IPFire has implemented optional Time-based one-time password (TOTP) since Core 169 for OpenVPN Roadwarrior connections.

Currently we have only implemented TOTP/T30/6 which means we use a time-based hash token which changes every 30 seconds and has a 6 digits one-time password (OTP).

To create that OTP you have to use a authenticator app like one of those listed below.

Authenticator Apps


Available for Android, iOS, MacOS X, Windows and Linux



Available for Android

Google Authenticator

Available for Android and iOS


Apple iOS has a built-in app for TOTP. Just scan the QR code with the camera and add it to you password manager.