Search intent: why “Codex timeout” usually means routing

If you landed here from queries like “OpenAI Codex terminal timeout”, “GPT-5.3-Codex CLI hang”, or “HTTPS_PROXY OpenAI API”, you probably already ruled out an empty API key and still see maddening watchdog aborts. In 2026 the predictable pattern is not mysterious model decay—it is heterogeneous egress: browsers happily talk to ChatGPT surfaces while shell-born agents speak a different HTTP stack, inherit a different environment, and sometimes match a DIRECT policy row in your Mihomo profile that never strikes during casual browsing.

This article parallels our Anthropic-focused terminal guide but targets OpenAI’s API-shaped traffic. You will learn how Clash Verge Rev (the maintained Mihomo desktop GUI) makes API split routing observable—so you prepend rules with evidence, export HTTPS_PROXY deliberately, and verify with curl instead of guessing.

Symptoms that scream proxy policy—not “bad GPT-5.3-Codex”

Before opening billing tickets, classify failure shapes:

  • Intermittent long stalls ending in client-side timeouts even though simple GETs occasionally succeed.
  • Connections rows flickering between your proxy group and DIRECT during failure windows.
  • Git or npm flows succeeding through one outbound while api.openai.com stalls through another.
  • Immediate relief when you temporarily enable Global mode—classic sign of GEOIP-heavy lists starving SaaS APIs.
  • TLS alerts or reset bursts that correlate with roaming Wi-Fi or corporate inspection, unrelated to token counts.

Those are the moments to instrument routing, not to speculate about model versions.

Mental model: what Codex inherits from your OS and shell

OpenAI Codex and related CLIs compose three cooperating layers you must keep aligned: the resolver your OS uses, the environment variables visible to the launcher, and whichever HTTP client library the toolchain embeds. Chromium-based apps honor PAC files or system proxy catalogs; a bare terminal session may inherit none of that unless you export it yourself.

Therefore “it works in the browser” is never sufficient proof. You need the exact parent process tree that starts Codex to carry either Verge’s system-proxy stance or explicit HTTP_PROXY / HTTPS_PROXY tuples.

Establish a trustworthy Clash Verge Rev baseline

  1. Activate a fresh profile snapshot: stale subscription nodes amplify AI-shaped slowdowns that masquerade as quota problems.
  2. Record listener triples: mixed HTTP port, SOCKS port, and controller port—documentation beats tribal knowledge during incidents.
  3. Select a low-loss outbound: AI traffic holds connections longer than ping checks; pick nodes that survive sustained TLS.
  4. Enable logging for policy names: you want row-level proof of which rule matched when Codex fails.
  5. Snapshot Overrides: merge date-stamped snippets so provider refresh cannot silently drop your prepended developer blocks.

Once baseline latency is sane, any regression while invoking GPT-5.3-Codex narrows to classification errors or DNS—not vague internet weather.

Tip: Maintain a tiny “developer egress” YAML fragment checked into an internal repo that only lists SaaS API suffixes—OpenAI, code hosts, package registries—so on-call merges the same prepend block instead of improvising under stress.

Rule split routing, Global diagnostics, and TUN capture

Most technical readers want rule-based split tunneling: domestic CDN traffic stays efficient, audit trails stay narrow, and compliance teams see deliberate paths instead of “VPN everything.” Use this ladder:

  • Rules-first: prepend explicit DOMAIN-SUFFIX rows for OpenAI before broad DIRECT shortcuts that swallow SaaS.
  • Global as flashlight: toggle briefly to prove misclassification; revert quickly because Global is not a posture.
  • System proxy via Verge: aligns many GUI-launched stacks with Mihomo without kernel adapters.
  • TUN mode: when multiple child processes ignore HTTP proxies—Go net/http defaults, exotic gRPC paths—or when you refuse to wrap every IDE integration manually.

Each step trades simplicity for coverage; document which layer finally stabilized your Codex session.

OpenAI-leaning hostnames to confirm in Connections—not copy-paste dogma

Vendors move edges; treat forum snippets as hints. Let your own Logs drive expansions, but seed searches with anchors you should verify:

  • api.openai.com for REST-shaped Chat Completions and cousins.
  • openai.com apex and auth redirects that appear during token refresh.
  • platform.openai.com when admin or usage dashboards share sessions with CLI tooling.
  • chatgpt.com or sibling marketing surfaces if SSO flows touch them during login loops.
  • CDN or blob hosts surfaced as separate SNI rows— widen using RULE-SET updates after you capture misses.

When a release changes hostnames, widen surgically; never keyword-match so aggressively that you hijack unrelated HTTPS.

Example prepend rules (rename outbound realistically)

Assume your outbound group is PROXY—replace with your selector label (🇺🇸 Auto, Manual, etc.). Place these lines above GEOIP-heavy DIRECT shortcuts:

DOMAIN-SUFFIX,openai.com,PROXY
DOMAIN-SUFFIX,chatgpt.com,PROXY
DOMAIN-KEYWORD,openai,PROXY

The last keyword line is intentionally blunt; tighten it if your corporate environment hosts benign domains that collide. Prefer DOMAIN-SUFFIX precision once you collect concrete miss rows.

Pin Overrides merges so subscription downloads cannot erase your prepend without a merge conflict you notice.

