UPDATE: I was able to get the selective masquerading to "work"... sort of.

The problem is if I don't have a default route for ppp0 then the 192.168.1.0/24 network can't reach anywhere. I add the default gw for ppp0 and then 192.168.0.0/24 can't reach anywhere.

What I don't understand at all though... if I have both default routes in, the linux server uses eth1 as its default, as evidenced by my source IP when I log in to internet sites. The vpn client machine (192.168.1.13) goes out over the VPN (ppp0) interface as expected. But my other lan clients (192.168.0.2 for example) can't get out to the internet if I try to masq over eth1 (but can f I switch it to masq over ppp0). What gives here? Both routes clearly work since the linux machine gets out over the ISP connection, so why can't it masquerade the ISP connection now, only the VPN?

My problem before was that I had the iptables service (under fedora) running, which seemed to not allow me to delete the original MASQUERADE directive to forward all traffic (regardless of source) via eth1. Now with my tables loaded manually the based-on-source part seems to work, just only with one internet connection (ISP or VPN) as its destination at a time. My hair's falling out here. This makes even less sense than the last situation did.

The masquerade will only work over whichever is the last default route added, even though linux seems to be smart enough to route through eth1 by default for its own local traffic despite the existence of the second "default" route.