Tutorial · Estimated reading 14 mins

Gemini 2.5 in China:
Clash proxy rules for Google AI Studio access (2026)

Google’s generative stack—Gemini 2.5 Flash and Pro on Google AI Studio, plus the Generative Language API—depends on a wide mesh of hostnames, CDNs, and OAuth endpoints. This guide shows how to express that mesh as Clash split rules on the Mihomo core so browsers, SDKs, and terminals share one predictable path. The same profile pattern also improves Google services access for Gmail, Drive, and Colab when your upstream allows it.

Gemini 2.5 · Google AI Studio · Clash rules · API proxy

1 Why Gemini 2.5 traffic is wider than one hostname

In the first half of 2026, Gemini 2.5 Flash and Pro remain headline models in public benchmarks, and Google continues to funnel hobbyists and teams through Google AI Studio with generous free tiers for experimentation. That combination pulls in developers who want low-friction API keys, quick prompt iteration in the browser, and SDK access from local machines. None of that works if your network treats “google.com” as a single switch. In practice, sign-in, model inference, telemetry, artifact delivery, and quota accounting fan out across dozens of domains, many of them shared with other Google services.

Clash and Mihomo excel at exactly this problem: you declare policy once—what counts as domestic direct traffic, what must use a remote outbound, and how DNS should behave before TCP even starts—then let the core enforce it for every app that participates. Split routing is not about chasing raw throughput alone; it is about eliminating the half-connected state where the AI Studio shell loads but streaming responses stall, or where the Generative Language API returns TLS errors because only part of the dependency graph reached the right exit.

This article complements our Cursor IDE + Clash guide, which focuses on editor and extension traffic. Here the subject is Google’s cloud edge: OAuth, AI Studio, Vertex-flavored endpoints surfaced to developers, and the shared infrastructure behind Gemini 2.5. You are responsible for complying with local law and any employer policies; the following sections describe network engineering patterns, not legal advice about restricted regions.

2 Symptoms when your Clash rules under-cover Google

Misconfigured split rules rarely fail with a single obvious error. You might authenticate successfully, see the AI Studio UI, and still watch chat streams abort because WebSocket upgrades to an unstated host never left your direct path. Conversely, APIs can fail while the marketing site works, which usually means HTML and static assets hit a CDN you routed, but generativelanguage.googleapis.com or a regional Google APIs front door did not. Another common pattern is intermittent 403 responses that correlate with DNS returning different answers to the browser versus Clash’s internal resolver.

Treat logs as ground truth. With rule mode enabled, open your client’s connection log and reproduce the failure: note every domain and process. If Gemini 2.5 requests never appear, traffic is bypassing Clash entirely—fix injection first. If domains appear but bounce between DIRECT and REJECT, your policy order or provider merge is wrong. If you see TLS handshakes to unexpected countries, revisit GEOIP assumptions; many Google properties use anycast and do not line up with intuitive country buckets.

3 The Google surface you should model

You do not need a mythical “complete” list on day one, but you should understand the categories. Account and OAuth flows touch accounts.google.com, oauth2.googleapis.com, and related identity endpoints. AI Studio and consumer Gemini experiences lean on gemini.google.com, ai.google.dev, and various *.google.com hosts for shell assets. API work for the Generative Language API centers on generativelanguage.googleapis.com, with additional *.googleapis.com calls depending on features and SDK versions.

Static delivery often uses *.gstatic.com and other Google CDNs; blocking or misrouting them produces half-rendered pages that look like product bugs. Analytics and configuration fetchers may call www.googletagmanager.com or Google’s measurement domains; you can route or drop them based on privacy preference, but be consistent—partial success confuses debugging. For developers who also use Colab or Google Cloud consoles, you will see overlap with colab.research.google.com, console.cloud.google.com, and service-specific hostnames. A thoughtful Google services access profile acknowledges that overlap instead of duplicating contradictory rules in five places.

Image and multimodal features may pull from additional storage endpoints; always capture what your own client actually requests during a real workload rather than copying a static list from a forum post and hoping it ages well through 2026.

4 Recommended Clash profile shape

Most maintained templates already define proxy groups such as PROXY, Auto, or region-specific selectors. Add a dedicated anchor for Google if your subscription supports stable exits in regions where Google operates openly, or fold Google into a broader “Global” group if that matches your risk model. Keep domestic CDNs and banking sites on DIRECT to preserve latency. Place Google-oriented rules above catch-all GEOIP shortcuts so they cannot be skipped accidentally.

