I have nothing but a masquerading rule and two manually forwarded ports. The rest is automatic UPnP.
This is a trace from a computer with VPN connected.
This is a trace to the public address of the server on which vpn. And Trace to the Oktell server, which I also need to work like ftp on 10.3.5.67

It's good to know the principles ....
In short:
1. Prescribe the necessary routes (ping from a microtic, but not from a computer - because the piece of iron you are pinging does not know how to get to your network (namely 192.168.88.0/24) t
.i.e . on
the remote side, you need to say where your home subnet is located. on the remote side, write
routes.If you don't have access, start navigating :)

Hello Semyon!
It seems to me that you have done too many unnecessary actions, delete all the created static Routes (the correct ones are registered independently, marked as "DAC"), you don't need to nat anything, everything that needs to be processed automatically through the Mangle table of the Mikrotika Firewall (after establishing a VPN connection).
I didn't fully understand the structure of your network, but a possible solution for you could be as follows: Enable proxy-arp on Mikrotik-e on the interface from/through which the connection to your remote FTP server is coming from/through.
Proxy-ARP on the port of the receiving interface allows you to combine two networks that are not connected at the link layer into one. Without this, hosts on these networks (even if they are on the same subnet) may not be able to see each other because they are different physical environments.
And one more thing:
1. Be careful with arp-proxy, you can accidentally intercept all network packets, well, you understand what can happen.
2. And the IP addresses of the LAN and PPTP networks should not be from the same subnet, ideally they should be fundamentally different, for example LAN - 192.168.0.1/24; PPTP - 10.0.0.1/24
3. Read the official manual, maybe it will help bring desires and thoughts to the denominator: PPTP