Fix Claude Code CLI Timeouts in 2026: Clash Split Rules and DNS (Tested)

Why Claude Code CLI breaks while “the proxy is on”

Anthropic’s coding-agent stack is boring HTTPS dressed up as magic: OAuth or API keys, long-lived TLS to api.anthropic.com, occasional browser handoffs when you authorize a workstation, plus whatever asset hosts the installer or updater touches. Problems begin when those sockets never traverse the Clash policy engine—even though a menu-bar icon insists you are connected. On macOS and Windows, “system proxy” pleases Chromium and Electron utilities while a Go or Node toolchain still performs libc DNS and opens TCP sessions without injecting your mixed port unless you exported HTTPS_PROXY yourself. Linux adds systemd-resolved, snap confinement, and container bridge DNS that quietly disagree with whatever address Clash synthesized under fake-ip.

Users summarize the misery with uncanny uniformity: OAuth finishes in Safari, yet the CLI complains about deadline exceeded or hangs after the spinner; alternatively, REST calls succeed once while streaming completions stutter forever because multiplexed HTTP/2 sessions split across mismatched exits. Interpret those anecdotes as routing bugs until connection logs disprove the theory. Split rules only help when packets actually arrive at Clash—and when matcher order sends Anthropic fronts to one coherent outbound bucket instead of dribbling identities across DIRECT and Proxy.

If policy-based proxies feel new, read the site’s Clash tutorial first; this article assumes familiarity with proxy groups and skips installation theater. Browser-first Anthropic ergonomics—including consumer claude.ai pages and broader hostname maps—overlap with our Claude web and Anthropic API rules guide, which targets tabs and dashboards more than terminals. Pair both if you oscillate between VS Code tooling and Claude Code nightly builds on the same profile.

The three planes: capture, rules, and DNS

Think sequentially. Capture determines whether Claude Code sockets enter the core. Rules pick the outbound once the packet is visible. DNS determines which names—and sometimes which synthetic addresses—the policy layer believes it is enforcing. Shake any leg and symptom soup appears: partial login, flaky tool dispatch, reproducible freezes only on office Wi-Fi, or spooky “fixed after reboot” ghosts rooted in caches.

Capture strategies differ by vocation. Consultants living in Terminal.app swear by exporting HTTPS_PROXY=http://127.0.0.1:7890 (adapt to your mixed port); DevOps teammates running remote CI never see your laptop GUI toggles unless you tunnel intentionally. Transparent TUN elevates fidelity by wrapping IP traffic but collides with corporate VPN mandated by HR. Choose one disciplined approach per machine, write it down, and stop layering contradictory modes “just until the demo succeeds.” Mixed capture is why OAuth appears fine—browser uses TUN—and later API bursts fail because the daemon dropped your environment variables upstream of the Node runtime.

Rules fail bluntly via order and granularity. Clash walks matchers top down; broad GEOIP lines or prematurely inserted MATCH statements erase bespoke Anthropic lines you carefully merged from Slack threads. Granularity bites when you widen DOMAIN-SUFFIX entries prematurely: blasting all of anthropic.com may capture marketing sites you hoped to keep DIRECT, while missing a sibling subdomain the CLI silently adopted after an SDK bump. Maintain personal overrides in prepend-only snippets so subscription churn cannot shuffle you beneath a refreshed catch-all. For RULE-SET mechanics and snippet hygiene, read the custom rules tutorial.

Hostnames you should expect (and validate in logs)

No static list survives 2026’s pace; vendors reshuffle CDN edges and feature-rollout gateways. Treat the bullets below as a practical baseline—then corroborate with your own captures after upgrades.

• HTTPS API: api.anthropic.com for Messages and tooling over REST; newer SDK minors may reuse the same apex but different paths—watch logs for redirects.
• Interactive product surfaces: claude.ai remains the consumer hallmark; Claude Code sometimes deep-links onboarding pages that reuse those assets.
• Console and billing: platform.claude.com alongside legacy console.anthropic.com redirects; keep both in rules while bookmarks overlap.
• Documentation and support: docs.claude.com, historically parallel docs.anthropic.com mentions, plus support.claude.com for ticket portals.
• Corporate and policy: anthropic.com and www.anthropic.com when legal or HR links appear inside enterprise onboarding.
• Telemetry and rollout vendors (optional noise): third-party observability fronts may flash in ephemeral debugging—only elevate them with evidence, not folklore.

Coding agents amplify subtle hostname drift: orchestration wrappers may prefetch documentation, prefetch model metadata, or call entitlement endpoints unrelated to conversational chat traffic. Logging each failing window builds a sharper diff than blindly comparing with a browser session that never exercised the same URLs.

