The latest reboot had me digging deeper to try to find the real problem and I have discovered that only the rule in FORWARD chain of the filter table is firing, not the DNAT in the nat table. I suspect the firewall is only working when some connection (outgoing ?) wakes up the masquerade rules but haven't actually found the rule that is active.
Are you sure the OpenWRT box is actually seeing the incoming packets? Is it directly on the internet, or is there another box before it, e.g. an ISP provided modem/router?
Even though you might have forwarded the protocol or even set the OpenWRT box as the "DMZ device", it may still do stateful firewalling on non-TCP/UDP protocols. That is a known problem with NAT routers.
Try to run a trace on the OpenWRT box to verify that you can receive IPIP traffic from sources that you have not recently contacted with outgoing traffic.
Rob