Multiple OpenVPN [NordVPN] Clients.

[fbeye]

Good Morning!

I wanted to throw out what I want, what I have and then how I should progress.

Currently on OPNSense I am running 'a' client on OpenVPN using NordVPN. Currently anything on the network goes out using the VPN; Perfect.
What I want is to create another instance/client. My thoughts were to have;

192.168.5.2 - 192.168.5.128 = Client 1
192.168.5.129 - 192.168.5.192 = Client 2
192.168.5.193 - 192.168.5.256 = NON VPN

Currently with Opnsense using the 1 Client, all I am doing is defining 'outbound' for certain IP's to not be on VPN and works well.
My issue is this... When creating this new 2nd client config; Do I need to create a new authority certificate or can I use the same 1 for both. Do I need to create another virtual interface for vpn2. Can I create a 2nd client under the main client or do I need to create a 2nd independent client?

Should I, instead of dividing the one network, create vlan1 = VPN1, vlan2 = VPN2 and vlan3 to be local WAN non VPN?
These of course do not need to be literals. The facts are I want 2 VPN's and choose what groups of IP's belong to what and then my current network is 192.168.5.0.

I hope this makes sense and can be modded or responded with whatever makes better sense. Sorry if this comes across as dumb or the bigger picture I am not seeing but I would really like your help.

My main question would be;

1.) Do I need a SINGLE Thrust:Authority for EACH Client, or can they all share this same Authority as they are all NordVPN, or does each Client need its own Authority.
2.) I assume I need an Interface for each VPN Instance? [NordVPN-USA] [NordVPN-Europe] . I assume I do as I am going to segment IP's from my Network to specific VPN's.
3.) Am I able to have multiple clients under VPN:OpenVPN:Clients: Initial Client and add servers, or do I need a separate client [so 2 total] for the separate networks.

Then I am gong to create 3 Aliases; 1 NONVPN, 1 NORDUSA and 1 NORDEUROPE and assign under LAN those networks to corresponding VPN so they know what to connect to what...

I guess what threw me off as I was doing this was when I created a 2nd authority, it linked itself to the initial one.. Is that ok? Like the 1st one said initially issuer self-signed but when created another one, the original one then said issuer and name of the new authority, threw me off.
And then I still went on, got it up and running verified incoming and outgoing had correct ip but then my qbittorrent kept saying failed on ever item I downloaded, so something seemed off. With this said, BOTH Clients used the 1 initial authority... so maybe that had an issue?
Regardless, none of my stuff is literal and needs to be as is, I hope seeing what I want to do maybe you can guide or assist or redirect me? I am open minded and not set on any single way.

[Bob.Dig]

Do I need to create a new authority certificate or can I use the same 1 for both. Do I need to create another virtual interface for vpn2. Can I create a 2nd client under the main client or do I need to create a 2nd independent client?

First, you don't create another authority, you import one. Check the CA Certificate data, it is all the same with all Nord Servers, so you can and should reuse it every time.
Second, sure.
Third, you need to create another one.
Check if you can copy the existing one. I am not sure about this though.