@drhans Here are screen shots of my client config for a Nord UDP client connection that is up and working as expected. Note that if you want to start out with all traffic being routed through the VPN connection, un-check the "Don't Pull Routes" option that I have checked. The full set of "Custom Options" I have, which is not fully visible in my screen shots, is:
tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
ping 15;
ping-restart 0;
ping-timer-rem;
reneg-sec 0;
remote-cert-tls server;
auth-nocache;
pull-filter ignore "redirect-gateway";
pull-filter ignore "dhcp-option";
auth-retry nointeract;
Note that you will NOT want the line:
pull-filter ignore "redirect-gateway";
if you want all traffic to be routed through the VPN. And in fact I probably don't need it myself with "Don't Pull Routes" enabled. You also may or may not want the line:
pull-filter ignore "dhcp-option";
which prevents the server from pushing DNS servers to use. I have pfSense configured to use unbound but with the outgoing interfaces set to my VPN client interfaces.
Some of the other things I have in my custom options are redundant to options set up by the GUI, but not harmful; it's just been a while since I've cleaned them up, but I know that these work for Nord.
a7263980-045c-4839-8c67-22e0ff199eb7-image.png
51fb8fe1-920c-42a1-89f7-caa871c1ecd6-image.png
a9999673-6e36-44ad-ae68-77d440194da5-image.png
7cfbc770-9ae4-4114-b321-e3840c6aca98-image.png