Same error on other server.
I tested before with tunnelblick on macOS and it worked.
Tested with DDWRT (changed ca and tls cert)...this is the log tail
Code:
Mon Aug 20 19:44:32 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Aug 20 19:44:32 2018 TLS Error: TLS handshake failed
Mon Aug 20 19:44:32 2018 SIGUSR1[soft,tls-error] received, process restarting
Mon Aug 20 19:44:32 2018 Restart pause, 5 second(s)
3. Click "Show advanced options" (fine print under "Adjust Server Preferences")
4. Click "Select Security Protocol" and choose "OpenVPN UDP". This may (or may not) change their recommended server listed.
5. Choose their recommended server for use in dd-wrt.
Troubling to get their recommendation specific to OpenVPN/UDP this way has gotten me some fast, lightly loaded servers. I can generally use one for weeks to months without issues.
Also note when you unzip their *ca.crt and *_tls.key files that all of those with file sizes of 1809 bytes for the ca cert and 602 bytes for the tls key actually use the same ca certs and tls keys. I did the diffs to prove it. So once you set up your dd-wrt OpenVPN client to use one of these, changing to another is trivial: just change the name of the server.
I considered using an IP address like you did rather than a server name, but personally I don't want to be using an obsolete IP if they make a change. Who knows what it might connect to.
If you're nervous about an exposed DNS search for the NordVPN server, there's always dnscrypt. Note that in our dnscrypt-resolvers.csv file the DNSSEC-capable servers that do not log all appear currently (as of release 37736) to be lone-programmer operations (I visited their websites yesterday, as it happens, to check them out) except for one: ipredator is a vpn provider in Sweden that makes their dns server available to the public (https://www.ipredator.se/page/services#service_dns). (There was one other server, in Germany, that actually might have had an organization behind it, but their website was nonfunctional, which I took as a red flag.) My logs suggest that the public ipredator DNS server IP forwards to the internal server that their vpn customers get. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.