It took me some searching and trials to get this to work and i combined pieces of info from different places... hope this guide is helpful for people who want to use the web interface instead of command line.
NordVPN OpenVPN on
OpenWrt 19.07.2
using LuCI web interface
router needs about 7mb flash storage to hold defalut install with LuCI and additional packages
login to router via web interface.
Systems > Software
"Update lists..." button
"install" button next to
openvpn-openssl then "Install" button in popup window
ip-full then "Install" button in popup window
luci-app-openvpn then check "Overwrite files from other package(s)" in popupwindow then "install" button.
refresh page.
New "VPN" menu will show up
VPN > OpenVPN
"OVPN configuration file upload" section at bottom
"name" like "ch88_tcp_zurich" "browse" button to find file "ch88.nordvpn.com.tcp.ovpn" and "upload" button
"OpenVPN instances" section at top
"edit" button for "ch88.nordvpn.com.tcp.ovpn"
in "auth-user-pass" box (bottom box) enter on separate lines
username
password
in "config file" (top box) find "auth-user-pass" in text and on the same line add the path to the auth file
it is shown above the bottom box. final text will look something like "auth-user-pass /etc/openvpn/ch88_tcp_zurich.auth"
"Save" button at bottom
*note, if you want to make a chain of vpn connections, it seems like you need to use TCP, not UDP. (I don't really understand why.)
To find the fastest server for your location, go to https://nordvpn.com/servers/tools you can download the recommended ovpn config file from this page. Or download a bunch of them https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
Network > Interface
"Add new interface..." button
pick a name like "vpntun0"
"protocol" dropdown select "unmanaged"
"interface" dropdown go all the way to the bottom and type "tun0"
"Create Interface" button
"Apply" button
"Save" button
Network > Firewall
"add" button
name something like "vpn"
"input" dropdown "reject"
checkbox "Masquerading"
checkbox "MSS clamping"
"covered networks" dropdown "vpntun"
"Allow forward from source zones" dropdown "lan"
"save" button
"Zones" section
"edit" button for "lan"
"Allow forward to destination zones" dropdown check "vpntun0"
Network > DHCP and DNS
"General Settings" tab
"DNS forwardings" add ip addresses of your vpn's DNS servers 103.86.96.100 and 103.86.99.100
"Resolv and Hosts Files" tab
"Ignore resolve file" checkbox - or else you will have dns leaks from original connection to isp.
"Save & Apply" button
VPN > OpenVPN
"OpenVPN instances" section
"enable" check box next to new "ch88.nordvpn.com.tcp.ovpn" in list
"Save & Apply" button
IS IT WORKING?
Network > Diagnostics
"Traceroute" button
should show lan address assigned by vpn and new vpn server address as first two hops.
status > realtime graphs
"connections" tab
"sources" near top should show isp provided wan address going to "destination" vpn address
check in a web browser at