Order matters: evaluate explicit DOMAIN and DOMAIN-SUFFIX entries for AI Studio and APIs before generic matches. After Google-specific coverage, fall back to your normal policy stack. Document which outbound you expect for OAuth; bouncing account flows across countries can trigger step-up challenges unrelated to Clash performance.

Operational habit: Snapshot your working YAML whenever Google changes a hostname in release notes. A one-line diff beats an afternoon of guessing why only Android Studio’s embedded browser broke.

5 Example DOMAIN-SUFFIX rules (illustrative)

The fragment below is intentionally conservative and educational. Replace GOOGLE with your real proxy group name, and merge with your subscription’s conventions. Some users prefer collapsing several suffixes into a rule provider; others inline while learning. Both are valid if you regenerate or refresh providers on a schedule.

rules (excerpt) 
- DOMAIN-SUFFIX,google.com,GOOGLE
- DOMAIN-SUFFIX,googleapis.com,GOOGLE
- DOMAIN-SUFFIX,gstatic.com,GOOGLE
- DOMAIN-SUFFIX,googleusercontent.com,GOOGLE
- DOMAIN-SUFFIX,googlevideo.com,GOOGLE
- DOMAIN-SUFFIX,gvt1.com,GOOGLE
- DOMAIN-SUFFIX,ggpht.com,GOOGLE
- DOMAIN-SUFFIX,google.dev,GOOGLE
- DOMAIN-SUFFIX,googletagmanager.com,GOOGLE
- DOMAIN-KEYWORD,generativelanguage,GOOGLE
- DOMAIN-KEYWORD,gemini,GOOGLE

Keyword rules trade precision for convenience; watch for false positives if shorter tokens collide with unrelated sites. When ambiguity appears, tighten to DOMAIN-SUFFIX for the exact service after inspecting logs. Pair these rules with a sane MATCH or default outbound that matches the rest of your policy.

6 Rule providers and long-term maintenance

Hand-maintained lists work until they do not. For Google services access at scale, many users adopt community rule providers or split-out YAML fragments that track CDN and domain churn. If you import providers, understand their update cadence and whether they assume ad-blocking or region-split semantics that fight your AI use case. When a provider blackholes analytics domains you actually need for OAuth or configuration fetchers, you will see bizarre partial failures that look like Gemini 2.5 instability.

A pragmatic workflow is to keep a small private override file for AI Studio and Generative Language API endpoints you personally observe, then layer broader Google lists beneath it. Version-control your overrides. When Google ships a new subdomain for streaming responses, add it once, roll forward, and teach teammates so everyone’s API proxy story stays aligned.

7 API proxy patterns for developers

Browser traffic is only half the story. SDKs for Python, Node, and other runtimes read HTTPS_PROXY and friends, but they also perform their own certificate validation and sometimes ignore OS proxy settings entirely. For quick experiments, exporting HTTPS_PROXY=http://127.0.0.1:7890 alongside a matching HTTP_PROXY often works when your Clash HTTP port mirrors both schemes. For SOCKS-heavy stacks, ALL_PROXY=socks5://127.0.0.1:7890 may be clearer. Keep NO_PROXY tight so internal registries and Kubernetes APIs stay local.

When you call the Generative Language API with API keys or service accounts, failures frequently trace to DNS or TLS policy—not the key itself. Verify with curl -v https://generativelanguage.googleapis.com from the same shell that runs your job. If curl succeeds while the SDK fails, inspect whether the runtime uses a bundled CA store that does not trust your enterprise intercept, or whether gRPC settings bypass proxy variables. In those cases, Clash TUN mode often yields a simpler story because the kernel routes packets before user-space libraries make policy decisions.

Rotate keys that leak into screenshots or CI logs. A proxy cannot fix compromised credentials; it only provides reliable transport once secrets are handled responsibly.

8 DNS, FakeIP, and TLS friction

Gemini 2.5 sessions are sensitive to resolver inconsistency. If Clash maps names to FakeIP while Chrome still asks the ISP resolver for the same hostname, you can get certificate mismatches or silent blackholes. Prefer one coherent DNS strategy: either let Mihomo own DNS with clear fallback servers, or disable conflicting stubs on your OS after you understand the implications. For deeper patterns, our DNS leak prevention guide walks through DoH, DoT, and FakeIP combinations that pair well with rule mode.

