pfSense

When using Multi Factor authentication most OpenVPN clients offer a static-challenge option to make the client ask for the usual user and password plus an OTP. The client will pass a password in the form of a string containing "SCRV1:<password_base64>:<response_base64>"

OpnSense already support this with commit https://github.com/opnsense/core/commit/2c2eca7e2f25a46f96458e0d6d924541574cb9d8 as requested in this issue https://github.com/opnsense/core/issues/3290

It should be trivial to modify https://github.com/pfsense/pfsense/blob/master/src/etc/inc/openvpn.auth-user.php around line 45 https://github.com/pfsense/pfsense/blob/8f2f85c3d79f70dbde4332930ff81dd56c767e25/src/etc/inc/openvpn.auth-user.php#L45 in a similar way.

There is a similar request in the forums https://forum.netgate.com/topic/164678/openvpn-static-challenge-totp