Right, I about to go insane trying to figure this out.
tl;dr: Unable to make inbound PAT over VPN tunnel work, outbound works fine.
I have an VPS with a bunch of public addresses I want to use in my homelab, to this end I've installed opnsense on the VPS, as this is the firewall I'm also using...