ocserv allows for multiple authentication factors per session
There is an options available for one-time passwords
Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts
Suggested commands to get started:
vyos@vyos# set vpn openconnect authentication mode Possible completions: local Use local username/password configuration radius Use RADIUS server for user autentication vyos@vyos# set vpn openconnect authentication mode local password Default. Password-only local authentication otp OTP-only local authentication password-otp Password (first) + OTP local authentication
vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp Possible completions: key Token Key Secret key for the token algorithm (see RFC 4226) otp-length Optional. Number of digits in OTP. Default 6
Further functionality can be developed to use different types of OTP