diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
index 8c4cf3806..639f1d479 100644
--- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -21,7 +21,7 @@
     SSLCertificateKeyFile /etc/httpd/server-ecdsa.key
 
     Header always set X-Content-Type-Options nosniff
-    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"
     Header always set Referrer-Policy strict-origin
     Header always set X-Frame-Options sameorigin
 
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf
index 2cf57dd29..caa4b92f0 100644
--- a/config/httpd/vhosts.d/ipfire-interface.conf
+++ b/config/httpd/vhosts.d/ipfire-interface.conf
@@ -7,7 +7,7 @@
     RewriteRule .* - [F]
 
     Header always set X-Content-Type-Options nosniff
-    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"
+    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src: 'self' data:"
     Header always set Referrer-Policy strict-origin
     Header always set X-Frame-Options sameorigin
 
diff --git a/config/ovpn/openvpn-authenticator b/config/ovpn/openvpn-authenticator
new file mode 100644
index 000000000..65844012b
--- /dev/null
+++ b/config/ovpn/openvpn-authenticator
@@ -0,0 +1,381 @@
+#!/usr/bin/python3
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  Michael Tremer                                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+import argparse
+import base64
+import csv
+import daemon
+import logging
+import logging.handlers
+import signal
+import socket
+import subprocess
+import sys
+
+OPENVPN_CONFIG = "/var/ipfire/ovpn/ovpnconfig"
+
+CHALLENGETEXT = "One Time Token: "
+
+log = logging.getLogger()
+log.setLevel(logging.DEBUG)
+
+def setup_logging(daemon=True, loglevel=logging.INFO):
+	log.setLevel(loglevel)
+
+	# Log to syslog by default
+	handler = logging.handlers.SysLogHandler(address="/dev/log", facility="daemon")
+	log.addHandler(handler)
+
+	# Format everything
+	formatter = logging.Formatter("%(name)s[%(process)d]: %(message)s")
+	handler.setFormatter(formatter)
+
+	handler.setLevel(loglevel)
+
+	# If we are running in foreground, we should write everything to the console, too
+	if not daemon:
+		handler = logging.StreamHandler()
+		log.addHandler(handler)
+
+		handler.setLevel(loglevel)
+
+	return log
+
+class OpenVPNAuthenticator(object):
+	def __init__(self, socket_path):
+		self.socket_path = socket_path
+
+	def _read_line(self):
+		buf = []
+
+		while True:
+			char = self.sock.recv(1)
+			buf.append(char)
+
+			# Reached end of line
+			if char == b"\n":
+				break
+
+		line = b"".join(buf).decode()
+		line = line.rstrip()
+
+		log.debug("< %s" % line)
+
+		return line
+
+	def _write_line(self, line):
+		log.debug("> %s" % line)
+
+		if not line.endswith("\n"):
+			line = "%s\n" % line
+
+		# Convert into bytes
+		buf = line.encode()
+
+		# Send to socket
+		self.sock.send(buf)
+
+	def _send_command(self, command):
+		# Send the command
+		self._write_line(command)
+
+		return # XXX Code below doesn't work
+
+		# Read response
+		response = self._read_line()
+
+		# Handle response
+		if not response.startswith("SUCCESS:"):
+			log.error("Command '%s' returned an error:" % command)
+			log.error("  %s" % response)
+
+			return response
+
+	def run(self):
+		# Connect to socket
+		self.sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+		self.sock.connect(self.socket_path)
+
+		log.info("OpenVPN Authenticator started")
+
+		while True:
+			line = self._read_line()
+
+			if line.startswith(">CLIENT"):
+				self._client_event(line)
+
+		log.info("OpenVPN Authenticator terminated")
+
+	def terminate(self, *args):
+		# XXX TODO
+		raise SystemExit
+
+	def _client_event(self, line):
+		# Strip away "CLIENT:"
+		client, delim, line = line.partition(":")
+
+		# Extract the event & split any arguments
+		event, delim, arguments = line.partition(",")
+		arguments = arguments.split(",")
+
+		environ = {}
+
+		if event == "CONNECT":
+			environ = self._read_env(environ)
+			self._client_connect(*arguments, environ=environ)
+		elif event == "DISCONNECT":
+			environ = self._read_env(environ)
