If the year is smaller than < 2014 an initial date will be set. This
has been manually verified by copying ntpdate to ntpdate.off and making
sure that the VPN is coming up. Due the short SSL lifetime of CACert
we will need to update the script once in a while. But our VPN should
now always come up.