Just curious - what ties your static interface route to traffic that comes from the specific source address you want? How do you keep that static route from being applied globally to all hosts? I see masquerading rules to NAT the host to vtun0, I see firewall rules allowing the traffic, but I don't see anything that tells the router to only route 0.0.0.0/0 for source 192.168.0.65 rather than have that static route be global. What am I missing?
Thanks.