Using iptables to route all internal data to tun0 from eth0

Question

Looking for a few answers ;)

I'm running Zentyal on a gateway. The gateway is also an OpenVPN client, to a server I run out of another country. Interfaces are thus :

External : eth1 (dhcp from the modem 192.168.1.2) Internal : eth0 (static 10.1.1.1) OpenVPN : tun0 (from OpenVPN server 10.7.0.6)

I have connected the VPN and it functions. I can ping the server via

# ping 10.7.0.1

From the gateway machine.

These are the rules I have on the server, they have worked fine so far

iptables -t nat -A POSTROUTING -i tun0 -o eth0 -j SNAT --to-source # Generated by iptables-save v1.4.8 on Sat Mar 23 04:41:56 2013
*mangle
:PREROUTING ACCEPT [2036011512:705237252333]
:INPUT ACCEPT [332186284:78285843071]
:FORWARD ACCEPT [1703824348:626951360931]
:OUTPUT ACCEPT [405392399:436227187419]
:POSTROUTING ACCEPT [2109216747:1063178548350]
COMMIT
# Completed on Sat Mar 23 04:41:56 2013
# Generated by iptables-save v1.4.8 on Sat Mar 23 04:41:56 2013
*filter
:INPUT ACCEPT [332186284:78285843071]
:FORWARD ACCEPT [1019886723:183138161264]
:OUTPUT ACCEPT [405392397:436227186606]
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -j ACCEPT
COMMIT
# Completed on Sat Mar 23 04:41:56 2013
# Generated by iptables-save v1.4.8 on Sat Mar 23 04:41:56 2013
*nat
:PREROUTING ACCEPT [12528325:854813836]
:POSTROUTING ACCEPT [2920518:161107345]
:OUTPUT ACCEPT [882245:53661537]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Mar 23 04:41:56 2013

I don't believe the issue is with the server, as I have had it working in the past, with the same rules. Also, if I connect directly with a single machine, it seems to work fine over NetworkManager

Here is my client OpenVPN config :

client
dev tun
proto udp
remote <server IP> 1194
resolv-retry infinite
redirect-gateway def1
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client_home.crt
key /etc/openvpn/client_home.key
script-security 3
ns-cert-type server
comp-lzo
verb 3
mute 20
cipher AES-256-CBC
keysize 256

So now, what I want to do, is pipe the whole LAN (off eth0 10.1.1.1/32) through tun0 (openvpn 10.7.0.6). I can't get tun0 to show up within Zenyal, so I cant set it as the default gateway etc.

Can someone please help me writing a set of iptables rules for the gateway machine to force all data through the OpenVPN connection?

Thanks, I hope I can get this sorted. You know, the whole privacy thing is beginning to freak us all out a bit ;)