AI CLI 无法登录？Gemini CLI、Codex CLI、Claude Code 代理设置教程

📍 The Problem: Your Browser Works, but the AI CLI Cannot Log In

If you are using Gemini CLI, Codex CLI, or Claude Code CLI in a restricted network environment, you may run into this situation: Google, ChatGPT, or Claude opens normally in your browser, but the CLI in your terminal fails to log in, keeps spinning, times out, reconnects repeatedly, or shows an error such as User location is not supported.

This usually does not mean your account is broken, and it does not always mean the CLI is broken. The more common reason is simple: your browser is using the proxy, but your terminal is not. Many proxy apps automatically help browsers use the proxy, but terminal commands do not always follow that setting.

This guide will show you how to find your local proxy port, set proxy variables for the terminal, test whether the setup works, and configure Gemini CLI, Codex CLI, and Claude Code correctly.

✅ Quick Answer: This Fix Works for Most Users

If you just want the CLI to work as soon as possible, follow this order:

Open your proxy app, such as Clash, v2rayN, Shadowrocket, Surge, or Clash Verge.
Find the app’s HTTP proxy port or mixed port. Common examples are 7890, 10808, and 10809.
Set HTTP_PROXY, HTTPS_PROXY, and NO_PROXY in your terminal.
Run gemini, codex, or claude again in the same terminal.
If it still fails, enable TUN mode or enhanced mode in your proxy app.

The most important point is this: a working browser does not prove that the CLI can access the network. CLI tools run in the terminal, so you must make sure the terminal is using the proxy too.

🧠 Why Can the Browser Connect While the Terminal Cannot?

After a proxy app is enabled, it often sets a “system proxy.” Browsers usually read the system proxy automatically, so websites open normally. But command-line tools such as Gemini CLI, Codex CLI, and Claude Code run inside the terminal, and they may not automatically read the system proxy.

Terminal programs often rely on these environment variables:

HTTP_PROXY: routes HTTP requests through the proxy.
HTTPS_PROXY: routes HTTPS requests through the proxy.
ALL_PROXY: routes more request types through the proxy, but it is not suitable for every CLI.
NO_PROXY: tells programs which addresses should not use the proxy, such as localhost and 127.0.0.1.

NO_PROXY is important. Many AI CLI login flows open a local callback address on your own computer. If local addresses are also sent through the proxy, the browser login may succeed but the CLI may never receive the login result.

🔌 Step 1: Find Your Local Proxy Port

Do not blindly copy someone else’s port number. Different apps, versions, and configurations may use different ports. Open your proxy app and look for the HTTP proxy port or mixed port.

Common ports are only examples:

Clash / Clash Verge / Mihomo common ports: 7890, 7897
v2rayN common HTTP ports: 10808, 10809, 1081
Shadowrocket / Surge / other proxy apps: use the HTTP port shown inside the app

If your proxy app shows that the HTTP port is 7890, use 127.0.0.1:7890 in the commands below. If your port is different, replace 7890 with your own port.

Important: even though the variable is named HTTPS_PROXY, the local address usually still starts with http://, for example http://127.0.0.1:7890. Do not change it to https://127.0.0.1:7890 unless your proxy app explicitly says so.

🪟 Windows Setup

If you are using Windows, open PowerShell and copy the commands below. This example uses port 7890:

$env:HTTP_PROXY="http://127.0.0.1:7890"
$env:HTTPS_PROXY="http://127.0.0.1:7890"
$env:NO_PROXY="localhost,127.0.0.1,::1"

Then run the CLI in the same PowerShell window:

gemini
codex
claude

These settings only apply to the current PowerShell window. If you close the window, they disappear. This is normal. If you open a new terminal, set them again.

🍎 macOS / Linux Setup

If you are using macOS or Linux, open Terminal and copy the commands below. This example uses port 7890:

export HTTP_PROXY=http://127.0.0.1:7890
export HTTPS_PROXY=http://127.0.0.1:7890
export NO_PROXY=localhost,127.0.0.1,::1

Then run the CLI in the same terminal window:

gemini
codex
claude

These settings also only apply to the current terminal window. If you close and reopen Terminal, run the commands again.

🧪 Step 2: Test Whether the Proxy Works

After setting the proxy variables, test the network first. Do not rush to log in to the CLI before confirming that the terminal can reach the official API endpoints.

Windows PowerShell:

curl.exe -I https://api.openai.com
curl.exe -I https://api.anthropic.com
curl.exe -I https://generativelanguage.googleapis.com

macOS / Linux:

curl -I https://api.openai.com
curl -I https://api.anthropic.com
curl -I https://generativelanguage.googleapis.com

A response such as 401, 403, or 404 is not always bad. It often means the request reached the server, but you are not logged in or do not have permission. The real problems are errors like:

timeout
connection refused
could not resolve host
network unreachable

If you see these errors, the terminal proxy is not configured correctly yet, or the proxy port is wrong.

🤖 Gemini CLI Setup

Gemini CLI can read the ~/.gemini/.env file. If you use Gemini CLI often, put the proxy variables in this file so you do not have to type them every time.

