Tutorial 2026-04-05 · ~17 min read

DeepSeek and Gemini Together: Route China vs Global AI Traffic With Clash in 2026

A common 2026 workflow is bilingual or cross-vendor: DeepSeek (or similar China-accessible models) for fast Chinese drafting, and Google Gemini inside Workspace, AI Studio, or third-party clients for other tasks. The networks behind them differ: mainland-optimized endpoints usually want low-latency DIRECT paths, while Gemini and most Google generative APIs expect a consistent overseas egress. If your Clash profile still relies on coarse GEO rules or permanent Global mode, you pay twice—domestic AI rides an unnecessary detour, and Gemini leaks to DIRECT with half-loaded UIs, OAuth loops, or silent stream failures. This guide focuses on domain rules, rule-set ordering, DNS alignment, and optional process-based tweaks so Clash becomes an intentional split brain instead of a roulette wheel.

Why mixed stacks punish vague routing more than single-vendor chat

Our ChatGPT / Grok article already covers long-lived streams and node health for “mostly overseas” assistants. Mixing China-hosted models with Gemini adds a directional conflict: some hostnames must never touch your Tokyo hop, while others must never land on a mainland-only resolver answer. The failure modes are subtle—not a clean “cannot connect” banner but high time-to-first-token, missing side panels, or uploads that succeed in one tab and stall in another.

  • Parallel dependencies: a single browser session may pull OAuth, CDN, telemetry, fonts, and websocket endpoints; splitting them across policies feels like random lag.
  • API vs console: CLI tools and IDE plugins often hit different suffixes than the marketing site; copying one community snippet rarely covers both.
  • Subscription rule-sets: broad “non-China ⇒ proxy” templates are convenient yet may sweep domestic AI vendors into the wrong group unless you insert higher-confidence DIRECT rows.

Nothing here helps bypass lawful controls—assume you are entitled to use each service from your environment. The goal is quality of experience: correct exits, readable logs, and fewer “change node until magic happens” evenings.

Symptoms: detour vs leak

Before editing YAML for an hour, tag what you observe. Open your client’s Connections view and sort mentally into two buckets.

Quick patterns

  • DeepSeek feels slower than cellular: often proxied by mistake; check whether a catch-all rule fires before your DIRECT exceptions.
  • Gemini shell renders but the canvas never starts: classic partial leak—static hosts proxy while API hosts stay DIRECT, or vice versa.
  • Login succeeds, workspace widgets empty: inconsistent egress between identity and data-plane hosts; also watch IPv4/IPv6 splits.
  • Only a desktop shell misbehaves: suspect system proxy bypass; validate TUN and competing VPNs before touching domain lists.

Capture three columns—hostname, matched rule, real outbound—for one failing minute. That artifact beats forum screenshots when you revisit the profile weeks later.

DNS first: split resolvers double the damage

Mixed stacks amplify DNS inconsistency. If the browser resolves Gemini edges through one path while Clash embedded DNS resolves another, rule matching may target the wrong geography even when your YAML “looks right.” Fake-ip setups add another layer: transient disagreement between apps shows up as hangs rather than hard errors.

  • Debug mode: temporarily disable browser-only DoH or align everyone on the same resolver while you establish a baseline.
  • Domestic names: ensure mainland AI domains are not resolved through a remote DNS that returns suboptimal or filtered answers.
  • Google infrastructure: if googleapis.com or gstatic.com answers are poisoned or filtered, no amount of proxy polishing fixes the handshake.

Tell-tale log gap

Long empty stretches before TLS in logs usually mean DNS interaction, not “pick another city.” Fix resolution before chasing latency leaderboards.

China-side AI: keep high-confidence names on DIRECT

Vendors move endpoints; your connection log is the contract. Still, you need a mental model of what to pin above broad GEOIP or “non-CN” rules.

Illustrative shapes (verify live)

  • Official console/API suffixes such as DOMAIN-SUFFIX,deepseek.com when traces show that asset.
  • Companion object-storage or download hosts that appear only during attachments—add narrowly after you see stalls.
  • Enterprise gateways on distinct domains—give them their own early DIRECT rows.

Place these entries before aggressive proxy catch-alls. If a remote rule-set reintroduces conflicts, override locally with smaller, trusted snippets rather than disabling the entire pack blindly.

Gemini and Google generative traffic: one dedicated “global AI” group

Gemini rarely equals a single hostname. Build a policy group—call it whatever you like—that collects Google generative surfaces plus shared dependencies. Again, treat the following as examples to validate in your traces:

Frequent suffix families

  • DOMAIN-SUFFIX,google.com, DOMAIN-SUFFIX,googleapis.com, DOMAIN-SUFFIX,gstatic.com—trim if your threat model allows more specific rows.
  • AI Studio, Vertex, Generative Language API hosts that appear alongside streaming calls.
  • OAuth and account flows should share the same stable egress as API traffic to avoid split sessions.

Aggressive privacy lists sometimes block gstatic or analytics endpoints that the UI still waits on—yielding “CSS loaded, brain missing.” If a new rule-set breaks Gemini instantly, roll back and reintroduce slices.

Approach Experience Risk
Explicit DIRECT for China AI + proxy bucket for Google Best latency/stability trade-off for mixed daily use. You must maintain a short list as vendors shift edges.
Permanent Global Useful for five-minute A/B tests. Local services suffer; logs become noisy.
GEOIP-only split Fast to import. Often mis-classifies hybrid or anycast endpoints.

