[guide] OpenVPN client using LuCI - nordvpn

It took me some searching and trials to get this to work and i combined pieces of info from different places... hope this guide is helpful for people who want to use the web interface instead of command line.

NordVPN OpenVPN on
OpenWrt 19.07.2
using LuCI web interface

router needs about 7mb flash storage to hold defalut install with LuCI and additional packages

login to router via web interface.

Systems > Software

"Update lists..." button
"install" button next to
openvpn-openssl then "Install" button in popup window
ip-full then "Install" button in popup window
luci-app-openvpn then check "Overwrite files from other package(s)" in popupwindow then "install" button.

refresh page.
New "VPN" menu will show up


"OVPN configuration file upload" section at bottom
"name" like "ch88_tcp_zurich" "browse" button to find file "ch88.nordvpn.com.tcp.ovpn" and "upload" button
"OpenVPN instances" section at top
"edit" button for "ch88.nordvpn.com.tcp.ovpn"

in "auth-user-pass" box (bottom box) enter on separate lines

in "config file" (top box) find "auth-user-pass" in text and on the same line add the path to the auth file
it is shown above the bottom box. final text will look something like "auth-user-pass /etc/openvpn/ch88_tcp_zurich.auth"

"Save" button at bottom

*note, if you want to make a chain of vpn connections, it seems like you need to use TCP, not UDP. (I don't really understand why.)
To find the fastest server for your location, go to https://nordvpn.com/servers/tools you can download the recommended ovpn config file from this page. Or download a bunch of them https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip

Network > Interface

"Add new interface..." button
pick a name like "vpntun0"
"protocol" dropdown select "unmanaged"
"interface" dropdown go all the way to the bottom and type "tun0"
"Create Interface" button
"Apply" button
"Save" button

Network > Firewall

"add" button
name something like "vpn"
"input" dropdown "reject"
checkbox "Masquerading"
checkbox "MSS clamping"
"covered networks" dropdown "vpntun"
"Allow forward from source zones" dropdown "lan"
"save" button
"Zones" section
"edit" button for "lan"
"Allow forward to destination zones" dropdown check "vpntun0"

Network > DHCP and DNS

"General Settings" tab
"DNS forwardings" add ip addresses of your vpn's DNS servers and
"Resolv and Hosts Files" tab
"Ignore resolve file" checkbox - or else you will have dns leaks from original connection to isp.
"Save & Apply" button


"OpenVPN instances" section
"enable" check box next to new "ch88.nordvpn.com.tcp.ovpn" in list
"Save & Apply" button


Network > Diagnostics

"Traceroute" button
should show lan address assigned by vpn and new vpn server address as first two hops.

status > realtime graphs

"connections" tab
"sources" near top should show isp provided wan address going to "destination" vpn address

check in a web browser at