Firstly: I know could do this the easy way with SSH but I want to learn how to route.

I want to route packets back through the same tun0 interface from which they came into my system.

I can do it for single routes.

This works:

sudo ip route add 74.52.23.120 metric 2 via 10.8.0.1 

But i'd have to add them manually for each request that came down the pipe

I've taken the blue pill and followed the http://lartc.org/howto/lartc.netfilter.html:

Netfilter & iproute - marking packets tutorial

But it's oriented towards redirecting OUTGOING packets based upon markers

What I want is for a packet that comes in via tun0 not to be dropped which is what's happening right now, running scappy or suchlike to receive packets it doesn't seem to be receiving anything.

Watching in wireshark I see the initial SYN packets coming in on the tun0 interface but that's as far as it gets without a static route as shown above.

Am I nuts?