Route all traffic from a certain subnet through a shadowsocks server

[mattdeox]

Hi!
I recently switched from a "traditional" router to an opnsense router and it feels amazing.
I don't know much about networking yet but it is a very interesting topic and I'm eager to learn.

Here is the network set-up I have right now.


The OPNsense router is connected to the Internet over WAN and to a switch on the LAN port.
A bunch of machines are connected to the switch and some devices connect over a Wi-Fi access point.
For the LAN network, I assigned the subnet 192.168.0.0/20
The devices connected to the Wi-Fi access point get assigned to 192.168.2.0/24
The machines connecting to the switch are currently on 192.168.1.0/24

One ubuntu machine that is connected to the switch runs a shadowsocks server.

I would like to route all outgoing internet traffic (TCP+UDP) from the devices connected to the Wi-Fi access point through the shadowsocks server.
This should happen without the device needing to install anything or the device even knowing about this.

I saw there is a program called "gost" https://gost.run/en/tutorials/redirect/ which should be able to do it but I suppose there is a better way with OPNsense.

What would be the best way to achieve this?
Thank you very much in advance for your kind assistance.

[mattdeox]

Maybe it was not as easy as I thought but I did a local test using iptables on the machine itself to redirect all traffic to a gost tunnel which would then do the connection to the shadowsocks server.

That being said, it should work if I use OPNsense to redirect TCP and UDP traffic to a machine and port where a gost tunnel is listening.