docs: update OpenAI phone verification retry notes

This commit is contained in:
2026-05-10 08:44:58 +08:00
parent 9102557f8e
commit 828a208bde
16 changed files with 1748 additions and 0 deletions
@@ -0,0 +1,94 @@
# OpenAI/ChatGPT Proxy Endpoint Probe Notes — 2026-05-08
## Context
During Codex/OpenAI OAuth prerequisite testing, BOSS asked to verify direct browser access and then explicit LAN proxy endpoints:
- `socks5://192.168.2.8:1085` (tested as `socks5h://` so DNS resolves through proxy)
- `http://192.168.2.8:1084`
The Mac had local IP `192.168.2.69/24`, default route via `192.168.2.8`, and an ARP entry for `192.168.2.8`, but ICMP/TCP to the gateway/proxy endpoint failed.
## Observed failure signatures
System/browser without working proxy:
```text
chatgpt.com -> polluted IPs such as 202.160.128.16 / 199.59.150.40 / 2a03:2880:...
accounts.openai.com -> polluted IPs such as 192.133.77.189 / 128.121.146.109 / 2a03:2880:...
Chrome: ERR_CONNECTION_CLOSED
curl: LibreSSL SSL_connect: SSL_ERROR_SYSCALL
```
Explicit SOCKS5/HTTP proxy endpoint unavailable:
```text
ping 192.168.2.8 -> sendto: No route to host / 100% packet loss
nc -vz -w 5 192.168.2.8 1085 -> No route to host
curl --proxy socks5h://192.168.2.8:1085 https://chatgpt.com/ -> Failed to connect
nc -vz -w 3 192.168.2.8 1084 -> No route to host
curl --proxy http://192.168.2.8:1084 https://chatgpt.com/ -> Failed to connect
```
Route/ARP could still look superficially valid:
```text
default gateway: 192.168.2.8
192.168.2.8 at <mac> on en0 ifscope
local IP: 192.168.2.69
```
Do not mistake this for a ChatGPT/OpenAI auth bug or extension bug. If the LAN proxy endpoint itself is unreachable, browser automation and OAuth should stop.
## Recommended probe order
1. Flush DNS cache only as a low-risk refresh:
```bash
dscacheutil -flushcache || true
killall -HUP mDNSResponder 2>/dev/null || true
```
2. Check current DNS and detect pollution:
```bash
python3 - <<'PY'
import socket
for host in ['chatgpt.com','accounts.openai.com','auth.openai.com','openai.com']:
try:
print(host, sorted({x[4][0] for x in socket.getaddrinfo(host,443,proto=socket.IPPROTO_TCP)}))
except Exception as e:
print(host, 'ERR', e)
PY
```
3. Test gateway and proxy endpoint before browser tests:
```bash
ping -c 2 -W 1000 192.168.2.8 || true
nc -vz -w 5 192.168.2.8 1085 || true
nc -vz -w 5 192.168.2.8 1084 || true
```
4. For SOCKS5, use `socks5h://` in curl so DNS is performed through the proxy:
```bash
curl --proxy socks5h://192.168.2.8:1085 -I -L --max-time 30 https://chatgpt.com/
curl --proxy socks5h://192.168.2.8:1085 --max-time 20 https://api.ipify.org
```
5. For HTTP proxy:
```bash
curl --proxy http://192.168.2.8:1084 -I -L --max-time 30 https://chatgpt.com/
curl --proxy http://192.168.2.8:1084 --max-time 20 https://api.ipify.org
```
6. Only launch a proxied browser or extension run after at least one proxy endpoint succeeds.
## Interpretation
- `No route to host` to the proxy IP/port means the local Mac cannot reach the LAN proxy service. Fix LAN/gateway/firewall/WiFi/VLAN/router first.
- `Connection refused` means the host is reachable but no service is listening on that port or firewall actively rejects it.
- HTTP 200/30x/403 Cloudflare challenge through the proxy is better than transport failure; browser testing can proceed, but CAPTCHA/security challenge may still require manual action.
- Polluted system DNS may remain even while explicit `socks5h://` works; in that case use browser `--proxy-server=socks5://...` or ensure PassWall2 DNS hijack/remote DNS is correctly applied.