HTTPS_PROXY and friends: where they actually matter

Searchers explicitly hunt terminal proxy answers because shells are chaotic. Map your launch context:

  • Interactive zsh or bash: exports in .zshrc help only when Codex truly starts inside that interactive session.
  • IDE integrated terminals: some strip variables for security; confirm with env | grep -i proxy immediately before invoking Codex.
  • macOS launchd agents: embed an EnvironmentVariables dictionary—do not assume Dock-spawned apps inherit shell files.
  • Windows PowerShell profiles vs machine-wide env: scheduled tasks and Services use different visibility than your interactive window.
  • direnv per repo: isolates corporate versus personal egress without laptop schizophrenia.
  • CI runners: inject secrets-consistently with allow-listed egress, not ad-hoc copy from a laptop snippet.

Typical Mihomo HTTP forwarder tuples resemble:

export http_proxy=http://127.0.0.1:7890/
export https_proxy=http://127.0.0.1:7890/
export HTTP_PROXY=http://127.0.0.1:7890/
export HTTPS_PROXY=http://127.0.0.1:7890/

Mirror lowercase and uppercase because libraries disagree on precedence. Add NO_PROXY entries for localhost, link-local ranges, corporate artifactories, and internal git remotes to prevent regressions.

HTTP CONNECT versus SOCKS: avoid half-open mysteries

Mihomo exposes HTTP and SOCKS fronts; some stacks insist on SOCKS for multiplexing. If HTTP proxy variables yield weird partial success, align ALL_PROXY with the SOCKS listener documented in Verge and retest.

Mismatched pairs—HTTP variable pointing at SOCKS port or vice versa—produce the classic “curl works when I paste flags but my CLI does not” support thread.

Measured verification before blaming OpenAI

  1. curl through the proxy explicitly: curl -v --proxy http://127.0.0.1:7890 https://api.openai.com with sane --connect-timeout values.
  2. Compare DIRECT versus proxied traces: if DIRECT hangs but proxied succeeds, your rules or env exports—not the API—are the culprit.
  3. Global A/B for five minutes: confirm misclassification hypotheses, then revert.
  4. Read Mihomo logs for RST patterns: correlate with concurrent large uploads that saturate a weak node.

Evidence beats vibe debugging, especially when executives ask whether “GPT-5.3-Codex degraded.”

DNS, fake-ip, and OpenAI clients

Faster fake-ip setups fail when browsers, systemd-resolved, and Mihomo disagree about who owns answers. Symptoms include hangs where TCP attempts never align with the resolver you think you configured.

  • Review fake-ip-filter for SaaS domains that need stable resolution semantics.
  • Consider nameserver-policy pinning when split-brain lookups haunt OAuth redirects.
  • Temporarily raise DNS log verbosity while isolating incidents—not forever.

Correlate DNS rows with Connections so you adjust one lever at a time.

Provider health still matters under GPT branding

Unstable relays turn streaming completions into client timeouts. Rotate nodes, watch for UDP or QUIC choke, and remember subscription refresh URLs themselves must be reachable—ironic deadlocks happen when the update URL is DIRECT-blocked.

Longer AI sessions amplify congestion that short HEAD requests would miss; treat throughput tests as sustained downloads, not instantaneous pings.

When teams run multiple Codex tabs against the same selector, stagger launches briefly so burst TCP builds do not masquerade as API-side throttling.

Failure matrix at a glance

What you see Likely cause Next step
Global cures instantly GEOIP starvation of API hosts Prepend OpenAI rules ahead of DIRECT shortcuts
curl via proxy succeeds; Codex hangs Launcher missing env exports Trace parent PID environment snapshot
TLS unknown_ca errors Corporate MITM trust gap Align trust stores with approved browsers
Failures only on office Wi-Fi Captive portal or split tunnel DNS Test tethered baseline, fix resolver policy
Works on macOS host, breaks in WSL Loopback bridging differs Point proxy at Windows host IP, fix firewall allowances

Team habits that keep Codex reliable

Mature groups version-control small Mihomo override fragments, document whether engineers must run Verge with system proxy enabled, and add smoke curls to onboarding scripts—without embedding secrets. They also schedule periodic audits because AI workloads surface weak nodes casual browsing never trips.

Annotate incident threads with trimmed Connections screenshots beside redacted Codex logs so network and platform folks share a common artifact instead of narrative drift.

Finally, separate vendor quotas from routing: if the dashboard shows hard rate limits, no proxy wizard rescues you until the account tier changes.

Risk, policy, and ethical egress

Bypassing sanctioned enterprise egress violates policy even when technically trivial; align with information security before enabling fleet-wide TUN. Respect OpenAI terms and regional regulations governing automated access—this guide improves transport reliability, not entitlement to disallowed use cases.

Visible FAQ snippets

Should I commit API keys beside proxy hints? Never—store keys in your platform vault; keep YAML snippets free of secrets.

Does model name affect routing? Branding like GPT-5.3-Codex helps runbooks and search; transport fixes stay identical across model strings.

Permanent TUN on laptops? Battery and route contention add up—prefer precise rules and targeted TUN sessions.

Why transparent rule stacks beat opaque “VPN on/off” for developers

Consumer VPN UIs optimize for a single glowing connect button; they rarely expose which policy sent api.openai.com to which relay. When OpenAI Codex degrades, that opacity wastes hours. Clash Verge Rev pairs Mihomo’s expressive API routing grammar with a GUI that shows live flows—so you edit rules with causal clarity rather than rebooting mystery daemons.

Lightweight SOCKS injectors without split semantics struggle once microservices multiply ephemeral ports across your workstation. A maintained Clash-class stack keeps developer ergonomics predictable: you see the row, you prepend the suffix, you measure again.

If brittle tunnels have you toggling random utilities that never explain their routing table, consolidating on a rule-observable stack keeps Codex sessions steady without abandoning the domestic/offshore split tunnel discipline many teams still require.

Download polished Clash builds for your platforms →