+			self._client_disconnect(*arguments, environ=environ)
+		elif event == "REAUTH":
+			environ = self._read_env(environ)
+			self._client_reauth(*arguments, environ=environ)
+		elif event == "ESTABLISHED":
+			environ = self._read_env(environ)
+		else:
+			log.debug("Unhandled event: %s" % event)
+
+	def _read_env(self, environ):
+		# Read environment
+		while True:
+			line = self._read_line()
+
+			if not line.startswith(">CLIENT:ENV,"):
+				raise RuntimeError("Unexpected environment line: %s" % line)
+
+			# Strip >CLIENT:ENV,
+			line = line[12:]
+
+			# Done
+			if line == "END":
+				break
+
+			# Parse environment
+			key, delim, value = line.partition("=")
+			environ[key] = value
+
+		return environ
+
+	def _client_connect(self, cid, kid, environ={}):
+		log.debug("Received client connect (cid=%s, kid=%s)" % (cid, kid))
+		for key in sorted(environ):
+			log.debug("  %s : %s" % (key, environ[key]))
+
+		# Fetch common name
+		common_name = environ.get("common_name")
+
+		# Find connection details
+		conn = self._find_connection(common_name)
+		if not conn:
+			log.warning("Could not find connection '%s'" % common_name)
+			# XXX deny auth?
+
+		log.debug("Found connection:")
+		for key in conn:
+			log.debug("  %s : %s" % (key, conn[key]))
+
+		# Perform no further checks if TOTP is disabled for this client
+		if not conn.get("totp_status") == "on":
+			return self._client_auth_successful(cid, kid)
+
+		# Fetch username & password
+		username = environ.get("username")
+		password = environ.get("password")
+
+		# Client sent the special password TOTP to start challenge authentication
+		if password == "TOTP":
+			return self._client_auth_challenge(cid, kid,
+				username=common_name, password="TOTP")
+
+		elif password.startswith("CRV1:"):
+			log.debug("Received dynamic challenge response %s" % password)
+
+			# Decode the string
+			(command, flags, username, password, token) = password.split(":", 5)
+
+			# Decode username
+			username = self._b64decode(username)
+
+			# Check if username matches common name
+			if username == common_name:
+				# Check if TOTP token matches
+				if self._check_totp_token(token, conn.get("totp_secret")):
+					return self._client_auth_successful(cid, kid)
+
+			# Restart authentication
+			self._client_auth_challenge(cid, kid,
+				username=common_name, password="TOTP")
+
+	def _client_disconnect(self, cid, environ={}):
+		"""
+			Handles CLIENT:DISCONNECT events
+		"""
+		pass
+
+	def _client_reauth(self, cid, kid, environ={}):
+		"""
+			Handles CLIENT:REAUTH events
+		"""
+		# Perform no checks
+		self._client_auth_successful(cid, kid)
+
+	def _client_auth_challenge(self, cid, kid, username, password):
+		"""
+			Initiates a dynamic challenge authentication with the client
+		"""
+		log.debug("Sending request for dynamic challenge...")
+
+		self._send_command(
+			"client-deny %s %s \"CRV1\" \"CRV1:R,E:%s:%s:%s\"" % (
+				cid,
+				kid,
+				self._b64encode(username),
+				self._b64encode(password),
+				self._escape(CHALLENGETEXT),
+			),
+		)
+
+	def _client_auth_successful(self, cid, kid):
+		"""
+			Sends a positive authentication response
+		"""
+		log.debug("Client Authentication Successful (cid=%s, kid=%s)" % (cid, kid))
+
+		self._send_command(
+			"client-auth-nt %s %s" % (cid, kid),
+		)
+
+	@staticmethod
+	def _b64encode(s):
+		return base64.b64encode(s.encode()).decode()
+
+	@staticmethod
+	def _b64decode(s):
+		return base64.b64decode(s.encode()).decode()
+		
+	@staticmethod
+	def _escape(s):
+		return s.replace(" ", "\ ")
+
+	def _find_connection(self, common_name):
+		with open(OPENVPN_CONFIG, "r") as f:
+			for row in csv.reader(f, dialect="unix"):
+				# Skip empty rows or rows that are too short
+				if not row or len(row) < 5:
+					continue
+
+				# Skip disabled connections
+				if not row[1] == "on":
+					continue
+
+				# Skip any net-2-net connections
+				if not row[4] == "host":
+					continue
+
+				# Skip if common name does not match
+				if not row[3] == common_name:
+					continue
+
+				# Return match!
