NethServer · gsanchietti · Apr 23, 2020
diff --git a/administrator-manual/en/base_system2.rst b/administrator-manual/en/base_system2.rst
@@ -285,6 +285,8 @@ The following pages are always accessible to all users:
 * applications
 * terminal
 
+.. _2fa-section:
+
 Two-factor authentication (2FA)
 ===============================
 

diff --git a/administrator-manual/en/vpn.rst b/administrator-manual/en/vpn.rst
@@ -39,7 +39,8 @@ Supported authentication methods are:
 
 * System user and password
 * Certificate
-* System user, password and certificate
+* System user name, password and certificate
+* System user name, One Time Password (OTP) and certificate
 
 The server can operate in two modes: :index:`routed` or :index:`bridged`.
 You should choose bridged mode only if the tunnel must carry non-IP traffic.
@@ -57,6 +58,12 @@ To allow a client to establish a VPN:
 
 3. Import the file into the client and start the VPN.
 
+.. note::
+
+   When using OTP-based authentication, users will be required to enable :ref:`2FA <2fa-section>` before accessing the VPN.
+   Also make sure users will not enable the "Save password" option on their clients, because a new OTP must be
+   entered every time the VPN is started.
+
 Accounting
 ~~~~~~~~~~