1. Why this is not our ChatGPT / OpenAI routing article
If you already read ChatGPT and OpenAI routing with Clash, you know the drill: separate web UI hostnames from API endpoints, align fake-ip DNS, and verify policy hits. That advice is still valuable for conversational products. Gemma-style work is different: you are more likely to fetch multi-gigabyte artifacts from a model hub, resolve redirects through CDNs, and read long-form docs that live on Google-managed domains. Copy-pasting “OpenAI rules” into your YAML will not magically cover Hugging Face LFS endpoints or the documentation sites you need while configuring a local runtime.
The goal here is not to repeat vendor hype about a new checkpoint. It is to give you a reproducible way to keep your toolchain online: git and huggingface-cli pulls, browser downloads, and doc tabs that all need consistent routing. Clash expresses that as explicit rules and groups—not a single opaque “AI mode” switch.
2. What a typical Gemma 4 local trial actually does on the network
Imagine a common sequence. You read an announcement, open a model card in your browser, copy a snippet that references a repository name, then use the Hub UI or the Python huggingface_hub library to download weights. Behind the scenes, that may involve the main registry host, short links, redirectors, and blob storage that does not share a suffix with the page you started from. Separately, you might open Google AI documentation, quickstart pages, or Colab-related assets that pull static resources from widely mirrored domains.
When only one stage fails—metadata loads but blobs time out—you are looking at split-path behavior. A crude proxy toggle might fix the first hop and leave the second on DIRECT because of rule order, or the opposite, depending on your provider’s bundled lists. The fix is to model the workflow as buckets, then map buckets to policy groups.
3. Bucket the traffic: Hub, blobs, docs, and tooling
Think in four rough buckets. First, catalog and API calls that list files, resolve revisions, and negotiate downloads—often tied to well-known hub hostnames. Second, large payload delivery via object storage or CDN hostnames that appear in redirects when you follow a download link. Third, documentation and static assets for Google’s developer surfaces, which may include domains that look unrelated until you watch a trace. Fourth, your local tools: pip, conda, containers, or language runtimes that might ignore OS proxy settings unless you use TUN or explicit environment variables.
Clash shines when you translate those buckets into explicit split routing entries. The point is not to memorize every subdomain forever—vendors evolve—but to know which log lines prove coverage and where to add the next DOMAIN-SUFFIX line when a new name appears.
4. DNS, fake-ip, and why downloads stall halfway
Many Mihomo-class profiles enable fake-ip mode to reduce leaks and speed up certain lookups. That can be excellent until resolution and rule evaluation disagree. Symptom patterns include TLS retries on enormous transfers, resumes that never start, and “small pages work, big files fail” behavior. Hugging Face workflows are especially sensitive because a single session may fan out across many names.
A practical approach mirrors what we recommend in other split guides: first confirm upstream resolvers are reachable from your network path. Second, consider targeted policies—commonly nameserver-policy for specific suffixes—when public resolvers return different answers than the ones your rules expect. Third, if you operate on split corporate DNS, remember Clash cannot invent reachability; it routes what your stack resolves. When in doubt, capture hostnames from the client’s connection log while reproducing the failure, then adjust DNS or rules with evidence rather than folklore.
For cross-cutting DNS and port issues, keep the general Clash troubleshooting guide open. This article assumes your core starts cleanly and focuses on hostname coverage for ML tooling.
5. Hugging Face: representative hostnames to validate locally
Public documentation and community posts frequently cite core domains such as huggingface.co and the short hf.co form. Model artifacts may be served through additional infrastructure that does not match those strings. Rather than treating the Hub as “one website,” use your desktop client’s live connection table while you run a small test download. Look for unexpected DIRECT rows, TLS errors tied to specific SNIs, or traffic that bypasses Clash entirely because a tool does not honor system proxy.
The table below lists illustrative buckets and example suffixes you might observe. Treat every cell as a checklist to verify in your own traces, not a permanent guarantee from us.
| Bucket | Examples (verify locally) | Routing note |
|---|---|---|
| Hub UI & API | huggingface.co, hf.co | Keep catalog calls on a stable policy; avoid early broad DIRECT exceptions that orphan related requests. |
| Large blobs / mirrors | CDN or object-storage names shown in redirects | Often distinct from the HTML origin—split both or downloads pause mid-stream. |
| Git LFS style flows | Hosts surfaced by git or CLI tools | CLI tools may need TUN or explicit proxy env vars if they ignore the OS proxy. |
| Community & assets | Discussions, thumbnails, embedded media | Lower priority than weights, but missing rules can still break scripted notebooks. |
6. Google AI documentation and related surfaces
When Google publishes model cards, developer guides, or console links, the readable article may live on one hostname while scripts, fonts, and packaged examples load from others. That is normal web architecture, but it is painful when your rules only cover a marketing domain. For Google AI work, expect a mix of developer domains, static delivery hosts, and occasionally regional mirrors.
Again, evidence wins. Open your connection log, filter for the browser profile or CLI process, and reproduce a doc page load. If half the assets show DIRECT while the HTML route is proxied, you have a classic precedence or DNS mismatch—not “Google is down.” Add explicit suffix rules for the missing families before you swap exit nodes.
7. System proxy versus TUN for CLIs and notebooks
System proxy is convenient when macOS or Windows propagates settings to well-behaved GUI apps. Many browsers pick it up automatically. Command-line tools are less predictable: git, Python HTTP stacks, and container runtimes may ignore the OS proxy unless you export HTTPS_PROXY variables or route at the interface level.
