Clash Split Rules for Google Gemini and AI Studio: Domains and Node Tips

Why Gemini and AI Studio Deserve a Dedicated Policy Lane

Google Gemini traffic is not a drop-in replacement for the hostname sets you may already maintain for ChatGPT or Claude. The web app, AI Studio, and the public Generative Language API lean on Google accounts, wide googleapis.com surfaces, and regional policy behavior that can look like a “broken node” when the real issue is a missing DOMAIN-SUFFIX line or a DNS path that never touches Clash. Treating Gemini as its own proxy-group keeps those signals legible: when the studio UI loads but key generation fails, you can test the GEMINI group without destabilizing your general browsing pool.

This article assumes you already understand first-match routing and the difference between domestic-direct lists and a default MATCH. If those concepts feel rusty, read the rule-based routing guide first, then return here for a Google-specific inventory and verification script. For contrast with vendor-neutral AI splits, you can also skim the ChatGPT and Claude checklist—the philosophy matches, but the hostnames do not.

Domain Inventory: Web, Studio, API, and Auth

Google rotates edge configurations. Use the list below as a starting point you validate against your client connection log, not as an eternal rule file. When the UI shows a spinner forever, copy the failing Host header or SNI from the log and translate it into DOMAIN or DOMAIN-SUFFIX entries.

• Gemini consumer web often touches gemini.google.com and broader google.com hosts used by signed-in Google accounts.
• AI Studio commonly loads from aistudio.google.com and may pull scripts or telemetry from other *.google.com or *.gstatic.com hosts.
• Generative Language API calls typically target generativelanguage.googleapis.com. SDKs and tooling may also hit googleapis.com subdomains that differ slightly by feature flag.
• Developer docs and key flows may reference ai.google.dev or related marketing and documentation domains that still need to resolve cleanly through the same policy lane.
• Google account OAuth and session refresh frequently involve accounts.google.com, oauth2.googleapis.com, and sometimes ssl.gstatic.com for static assets. If the model answers but login loops, suspect auth hosts before you swap exit regions.

Prefer DOMAIN-SUFFIX for stable organizational roots such as googleapis.com when you genuinely intend to steer all API traffic through the same outbound. Be cautious: a blunt suffix that is too wide can drag unrelated Google APIs into a high-latency path. A pragmatic compromise is to list generativelanguage.googleapis.com explicitly first, then add broader googleapis.com coverage only if your logs prove additional subdomains are required.

Avoid lazy DOMAIN-KEYWORD,google patterns unless you enjoy debugging accidental matches on unrelated domains that happen to embed the substring in marketing copy or third-party trackers.

Proxy-Groups: Naming, Members, and Separation From General Traffic

Rules reference outbound or group names, not intentions. A readable layout mirrors what you probably already use for other international sites:

• DIRECT for LAN, RFC1918, and explicit domestic exceptions.
• PROXY for routine foreign browsing.
• GEMINI (or GOOGLE_AI) for Gemini web, AI Studio, and the Generative Language API endpoints you want on a tighter node list.

At first, GEMINI can mirror PROXY with identical members. The value is routing addressability: you can pin a low-loss node for long streaming responses without forcing every news site through the same hop. Later, if you discover that a specific region aligns with your Google account billing or quota behavior, set that region as the default selection inside GEMINI while leaving PROXY on automatic selection for everything else.

Health checks still matter. AI Studio and Gemini chats open long-lived HTTP connections; a marginal node shows up as mid-answer freezes rather than a crisp error dialog. Keep url-test intervals humane so you do not thrash during transient congestion.

A Copy-Friendly Rule Block (Conceptual YAML)

The excerpt below shows how to place Google AI surfaces above broad GEOIP shortcuts. Adjust names to match your profile; spacing and comma rules must satisfy your core parser.

# Conceptual excerpt — verify every hostname against your logs
proxy-groups:
  - name: GEMINI
    type: select
    proxies:
      - NODE-US-WEST
      - NODE-EU
      - PROXY
      - DIRECT

rules:
  - DOMAIN,generativelanguage.googleapis.com,GEMINI
  - DOMAIN-SUFFIX,aistudio.google.com,GEMINI
  - DOMAIN-SUFFIX,gemini.google.com,GEMINI
  - DOMAIN-SUFFIX,ai.google.dev,GEMINI
  - DOMAIN-SUFFIX,accounts.google.com,GEMINI
  - DOMAIN-SUFFIX,oauth2.googleapis.com,GEMINI
  - DOMAIN-SUFFIX,googleapis.com,GEMINI
  # Optional: tighten instead of widening if logs show only specific subdomains
  # ... domestic / GEOIP / MATCH logic follows ...

Notice the deliberate choice to pin generativelanguage.googleapis.com before a wider googleapis.com suffix if you later split Google Cloud traffic differently. Ordering inside the rules array is a design decision: first match wins, so place the most specific lines early and keep comments that explain why a suffix is broad.

Region, Account Country, and Node Selection in the Real World

Gemini availability and feature gates vary by account and region in ways that no Clash rule file can override. From a networking perspective, your job is to make the exit path consistent with the account story you are trying to tell: if Google expects a particular region for billing or enterprise policy, hopping between continents every few minutes can surface as mysterious quota errors that look like packet loss.

