This seems to be a general problem, but I couldn't manage to solve it.
I have a very simple configuration which follows. The server is Windows Server 2003 and client is Windows 7 Ultimate. On both, OpenVPN runs as service. I patched the "IPEnableRouter" value to 1 on OpenVPN server machine.
I CAN ping and connect ports on VPNSRV, but I CAN'T connect to any port on FTPSRV from CLIENT. VPNSRV don't have any problems connecting to FTPSRV.
Verbose logging shows that OpenVPN takes packets from CLIENT then writes, but no reply returns when pinging FTPSRV. Things are fine with pinging VPNSRV
CLIENT: LAN(192.168.2.x), OPENVPN(10.10.43.x)
VPNSRV: LAN(10.10.0.3), OPENVPN(10.10.43.1)
FTPSRV: LAN(10.10.0.6)
client.ovpn
client
proto tcp
dev tun
dev-node lanvpn
remote vpnserver 10000
resolv-retry infinite
nobind
mute-replay-warnings
ca ca.crt
ns-cert-type server
cipher BF-CBC
comp-lzo
verb 3
cert client.crt
key client.key
server.ovpn
port 10000
proto tcp
dev tun
dev-node lanvpn
ca ca.crt
cert server.crt
key server.key
crl-verify crl.pem
dh dh1024.pem
cipher BF-CBC
comp-lzo
ifconfig-pool-persist ipp.txt
server 10.10.43.0 255.255.255.0
push "route 10.10.0.0 255.255.255.0"
keepalive 30 120
status openvpn-status.log
verb 3
Check that your FTP server has a route to your VPN network (10.10.43.0/24). My guess is that it doesn't.
You may want to do a packet capture on FTPSRV to see if your client's ping is ever getting to the box. If it's not getting to the box, there may be a forwarding or firewall problem on your VPNSRV that isn't sending the traffic to the network behind it. If the traffic is getting to FTPSRV and you see FTPSRV trying to respond, it may be a routing issue of it not knowing how to return the traffic. You can follow up on that by doing a packet capture on the physical interface of VPNSRV and see if you get traffic from FTPSRV -> CLIENT.