TUN mode moves routing closer to the network stack so fewer processes can accidentally bypass Clash. It costs operational attention—permissions, route tables, occasional conflicts with other VPNs—but it is often the most deterministic choice when your session mixes a browser, a terminal pulling weights, and a local server. If you enable TUN after reading our TUN mode guide, revisit the connection log and confirm your download tool no longer appears as stray DIRECT traffic.
Also preserve loopback. Local inference runtimes, adapters, and debuggers should stay on 127.0.0.1 without being shoved through a remote proxy. Good rule sets keep localhost explicit.
8. Rule snippets: explicit DOMAIN-SUFFIX steering
The YAML fragment below illustrates steering representative suffixes to a proxy group. Replace PROXY with your real policy name and keep order in mind: specific lines must appear before broad provider MATCH rules that accidentally prefer DIRECT.
# Example only — replace PROXY; verify hostnames in your live connection log
rules:
- DOMAIN-SUFFIX,huggingface.co,PROXY
- DOMAIN-SUFFIX,hf.co,PROXY
- DOMAIN-SUFFIX,google.dev,PROXY
- DOMAIN-SUFFIX,ai.google.dev,PROXY
- DOMAIN-SUFFIX,developers.google.com,PROXY
- DOMAIN-SUFFIX,gstatic.com,PROXY
- DOMAIN-SUFFIX,googleapis.com,PROXYWhy include static and API-style suffixes? Documentation pages frequently pull assets from shared Google delivery infrastructure. If only the HTML hostname is proxied, you can end up with half-rendered pages or scripts that never execute—symptoms that look like “the site is broken” when the real issue is incomplete coverage. Adjust the list based on what your trace shows; new Gemma-related paths may introduce additional names over time.
When you need finer control, split PROXY_FAST for interactive HTTPS sessions and PROXY_BULK for huge downloads, then point suffix patterns at the appropriate group. Large checkpoints reward throughput; small API-style calls reward latency stability.
9. Recommended order of operations
Follow a reproducible sequence so your logs remain legible when something changes upstream.
- Confirm your profile loads: valid YAML, working subscription fetch, and a known-good baseline node—see subscription import if anything is unclear.
- Decide between system proxy and TUN based on whether your download tools respect the OS proxy.
- Open the live connection log, start a tiny test fetch from the Hub, and note every hostname involved.
- Add or reorder
DOMAIN-SUFFIXandDOMAINrules so blob and CDN names cannot be swallowed by unintendedDIRECTlines. - Re-run a larger download; if stalls persist, inspect DNS answers and resolver policy before swapping servers.
- Document the final policy names and DNS mode in a short note so future you—or teammates—can reproduce the setup after the next Gemma point release.
10. Node strategy for huge checkpoints versus browsing docs
Leaderboard-winning latency is a poor proxy for multi-gigabyte transfers when the path jitters or reconnects frequently. Interactive browsing tolerates occasional spikes; resumable downloads punish them. Prefer a steady middle-tier node over an auto mode that flaps between exits during long TLS sessions. If you want protocol background, our Shadowsocks vs Trojan vs Hysteria2 overview explains how different transports behave under packet loss—useful when you split bulk traffic from doc browsing.
When a provider advertises “streaming” or “gaming” groups, read that as a hint about congestion management, not magic. For weights, throughput and session stability beat vanity speed tests.
11. GUI workflow: logs as the source of truth
Desktop clients such as Clash Verge Rev pair rule editors with live connections. Filter for huggingface, hf.co, google, or process names tied to your CLI while reproducing an issue. If anything unexpected shows DIRECT, revisit bypass lists and rule precedence before blaming the upstream network. Newcomers should complete the Clash Verge Rev setup guide so ports, cores, and subscriptions are baseline-stable before debugging large downloads.
If you maintain multiple machines—say a Linux training box and a daily-driver laptop—sync the policy names you rely on. Nothing is more tedious than “works on A, fails on B” when B simply uses an older profile snapshot.
12. Corporate networks, MITM, and compliance reality checks
Some enterprises intercept TLS on specific categories of traffic. Split routing still helps because it shows which hostname class fails first. Clash cannot repair certificate pinning conflicts introduced by inspection appliances; it can localize the symptom so you do not waste hours tweaking nodes when the answer is policy on a specific domain category.
Similarly, if your organization forbids exporting model artifacts to personal machines, technical workarounds are not a substitute for internal approval. This guide assumes you are allowed to access public hubs and documentation from the network you control.
13. Open source, trust, and where to download the client
Clash-family clients are open enough for you to audit behaviors that matter to engineers: how rules are evaluated, how DNS is forwarded, and how logs represent policy hits. If you need upstream source or issue trackers, those belong in separate footnotes from the install path. For end users, we keep the primary client acquisition story on-site: use the download page linked at the end of this article rather than hunting release assets ad hoc.
14. Summary: evidence-backed routing for open-model workflows
When Gemma 4 curiosity pushes you toward local experimentation, network pain often shows up as “the card loads but the checkpoint never finishes” or “docs are half broken.” Treat that as split routing debt: multiple hostnames, DNS truth, and tool-specific proxy visibility. Clash gives you precise knobs—rules, groups, DNS policy—so you are not stuck narrating the problem as a vague VPN mystery.
A maintained desktop client with Mihomo integration keeps connection diagnostics next to rule editing, which matters when your afternoon spans browsers, terminals, and enormous files. Compared with browser-centric AI articles, this checklist targets Hugging Face and Google AI surfaces explicitly—complementing, not duplicating, our ChatGPT-focused guide. When your policy matches what the logs show, you spend less time packet-divining and more time on the model itself. → Download Clash for free and experience the difference