Gateway timeout when setting wifi through LUCI (solved: dnsmasq)

Hey there.

I just upgraded a TP-Link 4900v1 from OpenWRT Pre-BB Dev-Snapshot to LEDE 17.01.1 stable.

I disabled all routing, DNS and DHCP since I only use it as vlan switch and dumb AP.

At first I let wifi create freshly but delete all existing interfaces.

rm -f /etc/config/wireless
wifi config
uci commit wireless
uci delete wireless.@wifi-iface[0]
uci delete wireless.@wifi-iface[0]

After that I create 6 different SSIDs per device, so that's a sum of 12 wifi interfaces.

All of them are created this way (it's a shell script in a loop):

uci add wireless wifi-iface > /dev/null
uci set wireless.@wifi-iface[-1].device="$1"
uci set wireless.@wifi-iface[-1].mode='ap'
uci set wireless.@wifi-iface[-1].ssid="$3"
uci set wireless.@wifi-iface[-1].encryption="psk-mixed"
uci set wireless.@wifi-iface[-1].key="$4"
uci set wireless.@wifi-iface[-1].network="$2"
uci set wireless.@wifi-iface[-1].wpa_group_rekey='0'
uci set wireless.@wifi-iface[-1].hidden="$5"

Those work nicely. I can connect to each of them and have access to the network/vlan I configured.

The LuCI wifi overview page shows all of them, currently there are four devices connected to three different SSIDs. So that's OK.

But when I click "Edit" to show/adjust a single wifi setting, I always get a "502 bad gateway" response but no syslog entry.

There is nearly no CPU usage involved, I have 98% idle when waiting for the wifi edit panel to appear.

The very same setup applied to a TP-Link 1043 works nicely, but since that one has only 2.4GHz Wifi there are only 6 wifi interfaces in total.

Any suggestions on how to solve this?

It's actually not a "504 Gateway Timeout" as stated before but a "502 Bad Gateway".


Please see if local DNS resolving works on the router. The wifi settings page does a number of DNS lookups to provide hints for the macfilter settings.

If a simple nslookup is hanging on your router instead of returning nxdomain immediately, you found the culprit.
The best way to solve this is to ensure that DNS fails cleanly, either by configuring dnsmasq to respond to all queries with a specific IP or by specifying a DNS server which is clearly unreachable.

Wow, awesome. You nailed it.

I disabled dnsmasq on my AP by setting its port to 0, which is described in the OpenWRT documentation.
Since I configured a single target DNS server in the interface configuration of my only interface that has an actual IP (all others are of protocol "unmanaged") I was under the impression local DNS queries would go to this particular DNS server.
Never thought about /etc/resolv.conf still targeting making all DNS queries go through the local dnsmasq.

Thank you very much for your help.