VyOS 1.4 NordVPN

gistfile1.txt

set interfaces openvpn vtun0 mode client

set interfaces openvpn vtun0 remote-host <remote-host>
set interfaces openvpn vtun0 remote-port <remote-port>
set interfaces openvpn vtun0 persistent-tunnel

set interfaces openvpn vtun0 authentication username <username>
set interfaces openvpn vtun0 authentication password <password>
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 hash sha512

set interfaces openvpn vtun0 tls ca-certificate nordvpn
set interfaces openvpn vtun0 tls auth-key nordvpn-tls-auth
set interfaces openvpn vtun0 openvpn-option "--remote-cert-tls server"
set interfaces openvpn vtun0 openvpn-option "--verify-x509-name CN=<remote-host-cn>"
set interfaces openvpn vtun0 openvpn-option "--key-direction 1"

set interfaces openvpn vtun0 openvpn-option "--mssfix 1450"
set interfaces openvpn vtun0 openvpn-option "--reneg-sec 0"
set interfaces openvpn vtun0 openvpn-option "--tun-mtu 1500"
set interfaces openvpn vtun0 openvpn-option "--tun-mtu-extra 32"

#set interfaces openvpn vtun0 openvpn-option --nobind
#set interfaces openvpn vtun0 openvpn-option --persist-key

#set interfaces openvpn vtun0 openvpn-option "--ping 15"
#set interfaces openvpn vtun0 openvpn-option "--ping-restart 0"
#set interfaces openvpn vtun0 openvpn-option --ping-timer-rem

#set interfaces openvpn vtun0 openvpn-option –-pull
#set interfaces openvpn vtun0 openvpn-option "--pull-filter ignore redirect-gateway"

gistfile2.txt

openvpn vtun0 {
    authentication {
        password <password>
        username <username>
    }
    encryption {
        cipher aes256
    }
    hash sha512
    mode client
    openvpn-option "--remote-cert-tls server"
    openvpn-option "--verify-x509-name CN=<remote-host-cn>"
    openvpn-option "--key-direction 1"
    openvpn-option "--reneg-sec 0"
    openvpn-option "--tun-mtu 1500"
    openvpn-option "--tun-mtu-extra 32"
    openvpn-option "--mssfix 1450"
    persistent-tunnel
    remote-host <remote-host>
    remote-port <remote-port>
    tls {
        auth-key nordvpn-tls-auth
        ca-certificate nordvpn
    }
    vrf vpn
}

gistfile3.txt

pki {
    ca nordvpn {
        certificate <certificate-data-in-pem-format-with-no-new-lines-or-the-header-or-footer>
    }
    openvpn {
        shared-secret nordvpn-tls-auth {
            key ****************
        }
    }
}

gistfile4.txt

Download your OpenVPN configuration file from NordVPN. Within it will have a CA inlined, as well as a TLS Auth key.

<ca>
-----BEGIN CERTIFICATE-----
Base 64 encoded stuff in here, you only want this section, not the fluff before or after
-----END CERTIFICATE-----
</ca>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
Secret key in here, same as above regarding what you want
-----END OpenVPN Static key V1-----
</tls-auth>

 set pki ca nordvpn certificate INSERT_THE_CA_DATA_IN_HERE_AS_ONE_BIG_SINGLE_LINE
 set pki openvpn shared-secret INSERT_THE_TLS_AUTH_STUFF_HERE_AS_ONE_BIG_LINE