Ensure Router2 LAN IP address is on different subnet to Router1 LAN and configure its WAN port to use DHCP protocol (or static IP address) eg. if Router1 LAN IP is 192.168.1.1, then assign 192.168.111.1 to Router2.
fwiw, quick review of NordVPN instructions shows there is no kill switch when VPN connection fails. Delete the WAN interface as shown below to implement kill switch.
It's working great but it seems that the OS itself has no connection (by using command line, or luci software pages). How can I open a connection for the system ?
I followed the instructions of your document v1.2d. My laptop connected with ethernet has a vpn connection and thus has access to internet.
I also can access Luci, but it seems that the openwrt local system has no connection to internet (with or without vpn). I can't update software list (from System/Software) or test ips from Network/Diagnostics.
Use LuCI's 'Network/Diagnostics' and confirm you can Ping and TraceRoute to a physical IP address such as 8.8.8.8 via VPN tunnel.
If above is successful but you find you cannot Ping 'www.google.com', it may be because the DNS servers assigned to the WAN interface of Router2 are not accessible via your VPN connection.
Here is one solution:
Go to LuCI > Network > Interfaces > LAN
Add a DNS server as shown below
.