The OpenVPN configuration specific for NordVPN requires the input of username and password in each start of OpenVPN. To provide credentials automatically, append the word "secret" with space to the string "auth-user-pass", so the resulting string should be "auth-user-pass secret".
Create the file with the name "secret" in the same folder, and provide credentials in it as follows: the first line is your login, the second line is your password:
username
password
The file itself contains contents of file "ca.crt" between tags "" and "" and contents of file "ta.key" between tags "" and "". You can create separate files "ca.crt" and "ta.key" with corresponding content excluding tags, in the same folder, and replace tags with content in the original file with the following strings.
ca ca.crt tls-auth ta.key 1
I do not have internet after setup, I skip this paragraph
If the configuration file that you use on step 3 has the user/pass/certs/keys you'll be fine.
Post the configuration file, after you remove sensitive things like user/pass/private keys, as well as: uci show network; uci show firewall; ip -4 addr ; ip -4 ro; ip-4 ru; iptables-save
Your main problem is that you don't have uplink to the internet. Only the lan interface is up and vpn cannot connect without internet. Check the cables etc...
Other than that:
Change line auth-user-pass with auth-user-pass /etc/openvpn/client.auth and create this file with your username in the first line and password on the second line.
By excluded you mean that you removed some lines from the output that you pasted here?
You need to paste here the exact output and cover any public IP or mac address.
Is there a tun0 interface or you excluded that too?
Then where is wan (eth0) interface? I don't see it in "ip -4 addr", nor you have a default gateway in "ip -4 ro".
This is also not seen in the output of these commands.
I suggest you reset the router to defaults and start from the beginning. The wan interface has to be there all the time, otherwise the vpn cannot work.
it was because I configured the router first on 2 routers, and then connected to the first (ISP)
root@hu:~# ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.99.187/24 brd 192.168.99.255 scope global eth0
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
root@hu:~#
root@hu:~# ip -4 ro
default via 192.168.99.1 dev eth0 proto static src 192.168.99.187
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.99.0/24 dev eth0 proto kernel scope link src 192.168.99.187
The file itself contains contents of file "ca.crt" between tags "" and "" and contents of file "ta.key" between tags "" and "". You can create separate files "ca.crt" and "ta.key" with corresponding content excluding tags, in the same folder, and replace tags with content in the original file with the following strings.
Tue Nov 19 15:31:47 2019 disabling NCP mode (--ncp-disable) because not in P2MP
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.
~
~
~
~
~
~
~