Double Proxy: IPSec to Server1 then SSH to Server2

What I'm trying to achieve:

(Clients)<IPSec Xauth PSK>(Server 1)<SSH-based SOCKS5>(Server 2) --> Free Internet

How is that possible for both UDP and TCP traffics?

What I've done:

I ran this on Server1:

ssh -N -D 1080 user@Server2:7999

I used gost for transparent proxying, and copy-pasted and modified a few lines of iptables script from their docs:

For TCP

gost -L "red://:12345?sniffing=true&tproxy=true" -F socks5://127.0.0.1:1080 &

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -N GOST
iptables -t mangle -A GOST -p tcp -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A GOST -p tcp -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A GOST -p tcp -m mark --mark 100 -j RETURN
iptables -t mangle -A GOST -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-ip 127.0.0.1 --on-port 12345

iptables -t mangle -A PREROUTING -p tcp ! --dport 22 ! --sport 22 -j GOST

iptables -t mangle -N GOST_LOCAL
iptables -t mangle -A GOST_LOCAL -p tcp -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A GOST_LOCAL -p tcp -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A GOST_LOCAL -p tcp -d 192.168.0.0/16 -j RETURN

iptables -t mangle -A GOST_LOCAL -p tcp -m mark --mark 100 -j RETURN
iptables -t mangle -A GOST_LOCAL -p tcp -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp ! --dport 22 ! --sport 22 -j GOST_LOCAL

I excluded port 22 to not lose SSH connection to VPS.

This is for TCP. Now IPSec clients can connect and some websites can show that their IP addresses have changed to that of the Server2. This seems OK for some Web-browsing. But I need to do it for UDP traffics too, and my problem starts when I run this:

For UDP

gost -L redu://:13579?ttl=10s -F socks5://127.0.0.1:1080 &

ip rule add fwmark 2 lookup 200
ip route add local 0.0.0.0/0 dev lo table 200

iptables -t mangle -N GOST
iptables -t mangle -A GOST -p udp -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A GOST -p udp -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A GOST -p udp -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A GOST -p udp -m mark --mark 200 -j RETURN
iptables -t mangle -A GOST -p udp -j TPROXY --tproxy-mark 0x2/0x2 --on-ip 127.0.0.1 --on-port 13579
iptables -t mangle -A PREROUTING -p udp -m multiport ! --destination-ports 500,50,51,4500,1701 -m multiport ! --source-ports 500,50,51,4500,1701 -j GOST

iptables -t mangle -N GOST_LOCAL
iptables -t mangle -A GOST_LOCAL -p udp -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A GOST_LOCAL -p udp -d 255.255.255.255/32 -j RETURN
iptables -t mangle -A GOST_LOCAL -p udp -d 192.168.0.0/16 -j RETURN
iptables -t mangle -A GOST_LOCAL -p udp -m mark --mark 200 -j RETURN
iptables -t mangle -A GOST_LOCAL -p udp -j MARK --set-mark 2
iptables -t mangle -A OUTPUT -p udp -m multiport ! --destination-ports 500,50,51,4500,1701 -m multiport ! --source-ports 500,50,51,4500,1701 -j GOST_LOCAL

Now clients can't even browse web. DNS doesn't work (I'm wondering why it even worked previously because Server1 itself receives censored DNS queries, but clients could open those websites anyway; which is good).

Since I'm not familiar with these tools -specially iptables- can anyone guide me to an easier solution or help me with what I've done so far?