IPv6 is another footgun. If your OS prefers IPv6 first but your rules assume IPv4-only exits, connections can leak around Clash in ways that look like random Gemini outages. Either align IPv6 routing with your policy or test with IPv6 temporarily disabled to isolate the issue. Long term, explicit IPv6 handling in your profile beats globally toggling interfaces.

TLS MITM: Do not enable Clash TLS decryption to “fix” Google certificates. If you need inspection, use a controlled enterprise proxy with proper trust distribution—not ad hoc MITM on a developer laptop.

9 When TUN beats manual API proxy settings

System proxy mode helps browsers and well-behaved runtimes, yet many developer tools open raw sockets that ignore environment variables. TUN pushes routing into the kernel so traffic is captured before libraries decide how to connect. For a workstation that mixes Google AI Studio tabs, local notebooks hitting Colab, and background sync clients, TUN frequently reduces the number of bespoke config files you maintain. Our Clash Verge Rev TUN mode guide covers installation caveats, route loops, and verification steps that apply beyond any single Google product.

After enabling TUN, revisit AI Studio with system proxy disabled to confirm the browser still reaches Gemini 2.5 endpoints through the virtual interface. Document the working combination so OS upgrades do not send you back to first principles.

10 Beyond AI Studio: Gmail, Drive, and Colab

The same Clash split rules that stabilize Google AI Studio and Generative Language API calls generally improve other Google properties because they share identity, CDN, and API front doors. Gmail and Drive sync become more predictable when *.googleusercontent.com and large-object hosts are routed consistently. Colab benefits when notebook fetches and runtime metadata share the same DNS story as your AI Studio session. You may still need product-specific tweaks—YouTube’s video CDNs are heavier than text APIs—but you are no longer starting from zero each time you adopt another Google tab.

If you alternate between personal experiments and employer-managed Google Workspace, keep separate profiles or at least distinct outbound groups so you do not blend compliance contexts accidentally.

11 Troubleshooting checklist

  • AI Studio loads but streams fail: Inspect WebSocket hosts in logs; add missing suffixes and place them above broad DIRECT rules.
  • API 403 with a valid key: Compare DNS answers between OS and Clash; align FakeIP or disable conflicting stubs.
  • Browser works, SDK fails: Verify proxy variables in the SDK’s environment, or switch to TUN for uniform capture.
  • Intermittent TLS alerts: Check IPv6 leaks, clock skew, and whether an antivirus HTTPS scanner fights Google’s certificates.
  • High latency only for Gemini 2.5: Test another outbound in your selector; some nodes optimize streaming poorly even when general sites feel fast.

12 Wrap-up

Gemini 2.5 on Google AI Studio is a convenient lens for a general lesson: modern Google services access is a graph, not a hostname. Clash split rules let you encode that graph once—covering Generative Language API calls, browser sessions, and shared CDNs—then keep DNS and optional TUN mode aligned so every layer agrees on the path. Compared with one-size-fits-all VPN clients, a Mihomo-powered profile gives finer control over which Google endpoints use which exit, which makes both latency and policy easier to reason about when you iterate on prompts and code in the same afternoon.

Invest the time to log real traffic, codify rules, and snapshot YAML when Google shifts infrastructure. The upfront discipline pays off the first time a teammate onboarded to Gemini 2.5 Flash inherits a working API proxy setup instead of improvising brittle per-app toggles. When you need a desktop client that pairs readable logs with system proxy and TUN, start from our download hub rather than hunting one-off installers—consistent clients make consistent teams.

Once routing becomes boring again, you can focus on models and prompts instead of connectivity—and that is exactly what a solid proxy stack should deliver for Google AI Studio users in 2026.

→ Download Clash for free and experience the difference

Tags: Gemini 2.5 Google AI Studio Clash Split routing API proxy Mihomo
Clash client logo for Gemini and Google AI Studio proxy setup

Clash Verge Rev

Next-gen Clash client · Free and open source

One client for system proxy, optional TUN, and readable connection logs—so Google AI Studio, SDKs, and terminals share the same split-routing story instead of fighting over environment variables.

TUN full traffic takeover Mihomo high-performance core Precise rule routing DNS leak helpers Multi-subscription management
Windows macOS Linux

Related reading

AI toolchain

Stable Cursor access with Clash: proxy setup for extensions and AI requests

 DNS

Prevent DNS leaks with DoH, DoT, and FakeIP on the Mihomo core