linux

How to set up Client-toClient OpenVPN?

It is required to organize access to the server sitting behind double NAT.
Network infrastructure from the landlord, nothing can be done.
Local server (Windows) and external server (VPS, debian) under full control.
There can be several clients, one server.
All clients must see the WIND_SERVER server, whether they see each other at the same time does not matter.
Access to the Internet of clients through OVPN is not needed.
Actually a question - how to configure?

So far, the configs look like this:
OVPN:
server.conf

port 1194
proto udp
dev tap

mode server
tls-server

ca      /etc/openvpn/easy-rsa/keys/ca.crt    # generated keys
cert    /etc/openvpn/easy-rsa/keys/server.crt
key     /etc/openvpn/easy-rsa/keys/server.key  # keep secret
dh      /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0

ifconfig 192.168.74.1 255.255.255.0
ifconfig-pool 192.168.74.2 192.168.74.200
push "route 192.168.74.0 255.255.255.0 192.168.74.1"
client-config-dir /etc/openvpn/ccd
keepalive 10 120

//пробовал,  тоже не работает
//client-to-client

An example of a config for a client - assigning a fixed address, the ccd/client file:
ifconfig-push 192.168.74.2 255.255.255.0
====
CLIENT/WIND_SERVER configs, the keys are different for everyone, the rest is the same:

proto udp
dev tap
remote OVPN_SERVER 1194
resolv-retry infinite
pull
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
auth-nocache
remote-cert-tls server
comp-lzo
verb 3

If I use dev tun, the locale with the /30 mask rises there.
If I use dev tap, it is recommended to disable client-to-client
Link to OVPN rises successfully.
When I establish a connection on CLIENT / WIND_SERVER, the ping goes to the virtual ip of the OVPN server, they do not see each other. Plus ipshnik is not assigned to the virtual adapter.
In general, already confused. What am I doing wrong?