Create certificate folder

apt-get install easy-rsa
make-cadir /etc/easy-rsa-legnago
cd /etc/easy-rsa-legnago

Edit vars and

source vars
./clean-all
./pkitool --initca

NAME=legnago-gw
./pkitool --pass --server $NAME
openssl rsa -in keys/$NAME.key -out keys/$NAME.pem

NAME=nms
./pkitool --pass $NAME
openssl rsa -in keys/$NAME.key -out keys/$NAME.pem

Upload and import certificates

/certificate
import file=server.crt
import file=server.pem
import file=ca.crt

ip pool

/ip pool add name=ovpn-pool ranges=10.15.32.34-10.15.32.38

profile and vpn user

/ppp profile 
add change-tcp-mss=default comment="" local-address=10.15.32.33 \
name="your_profile" only-one=default remote-address=ovpn-pool \
use-compression=default use-encryption=required use-vj-compression=default

define vpn user

/ppp secret 
add caller-id="" comment="" disabled=no limit-bytes-in=0 \
limit-bytes-out=0 name="username" password="password" \
routes="" service=any

openvpn instance

/interface ovpn-server server 
set auth=sha1,md5 certificate=router_cert \
cipher=blowfish128,aes128,aes192,aes256 default-profile=your_profile \
enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ip netmask=29 \
port=1194 require-client-certificate=no