openVPN 질문 있습니다

안녕하세요

리눅스 서버보안관리실무 575p "(2)PKI를 활용한 NAT 사무실과 서버간 VPN 연동" 을 보면 vpn client 가 vpn server를 통해서 server 뒤에 있는 NAT IP(192.168.10.x)대역을 바로 악세스 할수 있는것으로 이해 하고 있습니다.

그런데 576p 의 서버의 설정 예를 보면 지금 제가 setting 하려고 하는 windows 최신 버전과는 내용이 다른것 같아서 몇일을 해메다 질문을 드립니다

vpn client가 vpn server로 일대일 접속은 잘 됩니다

왜 server 뒤의 비공인 ip로 바로 접속이 되지 않는지 꼭좀 알려주세요

server config화일을 같이 첨부합니다

 Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.10.0 255.255.255.0"-->vpn에 또다른 내부 네트웍 ip 을 설정했습니다

이렇게 하닌깐 client에서 192.168.10.1로 ping을 하면 ping 이 됩니다

이부분을 막으면 10.8.0.1로는 ping 이 되지만 192.168.10.1로는 ping 이 안됩니다

이제는 192.168.10.66같은 다른 ip로 직접 접속되기를 원하는거데

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
client-config-dir ccd
route 10.8.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

이부분을 정의하는것 같은데 아무리 해도 않되네요

어디가 잘못됬는지 꼭좀 알려주세요
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.  Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
push "redirect-gateway"
여기는 아닌것 같은데....

그럼 안녕히 계세요