IPFire has implemented optional Time-based one-time password (TOTP) since Core 169 for OpenVPN Roadwarrior connections.
Currently we have only implemented TOTP/T30/6 which means we use a time-based hash token which changes every 30 seconds and has a 6 digits one-time password (OTP).
To create that OTP you have to use a authenticator app like one of those listed below.
Authenticator Apps
Authy
Available for Android, iOS, MacOS X, Windows and Linux
bitwarden
FreeOTP
Available for Android
Google Authenticator
Available for Android and iOS
iOS
Apple iOS has a built-in app for TOTP. Just scan the QR code with the camera and add it to you password manager.