+				conn = {
+					"name"        : row[2],
+					"common_name" : row[3],
+				}
+
+				# TOTP options
+				try:
+					conn |= {
+						"totp_protocol" : row[43],
+						"totp_status"   : row[44],
+						"totp_secret"   : row[45],
+					}
+				except IndexError:
+					pass
+
+				return conn
+
+
+	def _check_totp_token(self, token, secret):
+		p = subprocess.run(
+			["oathtool", "--totp", "-w", "3", "%s" % secret],
+			capture_output=True,
+		)
+
+		# Catch any errors if we could not run the command
+		if p.returncode:
+			log.error("Could not run oathtool: %s" % p.stderr)
+
+			return False
+
+		# Reading returned tokens looking for a match
+		for line in p.stdout.split(b"\n"):
+			# Skip empty/last line(s)
+			if not line:
+				continue
+
+			# Decode bytes into string
+			line = line.decode()
+
+			# Return True if a token matches
+			if line == token:
+				return True
+
+		# No match
+		return False
+
+
+if __name__ == "__main__":
+	parser = argparse.ArgumentParser(description="OpenVPN Authenticator")
+
+	# Daemon Stuff
+	parser.add_argument("--daemon", "-d", action="store_true",
+		help="Launch as daemon in background")
+	parser.add_argument("--verbose", "-v", action="count", help="Be more verbose")
+
+	# Paths
+	parser.add_argument("--socket", default="/var/run/openvpn.sock",
+		metavar="PATH", help="Path to OpenVPN Management Socket")
+
+	# Parse command line arguments
+	args = parser.parse_args()
+
+	# Setup logging
+	loglevel = logging.WARN
+
+	if args.verbose:
+		if args.verbose == 1:
+			loglevel = logging.INFO
+		elif args.verbose >= 2:
+			loglevel = logging.DEBUG
+
+	# Create an authenticator
+	authenticator = OpenVPNAuthenticator(args.socket)
+
+	with daemon.DaemonContext(
+		detach_process=args.daemon,
+		stderr=None if args.daemon else sys.stderr,
+		signal_map = {
+			signal.SIGINT  : authenticator.terminate,
+			signal.SIGTERM : authenticator.terminate,
+		},
+	) as daemon:
+		setup_logging(daemon=args.daemon, loglevel=loglevel)
+
+		authenticator.run()
diff --git a/config/rootfiles/common/oath-toolkit b/config/rootfiles/common/oath-toolkit
new file mode 100644
index 000000000..ef10a861f
--- /dev/null
+++ b/config/rootfiles/common/oath-toolkit
@@ -0,0 +1,219 @@
+usr/bin/oathtool
+#usr/bin/pskctool
+#usr/include/liboath
+#usr/include/liboath/oath.h
+#usr/include/pskc
+#usr/include/pskc/container.h
+#usr/include/pskc/enums.h
+#usr/include/pskc/errors.h
+#usr/include/pskc/exports.h
+#usr/include/pskc/global.h
+#usr/include/pskc/keypackage.h
+#usr/include/pskc/pskc.h
+#usr/include/pskc/version.h
+#usr/lib/liboath.a
+#usr/lib/liboath.la
+#usr/lib/liboath.so
+usr/lib/liboath.so.0
+usr/lib/liboath.so.0.1.3
+#usr/lib/libpskc.a
+#usr/lib/libpskc.la
+#usr/lib/libpskc.so
+#usr/lib/libpskc.so.0
+#usr/lib/libpskc.so.0.0.1
+#usr/lib/pkgconfig/liboath.pc
+#usr/lib/pkgconfig/libpskc.pc
+#usr/lib/security/pam_oath.la
+#usr/lib/security/pam_oath.so
+#usr/share/gtk-doc/html/liboath
+#usr/share/gtk-doc/html/liboath/api-index-1-10-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-12-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-4-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-6-0.html
+#usr/share/gtk-doc/html/liboath/api-index-1-8-0.html
+#usr/share/gtk-doc/html/liboath/api-index-2-4-0.html
