Summary
olcli can time out in environments where a system proxy/VPN uses fake-IP DNS (for example Clash/Mihomo-style 198.18.0.0/15 fake IPs), because the CLI currently relies on Node's default http/https.request DNS lookup and does not expose a way to force direct resolution, disable proxy handling, or provide a custom lookup/agent.
Environment
@aloth/olcli: 0.5.0- Node: 22.x
- macOS
- Network setup: Clash/Mihomo-like local proxy app with system HTTP/HTTPS/SOCKS proxy enabled on
127.0.0.1:7892 and fake-IP DNS enabled
Symptoms
With the proxy/VPN app enabled:
olcli list
# - Fetching projects...
# ✖ Failed: Request timeout after 10000ms
curl through the local proxy can also fail TLS for Overleaf in this setup, while direct Node DNS resolution may receive/attempt fake-IP routing and time out.
A direct request works if I bypass the fake-IP DNS and connect to the real Overleaf address with the correct SNI/Host. For example, resolving www.overleaf.com via DoH gives 34.120.52.64, and this succeeds:
const https = require('node:https');
https.request({
hostname: '34.120.52.64',
servername: 'www.overleaf.com',
path: '/project',
method: 'HEAD',
headers: { Host: 'www.overleaf.com', 'User-Agent': 'Mozilla/5.0' },
timeout: 15000,
}, (res) => {
console.log(res.statusCode); // 302 or 200 depending on auth/cookies
res.resume();
}).end();I also confirmed that the session cookie was valid: low-level requests to Overleaf worked and returned the project list when the VPN/proxy path was not involved.
Current workaround
I made a small wrapper that preloads a Node bootstrap script via NODE_OPTIONS=--require .... The bootstrap monkey-patches dns.lookup for Overleaf-related hostnames and resolves them using DNS-over-HTTPS to Cloudflare, then lets olcli connect directly:
www.overleaf.com -> real A record via DoH*.overleaf.com, *.overleafusercontent.com, *.sharelatex.com- unset
HTTP_PROXY, HTTPS_PROXY, ALL_PROXY for the olcli process
That workaround makes this work while the proxy/VPN app remains enabled:
olcli-real-dns list
# Found 18 project(s)
Requested improvement
Would you consider adding first-class network controls to olcli, such as one or more of these?
- A
--no-proxy / OVERLEAF_NO_PROXY=1 mode that explicitly ignores proxy environment variables.
- A configurable request timeout, e.g.
--timeout-ms / OVERLEAF_TIMEOUT_MS.
- Support for custom DNS lookup or DNS override for the Overleaf base URL, e.g.
OVERLEAF_RESOLVE=www.overleaf.com:34.120.52.64.
- Support for an explicit
agent/proxy-agent configuration, so users can choose direct, HTTP proxy, SOCKS proxy, or custom routing deliberately.
The main issue is not authentication. It is that the current network layer is hard to adapt when the system has fake-IP DNS or a local proxy that breaks Overleaf TLS/routing.
I am happy to test a patch if you prefer a specific design.
Summary
olclican time out in environments where a system proxy/VPN uses fake-IP DNS (for example Clash/Mihomo-style198.18.0.0/15fake IPs), because the CLI currently relies on Node's defaulthttp/https.requestDNS lookup and does not expose a way to force direct resolution, disable proxy handling, or provide a custom lookup/agent.Environment
@aloth/olcli: 0.5.0127.0.0.1:7892and fake-IP DNS enabledSymptoms
With the proxy/VPN app enabled:
curlthrough the local proxy can also fail TLS for Overleaf in this setup, while direct Node DNS resolution may receive/attempt fake-IP routing and time out.A direct request works if I bypass the fake-IP DNS and connect to the real Overleaf address with the correct SNI/Host. For example, resolving
www.overleaf.comvia DoH gives34.120.52.64, and this succeeds:I also confirmed that the session cookie was valid: low-level requests to Overleaf worked and returned the project list when the VPN/proxy path was not involved.
Current workaround
I made a small wrapper that preloads a Node bootstrap script via
NODE_OPTIONS=--require .... The bootstrap monkey-patchesdns.lookupfor Overleaf-related hostnames and resolves them using DNS-over-HTTPS to Cloudflare, then letsolcliconnect directly:www.overleaf.com-> real A record via DoH*.overleaf.com,*.overleafusercontent.com,*.sharelatex.comHTTP_PROXY,HTTPS_PROXY,ALL_PROXYfor theolcliprocessThat workaround makes this work while the proxy/VPN app remains enabled:
olcli-real-dns list # Found 18 project(s)Requested improvement
Would you consider adding first-class network controls to
olcli, such as one or more of these?--no-proxy/OVERLEAF_NO_PROXY=1mode that explicitly ignores proxy environment variables.--timeout-ms/OVERLEAF_TIMEOUT_MS.OVERLEAF_RESOLVE=www.overleaf.com:34.120.52.64.agent/proxy-agent configuration, so users can choose direct, HTTP proxy, SOCKS proxy, or custom routing deliberately.The main issue is not authentication. It is that the current network layer is hard to adapt when the system has fake-IP DNS or a local proxy that breaks Overleaf TLS/routing.
I am happy to test a patch if you prefer a specific design.