Are you sure /ip route check returns a string that’s not a valid IP address - “A.B.C.D.13” for the nexthop? Or it’s just a redacting glitch?
I don’t have any LTE modems that are not passthrough on my devices, so I couldn’t check it with pure LTE, but on Ethernet uplinks /ip route check returns a valid nexthop on both 7.18.x and 7.19.x ROS versions for me, like:
:put [/ip route check dst-ip=8.8.8.8 as-value once]
interface=isp2;nexthop=10.x.x.1;status=ok
Anyways, pls do:
global DEBUG true
/system script run
and check the debug output that should look like:
's configuration: :4500 - → :4500
What you’re getting for the , does it looks like the gateway IP?
The script needs the gateway IP (AKA nexthop) in order to correctly send IP packets towards the destination (unless the interface to send the packets through has no MAC layer), thus a failure to detect the gateway IP is fatal.
And there’s a special case for multihomed hosts - if you specify a local IP address in IPsec peer settings, the packets should go out of the interface that has the said IP address assigned, not your default route. As /ip route check doesn’t honor its src-ip parameter, and always returns a the default route, I had to improvise: the script iterates over the interfaces that have the same IP address as the peer’s local-address (thus it will fail if the local-address of the peer is not assigned to any interface), for each interface it iterates over the routes that go though the interface, checking if the route leads to the destination (thus it will fail if there’s no routes toward the destination on the interface), and uses the nexthop address of the last (sic!) route found as gateway address. Yes, it’s sketchy and probably wrong, but it woks for me, and I need some cases in which it doesn’t work (maybe, recursive routing) in order to make it right.
Also note that on a direct LTE connection you may need the header stack other than “mac,ip,udp” in the traffic generator setup line of the script
/tool traffic-generator packet-template add name=“tgpt-IPsec-DPI-defeat” header-stack=mac,ip,udp - IDK if there’s a MAC layer present on the pure LTE interaces.