there are many things that could be wrong. Let's see.
You say that the router is able to connect to the VPN? That could be because the VPN client is "opening" a port that the server has to connect to. What are the rules you have for INPUT? (iptables -L INPUT -nv)
now that I'm checking your rules... what does the second rule mean? are you sure it's correct?
iptables -t nat -A PREROUTING -d eth0 -p gre -j DNAT --to 192.168.2.2
is it -i eth0?