When you test nodes, change one variable at a time. Pick a candidate exit, reload the profile, sign out and back in if cookies look stale, then run the verification sequence in the next section. Document the working trio: core version, DNS mode, and the exact GEMINI member that stabilized both AI Studio and a raw API call.

If you operate multi-hop chains, remember that latency stacks. AI Studio preview panes are sensitive to tail latency; a beautiful speed-test score on the first hop means little when the second hop buffers aggressively.

Rule-Order Pitfalls That Masquerade as Gemini Outages

GEOIP ahead of your Gemini exceptions. Country databases are useful and imperfect. Anycast edges mean the IP your resolver returns might not match intuition. If a broad GEOIP,XX,DIRECT line wins first, you can waste hours rotating nodes when three DOMAIN-SUFFIX lines belonged higher in the file.

Aggressive MATCH,DIRECT experiments. Temporary testing profiles sometimes promote domestic defaults above everything else. The symptom is universal: OAuth succeeds in the browser, yet API clients report timeouts because half of the traffic never reached the tunnel.

Duplicate lines after subscription merges. Community rule sets frequently reintroduce the same suffix with different outbounds. Search your flattened rule list for repeated googleapis.com entries after every merge.

IPv6 surprises. If the operating system prefers IPv6 and your IP-CIDR6 coverage is incomplete, some flows will bypass the IPv4-minded world you thought you configured. When failures feel random, briefly disable IPv6 as a diagnostic, not necessarily as a permanent posture.

DNS, Fake-IP, and the Google Ecosystem

Clash does not automatically see the application’s original hostname in every scenario. Resolver behavior, fake-ip mode, and operating-system DNS-over-HTTPS toggles change which rules trigger. The classic failure mode is visible TLS names in the browser while the log shows IP-only matches you never meant to hit.

Under fake-ip, the core synthesizes short-lived answers so it can map connections back to domain rules. That breaks when another resolver bypasses Clash entirely—desktop browsers with secure DNS, Android Private DNS, or corporate split-horizon resolvers are common culprits. Align OS DNS settings, Clash listeners, and any TUN capture so queries and connections share one policy universe.

For whole-device consistency—IDE plugins, standalone SDKs, or mobile shells that ignore HTTP proxies—plan for TUN once your baseline domain rules behave. The companion article on TUN mode covers virtual NIC setup with the same DNS coupling story.

When debugging, avoid flipping five toggles simultaneously. Adjust resolver hijack or fake-ip once, reload, and retest a single AI Studio prompt plus one API call. Narrow experiments keep logs interpretable.

Web Studio, API Keys, and SDK Traffic

AI Studio in the browser is the easiest surface to validate: DevTools lists hostnames plainly, and system proxy mode usually cooperates if TUN is not yet enabled. Confirm GEMINI hits here before you chase command-line tools.

API keys and REST calls strip away UI noise but introduce auth headers and intermittent HTTP 429 responses that resemble routing failures. Point your SDK at the same outbound you selected for the studio, then compare end-to-end latency instead of chasing DNS ghosts first.

Vertex AI and enterprise Google Cloud paths may introduce additional *.googleapis.com hostnames and regional endpoints. This page focuses on the consumer-oriented Gemini plus AI Studio pairing; if your employer mandates Vertex-only access, extend the suffix list using Cloud audit logs rather than guesswork.

Verification Checklist You Can Run in Ten Minutes

1. Reload the profile and confirm Clash reports no YAML errors.
2. Open AI Studio, start a trivial prompt, and watch which rule triggers for the dominant hosts.
3. Issue a minimal Generative Language API request with your key using the same system proxy or TUN path.
4. Sign out and back into Google if OAuth cookies were minted before the new rules landed.
5. Repeat with an alternate node inside GEMINI to separate account issues from path issues.

If step two succeeds while step three fails, you almost certainly missed an API subdomain or still have a resolver bypass. If both fail, reconsider auth hosts and rule order before you touch upstream bandwidth tests.

What “Stable Access” Means for Google AI in 2026

Marketing language loves stable access, but stability is a stack: DNS consistency, healthy nodes, sane defaults, and realistic client power settings on laptops and phones. Clash governs the middle layers. It cannot fix an expired subscription, an account flag, or organizational policy that blocks generative features outright.

When you find a working combination, write it down: core build, GUI version, DNS mode, and the GEMINI member name. Future you will otherwise repeat the same scavenger hunt after the next automatic profile merge from a community maintainer.

For neutral keyword references beyond this opinionated checklist, pair these rules with the configuration documentation hub.

Closing Thoughts

Google Gemini and AI Studio in 2026 sit in a different hostname constellation than OpenAI or xAI stacks. Giving that constellation a named proxy-group, an explicit DOMAIN-SUFFIX plan, and a DNS stack that actually feeds the rule engine turns vague “AI proxy” advice into something you can diff, review, and merge like normal infrastructure code.

Compared with browser-only workarounds, a maintained Clash GUI on the Mihomo family of cores keeps Gemini routing beside the rest of your policy tree—which is where it belongs if generative tools are part of everyday engineering work.

→ Download Clash for free and experience the difference.