ok that's fine. The links is present. Therefore you have some content on both files . did you try to reboot? Usually net.ipv4.ip_forward = 1 should be activated than.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Yes I did reboot. Client connects, gets 10.8.0.2 Ip and can ping 10.8.0.1 but nothing behind.
Pi's LAN side address is 192.168.240.227 and I have pushed the route for this subnet thru server.conf.
Client ( a windows for my test, using openVPN) when I do router print, shows that it has route for 192.168.240.0 /24 pointed to 10.8.0.1.
Here is full config from server.config file on the PiVPN server.
root@DietPi-VPNServer:~# cat /etc/openvpn/server.conf
dev tun
proto tcp
port 4430
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/DietPi_ae242b48-b770-4163-80c5-e4c023aeb38a.crt
key /etc/openvpn/easy-rsa/pki/private/DietPi_ae242b48-b770-4163-80c5-e4c023aeb38a.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
push "route 192.168.240.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
root@DietPi-VPNServer:~#
And same client, connects fine and is able to ping the inside network when it connects to PiVPN server setup on dietPi install on the virtualbox. So it is something that happens on Pi 4B and Pi 3B or VM / Virtualbox don't run into those issues. That is why I was thinking that it is a bug, but then you tested on your own Pi4B and you dont see this issue. I have done it with two different SD cards even, so it is something to do with hardware. Maybe there is some firmware / drivers that are different on my version that yours, but all RPi hardware is manufactured by same company in UK.
Then did the following again, and it starts working.
Have a look at it sometime tomorrow or when you get chance. At least we know that routing gets messed up and there is something overriding that references some other files than the where it should.
Another thing I find is that I had copied the /etc/sysctl.conf and /etc/sysctl.d folder and then when I do a reboot, these files actually go blank and that explains as to why my echoing 1 to the Ip forwarding works but does not persist.
So now the issue is that these files themselves go missing on reboot.