/system clock set time-zone-name=Europe/Moscow
/system ntp 
client set enabled=yes
client servers
add address=time.google.com
add address=0.pool.ntp.org
add address=1.pool.ntp.org
add address=2.pool.ntp.org
add address=3.pool.ntp.org
/certificate add name="openvpn-ca" country="ru" state="Dmitrov" locality="Dmitrov" organization="openvpn" unit="ou" common-name="openvpn-ca" key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,data-encipherment,key-cert-sign,crl-sign,tls-client,tls-server
/certificate add name="openvpn-srv" country="ru" state="Dmitrov" locality="Dmitrov" organization="openvpn" unit="ou" common-name="openvpn-srv" key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
/certificate add name="openvpn-client-template" country="ru" state="Dmitrov" locality="Dmitrov" organization="openvpn" unit="ou" common-name="openvpn-client-template" key-size=4096 days-valid=365 key-usage=tls-client
/certificate add name="openvpn-client-1" copy-from="openvpn-client-template" common-name="openvpn-client-1"
/certificate add name="openvpn-client-2" copy-from="openvpn-client-template" common-name="openvpn-client-2"
/certificate add name="openvpn-client-3" copy-from="openvpn-client-template" common-name="openvpn-client-3"
/certificate sign openvpn-ca ca-crl-host=127.0.0.1
delay 60
/certificate sign openvpn-srv ca="openvpn-ca"
delay 60
/certificate sign openvpn-client-1 ca="openvpn-ca"
delay 60
/certificate sign openvpn-client-2 ca="openvpn-ca"
delay 60
/certificate sign openvpn-client-3 ca="openvpn-ca"
/ppp aaa set accounting=yes
/interface bridge add name=openvpn-bridge arp=enabled
/ip pool add name=openvpn-pool ranges=10.20.30.100-10.20.30.200
/ppp profile add name=openvpn-server local-address=10.20.30.1 remote-address=openvpn-pool
/interface ovpn-server server set auth=sha1,md5 certificate=openvpn-srv cipher=blowfish128,aes256-cbc default-profile=openvpn-server enabled=yes require-client-certificate=yes
/ip firewall filter add action=accept chain=input comment="OpenVPN" dst-port=1194 protocol=tcp in-interface-list=WAN place-before=0