ocserv allows for multiple authentication factors per session
There is an options available for one-time passwords
Given that VyOS uses local accounts for ocserv, OTP keys will be generated for these accounts
Suggested commands to get started:
```
vyos@vyos# set vpn openconnect authentication mode
Possible completions:
local Use local username/password configuration
local-otp Use local username/password + one time password (OTP) autentication
radius Use RADIUS server for user autentication
```
```
vyos@vyos:~# set vpn openconnect authentication local-users username user2 otp
Possible completions:
key Token Key Secret key for the token algorithm (see RFC 4226)
otp-length Optional. Number of digits in OTP. Default 6
```
Further functionality can be developed to use different types of OTP