+#usr/share/gtk-doc/html/liboath/api-index-2-6-0.html
+#usr/share/gtk-doc/html/liboath/api-index-full.html
+#usr/share/gtk-doc/html/liboath/deprecated-api-index.html
+#usr/share/gtk-doc/html/liboath/home.png
+#usr/share/gtk-doc/html/liboath/index.html
+#usr/share/gtk-doc/html/liboath/intro.html
+#usr/share/gtk-doc/html/liboath/left-insensitive.png
+#usr/share/gtk-doc/html/liboath/left.png
+#usr/share/gtk-doc/html/liboath/liboath-oath.h.html
+#usr/share/gtk-doc/html/liboath/liboath.devhelp2
+#usr/share/gtk-doc/html/liboath/right-insensitive.png
+#usr/share/gtk-doc/html/liboath/right.png
+#usr/share/gtk-doc/html/liboath/style.css
+#usr/share/gtk-doc/html/liboath/up-insensitive.png
+#usr/share/gtk-doc/html/liboath/up.png
+#usr/share/gtk-doc/html/libpskc
+#usr/share/gtk-doc/html/libpskc/api-index-2-2-0.html
+#usr/share/gtk-doc/html/libpskc/api-index-full.html
+#usr/share/gtk-doc/html/libpskc/deprecated-api-index.html
+#usr/share/gtk-doc/html/libpskc/home.png
+#usr/share/gtk-doc/html/libpskc/index.html
+#usr/share/gtk-doc/html/libpskc/left-insensitive.png
+#usr/share/gtk-doc/html/libpskc/left.png
+#usr/share/gtk-doc/html/libpskc/libpskc-container.html
+#usr/share/gtk-doc/html/libpskc/libpskc-enums.html
+#usr/share/gtk-doc/html/libpskc/libpskc-errors.html
+#usr/share/gtk-doc/html/libpskc/libpskc-global.html
+#usr/share/gtk-doc/html/libpskc/libpskc-keypackage.html
+#usr/share/gtk-doc/html/libpskc/libpskc-pskc.html
+#usr/share/gtk-doc/html/libpskc/libpskc-version.html
+#usr/share/gtk-doc/html/libpskc/libpskc.devhelp2
+#usr/share/gtk-doc/html/libpskc/pskc-reference.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-create.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-sign.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-libpskc-verify.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-library.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-sign.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-validate.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool-verify.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-pskctool.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial-quickstart.html
+#usr/share/gtk-doc/html/libpskc/pskc-tutorial.html
+#usr/share/gtk-doc/html/libpskc/right-insensitive.png
+#usr/share/gtk-doc/html/libpskc/right.png
+#usr/share/gtk-doc/html/libpskc/style.css
+#usr/share/gtk-doc/html/libpskc/up-insensitive.png
+#usr/share/gtk-doc/html/libpskc/up.png
+#usr/share/man/man1/oathtool.1
+#usr/share/man/man1/pskctool.1
+#usr/share/man/man3/oath_authenticate_usersfile.3
+#usr/share/man/man3/oath_base32_decode.3
+#usr/share/man/man3/oath_base32_encode.3
+#usr/share/man/man3/oath_bin2hex.3
+#usr/share/man/man3/oath_check_version.3
+#usr/share/man/man3/oath_done.3
+#usr/share/man/man3/oath_hex2bin.3
+#usr/share/man/man3/oath_hotp_generate.3
+#usr/share/man/man3/oath_hotp_validate.3
+#usr/share/man/man3/oath_hotp_validate_callback.3
+#usr/share/man/man3/oath_init.3
+#usr/share/man/man3/oath_strerror.3
+#usr/share/man/man3/oath_strerror_name.3
+#usr/share/man/man3/oath_totp_generate.3
+#usr/share/man/man3/oath_totp_generate2.3
+#usr/share/man/man3/oath_totp_validate.3
+#usr/share/man/man3/oath_totp_validate2.3
+#usr/share/man/man3/oath_totp_validate2_callback.3
