoClaw with this remote inference server.

[jieunl24]

Fyi, more changes were made to NemoClaw / OpenShell, so the standard vLLM path (which is still experimental) steps have been further simplified:

1. Have vLLM running (e.g. vllm serve nvidia/NVIDIA-Nemotron-3-Nano-4B-FP8 --enable-auto-tool-choice --tool-call-parser qwen3_coder --reasoning-parser nemotron_v3 --max-model-len 32768 --max-num-seqs 1 --trust-remote-code --gpu-memory-utilization 0.85 --kv-cache-dtype fp8 --host 0.0.0.0)
2. NEMOCLAW_EXPERIMENTAL=1 nemoclaw onboard
3. When prompted for inference choices, choose "Local vLLM [experimental] — running"

and that's pretty much it!

and @jhthompson12 your use case sounds like a fit for the Other OpenAI-compatible endpoint inference choice! Please give it a try and feel free to raise a feature request or bug if you face issues.

Closing - thanks everyone!