Bug type
Regression (worked before, now fails)
Beta release blocker
No
Summary
Setting http_proxy environment variables to bypass a local Fake IP SSRF block causes OpenClaw's CLI and WebUI to silently hang and fail without returning any errors when querying Gemini models.
Steps to reproduce
- Set up a Linux environment (e.g., Ubuntu) running a transparent proxy (like v2rayA in tproxy mode) with "Fake IP" enabled for DNS resolution.
2.Configure OpenClaw (v2026.4.21) with a valid Gemini API key.
3.Attempt to call the Gemini model without explicitly setting proxy variables:
openclaw infer "Test" --model google/gemini-3-flash-preview
4.Check the Gateway logs and observe the internal SSRF security block:
blocked URL fetch... reason=Blocked: resolves to private/internal/special-use IP address
5.To bypass the Fake IP resolution, explicitly inject the local HTTP proxy variables into the terminal:
export http_proxy="http://127.0.0.1:20171"
export https_proxy="http://127.0.0.1:20171"
6.Run the inference command again in the same terminal:
openclaw infer "Test" --model google/gemini-3-flash-preview
7.Observe the bug: The CLI (and similarly the WebUI) hangs, generates no response, and silently fails without throwing any HTTP errors or timeout warnings to the user interface.
Expected behavior
1.When http_proxy and https_proxy environment variables are provided, the OpenClaw Gateway should respect them and route the outgoing API request through the specified proxy. This should bypass the local Fake IP DNS resolution and successfully complete the inference call to the Gemini model.
2.If the request fails for any reason (e.g., proxy connection refused, timeout, or an upstream API error), OpenClaw should not fail silently. It must surface an explicit, descriptive error message to the CLI and WebUI to inform the user of the exact failure.
Actual behavior
After setting the http_proxy and https_proxy environment variables and initiating the request, the CLI (openclaw infer or openclaw tui) and the WebUI fail silently.
There is absolutely no response generated from the Gemini model, and the interface simply hangs or terminates without surfacing any explicit error messages (such as network timeouts, HTTP 400/500 codes, or connection refused warnings). In the background logs, the agent appears to quit quietly (sometimes leaving a brief warn agent/embedded embedded run agent end trace), but the user is left completely unaware of the underlying failure.
OpenClaw version
2026.4.21
Operating system
Ubuntu 24.0.4 / Windows11 25H2
Install method
No response
Model
google/gemini-3.1-flash-lite-preview
Provider / routing chain
Provider: Google Model: google/gemini-3-flash-preview (also tested with google/gemini-3.1-flash-lite-preview) Routing Chain: OpenClaw Gateway -> Local HTTP/HTTPS Proxy (http://127.0.0.1:20171 provided by v2rayA) -> Official Google API endpoint (generativelanguage.googleapis.com)
Additional provider/model setup details
- Auth Profile: API key is managed via
auth-profiles.json. openclaw models status correctly reflects the Google provider as effective with api_key=1.
- Environment Context: Environment variables (
http_proxy, https_proxy) are injected via terminal export and verified within the shell before running openclaw infer.
- Config Context: Using default agent settings under
~/.openclaw/agents/main/agent. No custom per-agent routing overrides are currently applied.
- Network Stack: The system uses
v2rayA for transparent proxying, but OpenClaw is specifically directed to the local HTTP port (127.0.0.1:20171) to avoid the SSRF block triggered by Fake IP resolution on the Gateway.
Logs, screenshots, and evidence
Impact and severity
- Affected users/systems/channels: Users running OpenClaw on Linux environments with transparent proxies (specifically those utilizing Fake IP/tproxy setups). Affects both CLI and WebUI channels.
- Severity: Blocks workflow. The core functionality of the agent is completely inaccessible because the request cycle cannot be completed.
- Frequency: Always. The issue occurs consistently every time the Gemini API is called while the HTTP proxy environment variables are active.
- Consequence: Total service failure for the affected provider. Users cannot send or receive messages from the AI, rendering the OpenClaw deployment non-functional for its primary purpose.
Additional information
No response
Bug type
Regression (worked before, now fails)
Beta release blocker
No
Summary
Setting http_proxy environment variables to bypass a local Fake IP SSRF block causes OpenClaw's CLI and WebUI to silently hang and fail without returning any errors when querying Gemini models.
Steps to reproduce
2.Configure OpenClaw (v2026.4.21) with a valid Gemini API key.
3.Attempt to call the Gemini model without explicitly setting proxy variables:
openclaw infer "Test" --model google/gemini-3-flash-preview
4.Check the Gateway logs and observe the internal SSRF security block:
blocked URL fetch... reason=Blocked: resolves to private/internal/special-use IP address
5.To bypass the Fake IP resolution, explicitly inject the local HTTP proxy variables into the terminal:
export http_proxy="http://127.0.0.1:20171"
export https_proxy="http://127.0.0.1:20171"
6.Run the inference command again in the same terminal:
openclaw infer "Test" --model google/gemini-3-flash-preview
7.Observe the bug: The CLI (and similarly the WebUI) hangs, generates no response, and silently fails without throwing any HTTP errors or timeout warnings to the user interface.
Expected behavior
1.When http_proxy and https_proxy environment variables are provided, the OpenClaw Gateway should respect them and route the outgoing API request through the specified proxy. This should bypass the local Fake IP DNS resolution and successfully complete the inference call to the Gemini model.
2.If the request fails for any reason (e.g., proxy connection refused, timeout, or an upstream API error), OpenClaw should not fail silently. It must surface an explicit, descriptive error message to the CLI and WebUI to inform the user of the exact failure.
Actual behavior
After setting the http_proxy and https_proxy environment variables and initiating the request, the CLI (openclaw infer or openclaw tui) and the WebUI fail silently.
There is absolutely no response generated from the Gemini model, and the interface simply hangs or terminates without surfacing any explicit error messages (such as network timeouts, HTTP 400/500 codes, or connection refused warnings). In the background logs, the agent appears to quit quietly (sometimes leaving a brief warn agent/embedded embedded run agent end trace), but the user is left completely unaware of the underlying failure.
OpenClaw version
2026.4.21
Operating system
Ubuntu 24.0.4 / Windows11 25H2
Install method
No response
Model
google/gemini-3.1-flash-lite-preview
Provider / routing chain
Provider: Google Model: google/gemini-3-flash-preview (also tested with google/gemini-3.1-flash-lite-preview) Routing Chain: OpenClaw Gateway -> Local HTTP/HTTPS Proxy (http://127.0.0.1:20171 provided by v2rayA) -> Official Google API endpoint (generativelanguage.googleapis.com)
Additional provider/model setup details
auth-profiles.json.openclaw models statuscorrectly reflects the Google provider as effective withapi_key=1.http_proxy,https_proxy) are injected via terminalexportand verified within the shell before runningopenclaw infer.~/.openclaw/agents/main/agent. No custom per-agent routing overrides are currently applied.v2rayAfor transparent proxying, but OpenClaw is specifically directed to the local HTTP port (127.0.0.1:20171) to avoid the SSRF block triggered by Fake IP resolution on the Gateway.Logs, screenshots, and evidence
Impact and severity
Additional information
No response