Problem

web_fetch (and pdf tool) fails on all external URLs when the host runs a transparent-proxy VPN (Shadowrocket, Surge, Clash, Mihomo) in packet-tunnel / fake-IP mode.

These VPNs resolve every hostname to a virtual IP in 198.18.0.0/15 (RFC 2544 Benchmarking range), then route traffic through their tunnel interface. The OS kernel routes 198.18.x.x → utunN → VPN does real DNS + proxy forwarding. curl and browsers work fine because they use the system network stack.

However, web_fetch resolves DNS → gets 198.18.x.x → SSRF check identifies it as a special-use address → blocks the request before it reaches the network stack.

Error: SsrFBlockedError: Blocked: resolves to private/internal/special-use IP address

This has been silently breaking web_fetch for over a month across many domains (arxiv.org, xhscdn.com, resources.anthropic.com, etc.).

Evidence from source code

The codebase already handles this case in two places:

1. ip-*.js: isBlockedSpecialUseIpv4Address() has an explicit allowRfc2544BenchmarkRange option that skips the 198.18.0.0/15 check
2. Telegram channel: channels.telegram.network.dangerouslyAllowPrivateNetwork is documented and works — Telegram media downloads already allow RFC 2544 by default

But web_fetch calls fetchWithWebToolsNetworkGuard() without passing any policy or useEnvProxy, so it always uses strict mode with no way to opt in.

Verification

Tested on the same host:

• curl → works, exit IP matches VPN
• Node.js raw https.request() to 198.18.x.x → works, same exit IP as curl (traffic goes through VPN tunnel)
• web_fetch → blocked by SSRF check before traffic reaches the network stack

This confirms that allowing 198.18.x.x does not bypass the VPN — the kernel routes it through the tunnel regardless.

Proposed solution

Add an SSRF policy option under tools.web.fetch, similar to what browser.ssrfPolicy and Telegram channel already have:

tools:
  web:
    fetch:
      ssrfPolicy:
        allowRfc2544BenchmarkRange: true

Or a simpler top-level network policy that applies to all web tools.

The allowRfc2544BenchmarkRange flag already exists in the SSRF check logic — it just needs to be wired to a user-facing config for web_fetch.

Environment

• OpenClaw installed via npm (latest)
• macOS, VPN in packet-tunnel / fake-IP mode
• VPN creates a utun interface with 198.18.0.1 gateway and global route override (0/1 + 128/1)
• All DNS queries return 198.18.x.x virtual IPs