Assuming that you have already setup your OpenVPN network. (https://featout.com/mikrotik-openvpn-server-client-setup/)

And also assume that OVPN is connected in your branch MikroTik.

So, your OVPN IP block is 192.168.22.128/25
If you have configured your OVPN IP block with another IP series, then replace as yours.

If you want to access your another branch MikroTik router, you do not need to enter any additional firewall command to your CHR/Cloud router, just do the firewall command to all branch’s MikroTik (Client Router):

/ip firewall filter

add chain=input src-address=192.168.22.128/25 in-interface=ovpn-out1 action=accept comment="Allow Input from OVPN Clients"
add chain=input protocol=tcp dst-port=8291 action=accept comment="Allow Winbox Access"

/ip firewall nat

add chain=srcnat dst-address=192.168.22.128/25 out-interface=ovpn-out1 action=masquerade comment="Remote Winbox via OVPN"

If you have the above firewall already configured then review the firewall configuration first, you don’t need to duplicate the configuration again.

Reboot the router and access your branch to branch MikroTik.