network hardware

MikroTik RB951G-2HnD: route to local gateway unreachable, how to fix?

There is a Mikrotik (RB951G-2HnD, RouterOS 6.37.3, 192.168.42.1), receives Internet from BeeLine via IPoE (DHCP, no additional troubles, default-route-distance=50), LAN 192.168.42.0/24.
Inside the local network, at 192.168.42.253, there is pfSense, which works as a dynamic peer to connect to a remote network (192.168.4.0/24) via IPSec (it works because of NAT).
With mikrotik 192.168.42.253 is available (it usually pings with arp-ping with br_lan).
Since Mikrotik works as the "main" router on the network (and the default gateway for devices on the local network), I decided to register the route to the remote network on it.
On Windows, it's simple: route add 192.168.4.0 mask 255.255.255.0 192.168.42.253. From network computers, when a route is set locally via pfSense, communication with 192.168.4.0/24 works.
Judging by the mana and the sea of ​​articles, everything is also simple in Mikrotik, even from WinBox (IP => Routes), even from the console: ip route add dst-address=192.168.4.0/24 gateway=192.168.42.253
That's just for some reason the route is unreachable, and therefore not active. As a result, ping attempts go to the provider's gateway (default route for 0.0.0.0).
I tried to enable checking the availability of the gateway (arp / ping), don't care - gateway-status unreachable, and route instead of pfSens to the provider's gateway ...
Added to the beginning of the firewall rules:
add action=accept chain=forward
add action=accept chain=input
add action=accept chain=output
No gateway found...
Active routing table:
> ip route print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=95.27.136.1 gateway-status=95.27.136.1 reachable via WAN distance=50 scope=30 target-scope=10 vrf-interface=WAN
1 S dst-address=192.168.4.0 /24 gateway=192.168.42.253 gateway-status=192.168.42.253 unreachable distance=1 scope=30 target-scope=10
2 AS dst-address=192.168.42.0/24 gateway=br_lan gateway-status=br_lan reachable distance=1 scope =30 target-scope=10
3 AS dst-address=192.168.44.0/24 gateway=br_lan gateway-status=br_lan reachable distance=1 scope=30 target-scope=10
4 ADC dst-address=95.27.136.0/21 pref-src=95.27.142.111 gateway=WAN gateway-status=WAN reachable distance=0 scope=10
5 ADC dst-address=255.255.255.0/32 pref-src=192.168. 42.1 gateway=br_lan gateway-status=br_lan reachable distance=0 scope=10
I tried to google, but everyone deals with global problems like routing between segments on different ports, and balancing with several providers. I did not google such a simple case as "you need to set the gateway inside the local area".
Since on the MikroTik mAP 2hnd working in the same network (works as an access point, receives network settings via DHCP + CapsMan, ports in the switch + bridge on WiFi, no Firewall / NAT rules), the route is normally added and works, it seems that there is another non-obvious (for me) a nuance of Mikrotik surfaced - why is the host with Mikrotik available, but when choosing it as a gateway for a static route, is it "unreachable"? What prevents the normal operation of the route on the router, and how to overcome it (disable the gateway availability check, for example)?
PS Both Mikrotiks were configured manually after a full reset, on both RouterOS 6.37.3 devices. So far, the only idea is to do a complete reset of the router and configure everything from scratch, while simultaneously checking the route's performance (to find out which setting will break it), but I can only do this on the weekend.
PPS The full config does not fit into the question - pastebin.com/tj4rpeUX
_____________
Added: the error was in my incorrect interpretation of the Winbox interface, and the lack of validation of the input data from Winbox in this regard - the router received an address with a /32 mask, and this prevented it from using gateway address that did not fall into the "subnet" /32. Many thanks to Ilya Demyanov(@turbidit) for help in localizing this error. @2016-12-05 20:52MSK