YAML fragment: CLI-friendly precedence

Assume your profile defines a selectable group named Anthropic-CLI. The block below is illustrative: rename outputs to match reality, preserve LAN exemptions, and tuck this block ahead of GEOIP/MATCH catch-alls that subscription vendors love to hoist.

# LAN and loopback first (adapt to your network)
IP-CIDR,192.168.0.0/16,DIRECT
IP-CIDR,10.0.0.0/8,DIRECT
IP-CIDR,172.16.0.0/12,DIRECT
IP-CIDR,127.0.0.0/8,DIRECT

# Claude / Anthropic — verify after vendor redirects
DOMAIN,api.anthropic.com,Anthropic-CLI
DOMAIN,claude.ai,Anthropic-CLI
DOMAIN,platform.claude.com,Anthropic-CLI
DOMAIN,console.anthropic.com,Anthropic-CLI
DOMAIN,docs.claude.com,Anthropic-CLI
DOMAIN,support.claude.com,Anthropic-CLI
DOMAIN,anthropic.com,Anthropic-CLI
DOMAIN,www.anthropic.com,Anthropic-CLI

# Broaden deliberately only after repeated sibling misses:
# DOMAIN-SUFFIX,claude.ai,Anthropic-CLI
# DOMAIN-SUFFIX,anthropic.com,Anthropic-CLI

# Remaining flows follow imported profile (GEOIP, MATCH, RULE-SET, ...)

Split outbound groups (Anthropic-Web versus Anthropic-API) help when latency budgets differ—think batch codegen through a jittery relay while documentation loads on another exit. Duplicate lines with divergent targets and keep naming honest in logs.

DNS: why “correct rules” still never match

Fake-ip answers applications with synthesized addresses tracked internally—a brilliant trick until libc clients cache divergent truths or query DoH services that leapfrog Clash's dns section entirely. Symptoms include stalled TLS halfway through handshakes, streaming responses that abruptly truncate, or “works after toggling airplane mode.” That is textbook resolver disagreement, not model meltdown.

Align deliberately. If Clash should own DNS during development, steer the stub listener (often 127.0.0.1 on a GUIs mixed stack) uniformly; if sandboxed tools insist on external DoH, document which provider hostnames deserve explicit matchers or accept granular IP fallback risk. Transparency helps you compare expected DOMAIN hits against IP-forwarded GEOIP endings. Dive deeper into TUN interplay in the TUN deep dive; Linux workstations benefit from pairing this page with our systemd-resolved walkthrough.

Windows workstations and roaming profiles

Enterprise antivirus suites often inject forward proxies or split-brain DNS depending on elevation. A shell launched “as Administrator” may inherit different interface metrics than your afternoon coffee-shop user session. When OAuth succeeds only in the non-elevated profile, suspect parallel filters before rewriting YAML for the fourth time.

macOS shells and launchd jobs

Interactive zsh sessions read .zprofile; launchd daemons may ignore them entirely. Automation that runs Claude Code overnight must export proxy variables where the scheduler actually looks. Security products sometimes exempt Google-scale TLS while still MITM-testing smaller vendors—Anthropic may fall into an unexpected bucket. Compare the exact binary being launched, not the shell you played with manually.

Environment variables versus transparent capture

Most modern CLIs honor HTTPS_PROXY or ALL_PROXY, but child processes can strip them, language runtimes may pin custom HTTP stacks, and package managers sometimes spawn nested workers that forgot your exports. Escalation path: confirm OS-level expectations, harden the shell profile you truly use, then enable TUN if logs still show stray DIRECT hits during reproduction. For Windows plus WSL2 split brains, read the WSL2 proxy guide before duplicating contradictory YAML on both sides of the bridge.

Streaming tool calls and HTTP semantics

Coding agents love long-lived SSE or chunked responses. Mid-stream stalls resemble VPN MTU quirks, QUIC/HTTP3 divergence, upstream shaping, or even rate limits pretending to be packet loss. When TCP flows show healthy TLS yet tokens freeze, probe with curl --http2 through the identical outbound pair to isolate tooling from transport. Sniffing-related toggles belong in careful experiments documented with rollback notes; mis-sniffing can falsely label banking flows. If sniffing mysteries pile up, review sniffing disable patterns for Meta kernels.

A five-minute verification ritual

Whenever you tweak rules or DNS:

1. Confirm the merged profile revision your GUI loads—subscriptions love silently overriding personal snippets Friday nights.
2. Open connection logs, raise verbosity if safely possible, silence chatty repeats.
3. Run the smallest failing Claude Code invocation (token probe, benign prompt, noop tool).
4. For each stalled flow, jot hostname, matcher name, outbound group, and IP family.
5. Only afterward rotate upstream nodes inside Anthropic-CLI to chase lossy ASNs rather than hallucinated DNS gremlins.