+#usr/share/man/man3/oath_totp_validate3.3
+#usr/share/man/man3/oath_totp_validate3_callback.3
+#usr/share/man/man3/oath_totp_validate4.3
+#usr/share/man/man3/oath_totp_validate4_callback.3
+#usr/share/man/man3/oath_totp_validate_callback.3
+#usr/share/man/man3/pskc_add_keypackage.3
+#usr/share/man/man3/pskc_build_xml.3
+#usr/share/man/man3/pskc_check_version.3
+#usr/share/man/man3/pskc_done.3
+#usr/share/man/man3/pskc_free.3
+#usr/share/man/man3/pskc_get_cryptomodule_id.3
+#usr/share/man/man3/pskc_get_device_devicebinding.3
+#usr/share/man/man3/pskc_get_device_expirydate.3
+#usr/share/man/man3/pskc_get_device_issueno.3
+#usr/share/man/man3/pskc_get_device_manufacturer.3
+#usr/share/man/man3/pskc_get_device_model.3
+#usr/share/man/man3/pskc_get_device_serialno.3
+#usr/share/man/man3/pskc_get_device_startdate.3
+#usr/share/man/man3/pskc_get_device_userid.3
+#usr/share/man/man3/pskc_get_id.3
+#usr/share/man/man3/pskc_get_key_algorithm.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_checkdigits.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_encoding.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_max.3
+#usr/share/man/man3/pskc_get_key_algparm_chall_min.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_checkdigits.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_encoding.3
+#usr/share/man/man3/pskc_get_key_algparm_resp_length.3
+#usr/share/man/man3/pskc_get_key_algparm_suite.3
+#usr/share/man/man3/pskc_get_key_data_b64secret.3
+#usr/share/man/man3/pskc_get_key_data_counter.3
+#usr/share/man/man3/pskc_get_key_data_secret.3
+#usr/share/man/man3/pskc_get_key_data_time.3
+#usr/share/man/man3/pskc_get_key_data_timedrift.3
+#usr/share/man/man3/pskc_get_key_data_timeinterval.3
+#usr/share/man/man3/pskc_get_key_friendlyname.3
+#usr/share/man/man3/pskc_get_key_id.3
+#usr/share/man/man3/pskc_get_key_issuer.3
+#usr/share/man/man3/pskc_get_key_policy_expirydate.3
+#usr/share/man/man3/pskc_get_key_policy_keyusages.3
+#usr/share/man/man3/pskc_get_key_policy_numberoftransactions.3
+#usr/share/man/man3/pskc_get_key_policy_pinencoding.3
+#usr/share/man/man3/pskc_get_key_policy_pinkeyid.3
+#usr/share/man/man3/pskc_get_key_policy_pinmaxfailedattempts.3
+#usr/share/man/man3/pskc_get_key_policy_pinmaxlength.3
+#usr/share/man/man3/pskc_get_key_policy_pinminlength.3
+#usr/share/man/man3/pskc_get_key_policy_pinusagemode.3
+#usr/share/man/man3/pskc_get_key_policy_startdate.3
+#usr/share/man/man3/pskc_get_key_profileid.3
+#usr/share/man/man3/pskc_get_key_reference.3
+#usr/share/man/man3/pskc_get_key_userid.3
+#usr/share/man/man3/pskc_get_keypackage.3
+#usr/share/man/man3/pskc_get_signed_p.3
+#usr/share/man/man3/pskc_get_version.3
+#usr/share/man/man3/pskc_global_done.3
+#usr/share/man/man3/pskc_global_init.3
+#usr/share/man/man3/pskc_global_log.3
+#usr/share/man/man3/pskc_init.3
+#usr/share/man/man3/pskc_keyusage2str.3
+#usr/share/man/man3/pskc_output.3
+#usr/share/man/man3/pskc_parse_from_memory.3
+#usr/share/man/man3/pskc_pinusagemode2str.3
+#usr/share/man/man3/pskc_set_cryptomodule_id.3
+#usr/share/man/man3/pskc_set_device_devicebinding.3
+#usr/share/man/man3/pskc_set_device_expirydate.3
+#usr/share/man/man3/pskc_set_device_issueno.3
+#usr/share/man/man3/pskc_set_device_manufacturer.3
+#usr/share/man/man3/pskc_set_device_model.3
