Now, the reason I believe the templates are the actual issue here, whether it be the way they are built, some default networking settings inside them or perhaps something to do with the way 4.1 installs new templates from the repository - any of these could be the cause. But why I think it’s the templates is because:
After much frustration I decided to just copy over my base templates from an older Qubes 4.0 installation of mine. Copied the exact same templates, Fedora 33 & Fedora 34, unmodified, fresh installed using Qubes 4.0 and then “backed up” and restored to my Qubes 4.1.
I then changed my specific VPN VM’s to use those restored templates instead of the built in 4.1 ones and - voila! no more network problems.
Not only did this solve issues with VPN, but guess what, another seemingly unrelated older thread regarding Trezor (crypto hardware wallet) communication between Qubes using some socat commands was also fixed by my simply swapping in these restored 4.0 templates workaround
Trezor & Monero Wallet issues reported for 4.1 - fixed by workaround
Another user with same issues as me (Tor > VPN problem in 4.1)
I also tested this all with fedora 33, fedora 33 minimal & debian 10. Retoring older templates fixes the networking issues in all cases.
I’m not well verse enough in networking protocols in Linux to figured out what exactly might be causing all of this.