Ss-redir for TCP and ssh tun for UDP/ICMP

Hello, I am using OpenWrt with MPTCP enabled kernel to aggregate multiple connections with shadowsocks-libev.

Bandwidth aggregation with TCP works well with ss-redir but UDP packets are sent directly.

I am using ubuntu-server with MPTCP kernel hosted in DigitalOcean as the end point.

How do i configure the network to use ss-redir for TCP and a VPN interface for UDP/ICMP and others.

I don't want to tunnel TCP traffic through the TCP based tunnel as ss-redir works well without any issues. Currently, when using ssh with -w0:0 option, the tunnel is created, and when assigned a gateway metric, default gateway through this interface is added in the route table. After adding the firewall zone rules such as:


and removing WAN from the destination zones, ss-redir keeps on working and client can browse the internet, but UDP and ICMP fails.