Problem: The redirect-gateway configuration option makes all traffic route through the xenplanet box. iptables based masquerading was used to perform SNAT on traffic from openvpn clients however HTTPS was completely broken! The initial TCP connection would go though but as soon as a the SSL connection was initialised by the client the HTTPS server would immediately close the TCP connection.
Extensive Googlin' turned up very little related to openvpn and the resolution of such an issue, although it has been mentioned a number of times in mailing list entries such as here. I changed tack and searched for NAT issues related to tunnels with iptables, striking gold here with a description of a working NAT setup with a CIPE tunnel.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.42.0/255.255.255.0 -j SNAT --to-source EXTERNAL_IP_ADDRESS
Where 192.168.42.0 is the internal address range used by openvpn. Also make sure to keep all other NAT rules such as the one for Related and Established connections present in your configuration!
P.S. This is with a non-bridged configuration, using TCP port 443 and TLS on the server.