OpenVPN Connects but Unable to access hosts on another subnet

I am running Ubuntu 20.04 with latest OpenVpn package. First time trying to get a vpn going myself.

Unable to ping any hosts that are currently on the 10.10.0.0 via my windows machine client.

I can ping either direction when ssh'd into any system on that subnet.

UFW is currently disabled.

OpenVPN connects fine, I am however able to ping the openvpn host address of 10.10.3.98.

/proc/sys/net/ipv4/ip_forward set to 1 on all systems

Thinking some kind of route issue, but i've tried a few things with no luck. I need the collective.

Thank-you!

host1:/etc/openvpn$ ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:2a:f5:f1 brd ff:ff:ff:ff:ff:ff
    inet PUBLICIP/32 scope global dynamic ens3
       valid_lft 70352sec preferred_lft 70352sec
    inet6 2607:5300:201:2100::fdf/56 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe2a:f5f1/64 scope link
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:cc:88:e1 brd ff:ff:ff:ff:ff:ff
    inet 10.10.3.98/16 brd 10.10.255.255 scope global dynamic ens4
       valid_lft 70352sec preferred_lft 70352sec
    inet6 fe80::f816:3eff:fecc:88e1/64 scope link
       valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none
    inet 10.0.0.1/24 brd 10.0.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::22db:5c7d:76e4:21c2/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

server.conf

port 1194
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.0.0 255.255.0.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_hCBOMjVqB0C2SZat.crt
key server_hCBOMjVqB0C2SZat.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

ip routes

ip route
default via PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.0.0.0/24 dev tun0 proto kernel scope link src 10.0.0.1
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.98
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.1 dev ens4 proto dhcp src 10.10.3.98 metric 100

client config (minus keys)

client
proto udp
explicit-exit-notify
remote PUBLICIP 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_hCBOMjVqB0C2SZat name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

host2 (host I am unable to ping)

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:02:6e:b7 brd ff:ff:ff:ff:ff:ff
    inet PUBLICIP/32 scope global dynamic ens3
       valid_lft 69012sec preferred_lft 69012sec
    inet6 2607:5300:201:2100::862/56 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe02:6eb7/64 scope link
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:57:46:57 brd ff:ff:ff:ff:ff:ff
    inet 10.10.3.222/16 brd 10.10.255.255 scope global dynamic ens4
       valid_lft 69012sec preferred_lft 69012sec
    inet6 fe80::f816:3eff:fe57:4657/64 scope link
       valid_lft forever preferred_lft forever


ip route
default PUBLICGWIP dev ens3 proto dhcp src PUBLICIP metric 100
10.10.0.0/16 dev ens4 proto kernel scope link src 10.10.3.222
PUBLICGWIP dev ens3 proto dhcp scope link src PUBLICIP metric 100
169.254.169.254 via 10.10.0.2 dev ens4 proto dhcp src 10.10.3.222 metric 100

Windows client ipconfig when connected to VPN

Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
   Physical Address. . . . . . . . . : 00-FF-0B-15-88-B7
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4719:c54f:b42e:fe72%50(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 838926091
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-0C-DC-F8-3C-7C-3F-F3-68-C1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled