Why “ChatGPT Won’t Load” Often Means Your Exit Keeps Moving

Generative AI in daily use is not a single fetch to a static page. The ChatGPT web app keeps multiple HTTPS connections busy for assets, streaming completions, and background telemetry. The OpenAI API path used by scripts and integrations opens its own TLS sessions with different libraries, timeouts, and retry policies. When Clash sends those flows through a policy group that flips upstream relays on a schedule—or when overlapping rules steer chat.openai.com and api.openai.com through different countries—you can trigger user-visible failures that masquerade as “OpenAI is down.”

Regulators, campuses, and home ISPs also shape the story. Some networks throttle or classify AI endpoints; others work fine for generic sites but fail on specific providers. Even when the service is healthy globally, your local combination of DNS answers, proxy selection, and residual cookies can produce ChatGPT not loading symptoms in the browser while curl to OpenAI API endpoints still returns 200 from another path. The fix begins the same way we handle other vendor-critical traffic: treat it as an explicit traffic class, pin a fixed node when debugging, and prove which Clash split routing rule matched before you blame tokens or quotas.

This article stays on the OpenAI side of the fence. If you need Anthropic-specific coverage—claude.ai, Anthropic console, and TLS/SNI edge cases—read Claude.ai routing, sticky nodes, and SNI checks after you sketch OpenAI rules here. The disciplines overlap, but the hostnames and client surfaces differ enough to warrant separate defaults.

💡
Design goal Put browser ChatGPT flows and API-shaped calls under one predictable policy group you can reason about, keep that group stable during an investigation, and validate with logs—not vibes.

Web, API, and Platform: Which Hostnames Matter

Start by naming destinations you actually saw in connection logs during a failure. The obvious anchors include openai.com, chatgpt.com, chat.openai.com, api.openai.com, and platform.openai.com for dashboards and keys. Real-world captures also include CDN fronts, OAuth callbacks, and occasional third-party scripts blocked by over-eager filter lists. Community rule providers help as a shortcut; your log lines remain authoritative for your machine on the day you troubleshoot.

Do not assume parity between surfaces. A Python job using an official SDK might ignore system proxy settings unless you export environment variables or adopt TUN capture. A browser tab honors certificate stores the CLI never sees. The practical question is the same for each surface: which resolver returned which IP, which outbound carried bytes, and did that choice change between retries? If the answer is yes, API consumers may observe elevated 429 rates, odd authentication refresh loops, or long hangs that look like provider-side instability when the root cause is local path churn.

Against that background, “stable” does not mean “never change nodes.” It means you change them deliberately—after you can read rule hits and predict the next hop. For broader philosophy on domestic DIRECT versus overseas PROXY baselines, read split routing for DIRECT and PROXY before you carve exceptions for AI vendors.

Domain-Level Split Rules for OpenAI Traffic

Effective Clash split routing for OpenAI begins with explicit matches placed where your profile will not accidentally skip them. Private ranges and loopbacks should still short-circuit first. Then add a compact, hand-reviewed block for the AI vendor: suffix rules for openai.com and chatgpt.com, plus any additional domains your logs show during login or billing. Follow with your subscription’s remote categories if you use them, and end with a conservative MATCH that mirrors your risk tolerance.

Ordering matters because first-match wins. If a large GEOIP or country rule appears above your OpenAI exception, you can spend hours toggling nodes without ever hitting the branch you thought you wrote. Large lists also drift: providers update categories, rename files, or reorder entries. Treat remote imports like dependencies—review diffs, pin versions when feasible, and keep your personal overrides in a merge layer so subscription refreshes do not erase intent. Our Clash Meta overrides guide shows how to append rules without fighting your airport’s base YAML.

If you maintain separate stacks for work and home, copy the OpenAI block between them as a tiny module. Consistency across devices reduces “API works on laptop, ChatGPT not loading on phone” mysteries that are often nothing more than two profiles with different default groups.

A Baseline YAML Shape (Illustrative)

The snippet below is intentionally minimal. Adapt names, transport types, and ordering to your complete profile, LAN shortcuts, and anti-leak sections.

# Example only — verify hostnames against your own logs
proxy-groups:
  - name: PROXY_OPENAI
    type: select
    proxies:
      - NODE_STABLE_PRIMARY
      - NODE_STABLE_SECONDARY
      - AUTO_GENERIC

rules:
  - DOMAIN-SUFFIX,openai.com,PROXY_OPENAI
  - DOMAIN-SUFFIX,chatgpt.com,PROXY_OPENAI
  - DOMAIN-SUFFIX,chat.openai.com,PROXY_OPENAI
  - DOMAIN-SUFFIX,api.openai.com,PROXY_OPENAI
  - DOMAIN-SUFFIX,platform.openai.com,PROXY_OPENAI
  # Append log-discovered hosts (CDN, OAuth) under the same group while debugging

Pair suffix rules with periodic log reviews. CDNs evolve; a hostname that appeared once may move. When in doubt, capture the failing window with verbose-enough tracing and add only what evidence supports.