Mirror-check with curl -v https://api.anthropic.com/ routed through the same proxy environment—expect policy responses, not a full transcript. If curl cannot finish TLS yet generic unrelated HTTPS succeeds, upstream health matters more than another DOMAIN line.

Compared with Gemini CLI parallels

Google’s Gemini command-line toolchain drags OAuth through accounts.google.com and sprawling googleapis.com edges—a different constellation than Anthropic. If you routinely test both ecosystems, replicate the disciplined capture workflow from our Gemini CLI and Clash DNS guide instead of blindly duplicating YAML across vendors.

When widening rules beats swapping exits (and vice versa)

Beginners stack suffix entries before testing a fresh node twice. Veteran operators flip that order once logs prove consistent policy hits against Anthropic-CLI. Persistent failures tethered to one ASN seldom respond to prettier YAML; conversely, obvious DIRECT classifications to flagship API fronts never heal via speed-test roulette until matchers reorder.

Watch for quotas: aggressive automation can surface HTTP 429 backoffs resembling stalls. Separate policy mistakes from account mistakes by inspecting status lines wherever the SDK exposes them.

Maintaining overrides through subscription churn

Vendors reorganize GEOIP shards and prepend ad trackers with enthusiasm. Snapshot your prepend layer in Git, review diffs when remote templates update, then rerun the five-minute ritual anytime CI pulls a regenerated profile onto developer laptops.

Debugging with centralized logs responsibly

When timeouts persist mysteriously after rules settle, escalate methodically inside your GUI—as our Windows 11 Verge Rev log panel troubleshooting guide demonstrates—rather than blindly toggling knobs. Capture hostnames first, payloads never: API keys deserve redaction pipelines before tickets hit Slack.

Privacy, workplace policy, and realistic expectations

Routing changes paths—not contractual entitlements, regional availability, or IT security baselines. Assume enterprise MDM forbids unauthorized TUN. Anthropic telemetry policies apply regardless of which exit relays bytes.

FAQ-style symptom map

• OAuth browser cheer, CLI doom: token exchange still resolves outside your Anthropic bucket—align identities and watchers above coarse MATCH entries.
• Streaming dies mid-completion: compare HTTP/2 keep-alives versus HTTP/3, MTU quirks, jittery relays; gather multi-minute log slices rather than snapshots.
• Broken only downtown Wi-Fi: captive portals and split DNS spoofing masquerade as AI outages.
• Works locally, collapses SSH’d into EC2: remote hosts lack Clash—tunnel intentionally or recreate policy there.
• Post-subscription-update regression: diff merge ordering; early MATCH lines swallow bespoke Anthropic matchers.

IPv6, happy eyeballs, and false-timeout narratives

Dual-stack laptops race protocols; one family may traverse your exit cleanly while another blackholes subtly. Logging address families beside hostnames distinguishes “routing tantrum” from “IPv6 ISP comedy.” Controlled experiments disabling AAAA briefly can narrow scope—document reversions carefully.

Containers and remote developer environments

Devcontainers inherit cluster DNS defaults; Docker Desktop inherits Windows bridge oddities summarized in our Docker Desktop proxy primer. Inject explicit proxy environments at container build when policy demands reproducibility—not wishful thinking that host YAML leaks inward magically.

Instrumenting telemetry without drowning in noise

Verbose SDK logs bury secrets accidentally. Prefer structured timelines: failing command, correlated hostnames, profile hash, outbound group selections, timestamps. Structured notes outperform screenshot archaeology two sprints later.

Habits after stability returns

Schedule lightweight smoke tests whenever macOS bumps system certificates, Chromium updates bundled trust stores shared with SSO, or your Clash vendor jumps majors. Scripted harmless metadata pings catch silent matcher drift before demos explode.

Put Claude Code CLI on solid routing ground

Claude Code CLI timeouts seldom require exotic exploits—consistent capture, ordered Anthropic matchers, and DNS coherence carry most sessions. Companion browser guidance lives beside the Claude web/API rules playbook when workflows hop between Electron editors and chromium tabs.

Compared with blunt whole-device VPN tunnels that obscure which process used which egress, traditional one-toggle clients leave terminal stacks guessing—particularly for coding-agent CLIs spawning nested workers behind your back. Clash exposes rule names beside destinations in unified logs so you tighten YAML deliberately instead of reinstalling opaque profiles wholesale. Grab a Meta-capable build from our official download hub, wire the Anthropic block ahead of greedy MATCH clauses, mirror DNS policy to fake-ip semantics, then reuse the checklist here anytime your coding agent misbehaves after the next upstream refresh.