Rule order and remote rule-sets in 2026

Clash evaluates top to bottom. A maintainable template for AI-heavy users:

  1. LAN, localhost, captive portals, and verified DIRECT exceptions (China AI).
  2. Overseas generative / collaboration SaaS bucket (Gemini and friends).
  3. GEOIP or provider defaults for generic traffic.
  4. MATCH to a conscious manual or auto group—not an accident.

Remote rule-set refresh intervals should be realistic: too aggressive thrashes during CDN cutovers; too lazy leaves stale denies. Pair automation with occasional manual diff reviews when an SDK update lands.

List inflation

Tracker blockers can starve feature-flag or telemetry endpoints that the client awaits quietly. AI products are particularly sensitive to “almost blocked.”

Process-based rules (Meta-class cores)

When a binary ignores system proxy—common for CLIs—domain-only routing may wobble. Some kernels let you tag traffic by executable path so every socket from that tool shares the same policy group as your browser Gemini session. Use this sparingly: upgrades change install paths, and rules rot silently.

Policy groups: pair “DIRECT default” with “global AI”

Instead of global manual node hopping, structure two layers: a domestic default (often DIRECT with fallbacks) and an overseas AI group using url-test plus fallback for resilience. Gemini sessions dislike flapping exits; widen health-check tolerances and avoid sub-minute churn unless you enjoy re-auth prompts.

  • Validate with real streaming prompts, not ICMP snapshots.
  • When debugging authentication, manually pin a clean node, fix the flow, then restore automation.

IPv6, QUIC, and “it works in one browser”

Dual-stack homes sometimes send one address family through DIRECT while the other accidentally satisfies a different rule. The UI symptom is eerily like a partial Gemini failure: assets arrive over one path while API calls stall on the other. When logs look contradictory, try a controlled experiment—temporarily bias the stack or tighten IPv6 handling in Clash—and observe whether DeepSeek and Gemini both stabilize. Document what changed; seasonal router firmware updates love to re-enable IPv6 tunnels you forgot about.

HTTP/3 and QUIC add another variable: some clients upgrade aggressively. If your provider or local firewall treats UDP differently from TCP, you may see smooth marketing pages (HTTP/2) beside flaky streams (QUIC). Before blaming Google, compare the same task in a browser profile with QUIC disabled—if behavior snaps into place, tune firewall or protocol settings rather than rewriting half your domain list.

System proxy, TUN, mobile clients

Browsers usually honor OS proxy settings; packaged Electron apps may not. If symptoms isolate to one binary, walk system proxy → per-app settings → TUN, watching for route fights with corporate VPNs. Mobile clients differ by implementation—confirm whether you have device-wide tunneling or browser-only coverage.

On phones, “VPN” icons can mislead: some implementations only wrap DNS while leaving certain sockets bare, others emulate split tunnels per app. When Safari works but a vendor app does not, compare packet capture permissions and OS-level VPN profiles before assuming Gemini itself is down. The fix is often elevating tunnel priority, not importing another thousand-line blocklist.

Compliance

Respect local regulation, employer device policy, and each vendor’s terms. This article discusses network engineering on hardware you are allowed to configure—not circumvention.

FAQ

Only DeepSeek is sluggish

Likely proxied or poorly resolved. If logs show a proxy outbound, elevate DIRECT rules. If already DIRECT, look at last-mile ISP issues unrelated to Clash.

Gemini partially loads

Add missing suffixes from failing hosts; resist flipping Global as a permanent fix.

Do simultaneous tabs interfere?

They share DNS and policy groups. Isolation requires separate profiles or machines—usually not worth it unless compliance mandates separation.

Checklist for 2026

  1. Align DNS; remove conflicting DoH during baseline tests.
  2. Insert high-confidence DIRECT rows for domestic AI ahead of broad proxy rules.
  3. Group Gemini-related suffixes into a stable overseas policy chain.
  4. Soften auto node switching while long sessions run.
  5. Prove each YAML change with three-column connection notes.

Download a maintained client

Modern cores and attentive UIs save hours versus stale forks. Start clean, import thoughtfully, then iterate with logs—not superstition.

When you revisit this profile after a few months, the names that matter will have shifted slightly: a new Gemini subdomain, a relocated DeepSeek API edge, or an extra OAuth hop from a Workspace update. That is normal. Keep a dated note in your user rules (“last verified April 2026”) so you know when to re-run a quick log sweep instead of assuming rot is a moral failure. The upside of disciplined splitting is that those updates are small, local patches—not full-profile panic.

If you onboard teammates, share the three-column logging habit before sharing YAML: once people can read hostname, matched policy, and outbound, they stop asking for “the magic node” and start proposing evidence-backed rule tweaks instead.

Download Clash free and build a maintainable split for DeepSeek, Gemini, and the rest of your 2026 stack

Two models, two deliberate exits

Write the split, align DNS, calm your policy groups—fewer wrong nodes, less mystery lag.

Download Clash
Previous
← Copilot & Office web split
Next
Connected but no internet →

Related articles

Tutorial

ChatGPT & Grok routing

 Advanced

Developers: Cursor & AI routing

 Basics

Beginner’s guide to Clash