Fixed Nodes, Selectors, and When url-test Hurts Sessions

Automatic latency-based groups are comfortable day to day. They are also a common source of mid-session rotation: the probe declares a new winner, the next long request lands on a different egress, and cookie-heavy browser tabs or stateful API clients experience subtle resets. That is the intuitive case for a manually curated select group for OpenAI API shaped workloads—or for interactive ChatGPT sessions where you want continuity while you draft.

A fixed node in operator language is simply “I know which upstream relay handles this traffic right now.” It is not superstition; it is isolation. When failures disappear under a pinned exit, you have learned something about the unstable group or a bad member inside it. When failures persist, you escalate to DNS alignment, TLS inspection, or provider issues with clearer evidence.

Tune probe intervals conservatively if you insist on automation. Aggressive tests optimize benchmarks at the cost of conversational stability. Separate lightweight interactive groups from bulk download profiles so torrent or update traffic does not starve probes meant to model chat latency. If you share one subscription across family members, consider distinct selectors for AI tools versus video streaming to reduce accidental overlap.

DNS Modes, Sessions, and Risk-Control Signals

OpenAI’s products sit behind modern edge networks. Your resolver choices influence which POP you touch and how Clash classifies addresses. With fake-ip, domain rules align cleanly; with real-IP strategies, you must ensure the IP still maps to the domain you intended when policies match. Mixed resolver setups—browser using one path, core using another—produce intermittent “logged out” loops that look like account risk events.

Providers also respond to automated traffic patterns. While we do not speculate on proprietary scores, the observable fact is that bursty OpenAI API clients and fragile network paths interact poorly. Stabilizing your exit reduces avoidable retries that amplify rate limits. For DNS mode trade-offs without turning the topic into superstition, read fake-ip versus redir-host overview and pick one coherent story for your home network.

Logs First: Prove the Match, Then Change Knobs

Skipping logs turns engineering into folklore. Enable match visibility appropriate to your core (Meta/Mihomo-class), reproduce the failure once, and read which rule won and which outbound applied. Bursts of reconnects to the same hostname often indicate policy oscillation rather than packet loss. For a step-by-step workflow, use Clash logs and rule-hit tutorial before you rewrite half your YAML.

If logs show unexpected DIRECT egress for domains you meant to proxy, reorder or tighten rules. If logs show consistent proxy selection yet TLS still fails, investigate inspection software, captive portals, or split-horizon DNS—not another random node hop.

TUN, Environment Variables, and Developer Tools

System proxy mode wins on simplicity when applications cooperate. Many developer tools do not. Exporting HTTPS_PROXY works until a subprocess spawns clean environments or uses gRPC libraries that ignore env vars entirely. TUN raises capture fidelity: more processes traverse your policy stack, fewer silent leaks. It also requires thoughtful exclusions for LAN printers, local IDEs talking to emulators, and the proxy’s own listeners—avoid routing loops by reading platform notes carefully.

For a deeper pass aimed at engineers, continue with Clash TUN mode for Git, npm, and developer tools after you stabilize domain rules for OpenAI. Sequence matters: classify hostnames, pin a stable policy group, verify matches, then widen capture—not the reverse.

A Ten-Minute Checklist

Walk this in order during an incident. Align DNS outputs across browser and CLI for the same hostname. Switch the OpenAI group to a fixed select member and retry once. Inspect logs during the failure window for the matched rule and outbound. If TLS errors surface, check for antivirus HTTPS scanning before switching regions blindly. After changes, run a short browser chat and a minimal API smoke test so both surfaces share the same story.

Keep a tiny personal regression note: date, node name, transport, DNS mode, and whether TUN was enabled. Future you debugging after a subscription refresh will appreciate the breadcrumbs.

Compliance and Honest Scope

This guide assumes lawful personal network optimization and API usage that follows OpenAI’s terms, export rules, and your employer’s policies. Correct Clash split routing does not bypass eligibility requirements, create unauthorized accounts, or substitute for approved enterprise paths on managed devices. If your organization forbids split tunneling or generative AI access outright, coordinate with administrators rather than improvising silent exceptions.

Closing Thoughts

ChatGPT disconnects and OpenAI API mysteries shrink once you treat them as network phenomena with measurable answers. Explicit domain rules, a disciplined policy group, log-backed verification, and aligned DNS turn “randomly broken” into a sequence you can replay and fix. Compared with flipping global modes per app, Clash offers one policy surface—if you treat configuration like code and review changes with the same care you would give production infrastructure.

When you want a maintained client aligned with the guides on this site, start from our download hub instead of chasing random binaries. → Download Clash for free and experience the difference between unstable defaults and routing you can explain line by line.