Create or edit this file:

~/.gemini/.env

Add:

HTTP_PROXY=http://127.0.0.1:7890
http_proxy=http://127.0.0.1:7890
HTTPS_PROXY=http://127.0.0.1:7890
https_proxy=http://127.0.0.1:7890
NO_PROXY=localhost,127.0.0.1,::1

If your port is not 7890, replace it with your own port. Save the file, restart Terminal, and run:

gemini

💬 Claude Code Setup

Claude Code supports standard proxy variables such as HTTP_PROXY, HTTPS_PROXY, and NO_PROXY. One important detail: Claude Code does not support SOCKS proxies. If your proxy app provides both HTTP and SOCKS ports, use the HTTP port.

For a temporary run, use:

HTTPS_PROXY=http://127.0.0.1:7890 \
HTTP_PROXY=http://127.0.0.1:7890 \
NO_PROXY=localhost,127.0.0.1,::1 \
claude

You can also write the variables into Claude Code’s settings file:

~/.claude/settings.json

{
  "env": {
    "HTTP_PROXY": "http://127.0.0.1:7890",
    "HTTPS_PROXY": "http://127.0.0.1:7890",
    "NO_PROXY": "localhost,127.0.0.1,::1"
  }
}

After saving, restart Terminal or Claude Code. If it still fails, check whether your proxy app has an HTTP port, not only a SOCKS port.

🧩 Codex CLI Setup

Codex CLI can be sensitive to network behavior. If you see repeated reconnecting, WebSocket failures, or stream disconnected before completion, try the HTTP proxy port first instead of SOCKS5.

For a temporary run, use:

HTTP_PROXY=http://127.0.0.1:7890 \
HTTPS_PROXY=http://127.0.0.1:7890 \
NO_PROXY=localhost,127.0.0.1,::1 \
codex

If you use Codex CLI often, you can try creating this file:

macOS / Linux: ~/.codex/.env
Windows: C:\Users\YourName\.codex\.env

Add:

HTTP_PROXY=http://127.0.0.1:7890
HTTPS_PROXY=http://127.0.0.1:7890
NO_PROXY=localhost,127.0.0.1,::1

After saving, restart Codex CLI and test:

codex doctor --summary --ascii --no-color

If Codex still reconnects repeatedly, an old Codex background process may still be using old settings. Close related terminals, quit the Codex app if it is open, and restart the computer if necessary.

🛜 When Should You Enable TUN Mode?

If you have already set HTTP_PROXY and HTTPS_PROXY but some CLI requests still fail, try enabling TUN mode, enhanced mode, or virtual adapter mode in your proxy app.

TUN mode lets the proxy app capture more application traffic. It is useful when:

You already set the environment variables, but the CLI still cannot connect.
Browser authorization succeeds, but the terminal still says login failed.
VS Code extensions, IDE plugins, WebSocket connections, or background requests are unstable.

In Clash Verge, Mihomo, v2rayN, and similar apps, the option may be named TUN Mode, Enhanced Mode, Service Mode, Auto Route, DNS Hijack, or Virtual Adapter Mode. Windows usually requires administrator permission.

If TUN mode affects your company intranet, local devices, Docker, WSL, games, or SSH, turn it off and use the terminal proxy variables instead.

🖥️ Special Note for WSL Users

If you run Clash or v2rayN on Windows but run Gemini, Codex, or Claude inside WSL, 127.0.0.1 inside WSL may not point to the Windows host.

In that case, you may need to use the Windows host IP that WSL can reach, for example:

export HTTP_PROXY=http://172.20.96.1:7890
export HTTPS_PROXY=http://172.20.96.1:7890
export NO_PROXY=localhost,127.0.0.1,::1

The IP may be different on every computer. You can check it with ip route or cat /etc/resolv.conf. Before using it, test whether the port is reachable.

⚠️ Common Mistakes

❌ Writing HTTPS_PROXY as https://127.0.0.1:7890: most local proxy ports should use http://.
❌ Forgetting NO_PROXY: this may cause the browser login to succeed while the CLI cannot receive the local callback.
❌ Copying someone else’s port: always check the port inside your own proxy app.
❌ Not restarting the terminal: old terminal windows or background processes may still use old settings.
❌ Using SOCKS5 first: Claude Code does not support SOCKS, and Codex is often more stable with an HTTP proxy.
❌ Treating every error as a network issue: if the request reaches the server but mentions quota, payment, region, or account permissions, check your account status instead of changing proxy settings again.

🔐 Safety Tips

Do not share your password, verification code, API key, or token with anyone.
If you need help with a screenshot, hide your email, keys, verification codes, order numbers, and other sensitive information first.
Do not run random scripts from strangers. The commands in this guide only set proxy variables in the current terminal and do not change your account.

📝 Summary

When Gemini CLI, Codex CLI, or Claude Code cannot log in or connect, the most common reason is: the browser uses the proxy, but the terminal does not.

The recommended order is: find your proxy port, set HTTP_PROXY, HTTPS_PROXY, and NO_PROXY, test with curl, and then run the CLI again.

If normal environment variables still do not solve the problem, try TUN / enhanced mode. This troubleshooting order is stable and avoids messing up the whole computer’s network settings.

AI CLI Won’t Log In? Proxy Setup Guide for Gemini CLI, Codex CLI, and Claude Code