+#usr/share/man/man3/pskc_set_device_serialno.3
+#usr/share/man/man3/pskc_set_device_startdate.3
+#usr/share/man/man3/pskc_set_device_userid.3
+#usr/share/man/man3/pskc_set_id.3
+#usr/share/man/man3/pskc_set_key_algorithm.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_checkdigits.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_encoding.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_max.3
+#usr/share/man/man3/pskc_set_key_algparm_chall_min.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_checkdigits.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_encoding.3
+#usr/share/man/man3/pskc_set_key_algparm_resp_length.3
+#usr/share/man/man3/pskc_set_key_algparm_suite.3
+#usr/share/man/man3/pskc_set_key_data_b64secret.3
+#usr/share/man/man3/pskc_set_key_data_counter.3
+#usr/share/man/man3/pskc_set_key_data_secret.3
+#usr/share/man/man3/pskc_set_key_data_time.3
+#usr/share/man/man3/pskc_set_key_data_timedrift.3
+#usr/share/man/man3/pskc_set_key_data_timeinterval.3
+#usr/share/man/man3/pskc_set_key_friendlyname.3
+#usr/share/man/man3/pskc_set_key_id.3
+#usr/share/man/man3/pskc_set_key_issuer.3
+#usr/share/man/man3/pskc_set_key_policy_expirydate.3
+#usr/share/man/man3/pskc_set_key_policy_keyusages.3
+#usr/share/man/man3/pskc_set_key_policy_numberoftransactions.3
+#usr/share/man/man3/pskc_set_key_policy_pinencoding.3
+#usr/share/man/man3/pskc_set_key_policy_pinkeyid.3
+#usr/share/man/man3/pskc_set_key_policy_pinmaxfailedattempts.3
+#usr/share/man/man3/pskc_set_key_policy_pinmaxlength.3
+#usr/share/man/man3/pskc_set_key_policy_pinminlength.3
+#usr/share/man/man3/pskc_set_key_policy_pinusagemode.3
+#usr/share/man/man3/pskc_set_key_policy_startdate.3
+#usr/share/man/man3/pskc_set_key_profileid.3
+#usr/share/man/man3/pskc_set_key_reference.3
+#usr/share/man/man3/pskc_set_key_userid.3
+#usr/share/man/man3/pskc_set_version.3
+#usr/share/man/man3/pskc_sign_x509.3
+#usr/share/man/man3/pskc_str2keyusage.3
+#usr/share/man/man3/pskc_str2pinusagemode.3
+#usr/share/man/man3/pskc_str2valueformat.3
+#usr/share/man/man3/pskc_strerror.3
+#usr/share/man/man3/pskc_strerror_name.3
+#usr/share/man/man3/pskc_validate.3
+#usr/share/man/man3/pskc_valueformat2str.3
+#usr/share/man/man3/pskc_verify_x509crt.3
+#usr/share/xml/pskc
+#usr/share/xml/pskc/catalog-pskc.xml
+#usr/share/xml/pskc/pskc-schema.xsd
+#usr/share/xml/pskc/xenc-schema.xsd
+#usr/share/xml/pskc/xmldsig-core-schema.xsd
diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 6c3457d01..1784651b4 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -9,6 +9,7 @@ usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so
 usr/lib/openvpn/plugins/openvpn-plugin-down-root.so
 usr/lib/openvpn/verify
 usr/sbin/openvpn
+usr/sbin/openvpn-authenticator
 #usr/share/doc/openvpn
 #usr/share/doc/openvpn/COPYING
 #usr/share/doc/openvpn/COPYRIGHT.GPL
diff --git a/config/rootfiles/common/perl-File-Remove b/config/rootfiles/common/perl-File-Remove
new file mode 100644
index 000000000..b9b646143
--- /dev/null
+++ b/config/rootfiles/common/perl-File-Remove
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/File/Remove.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/File/Remove/.packlist
+#usr/share/man/man3/File::Remove.3
diff --git a/config/rootfiles/common/perl-Imager b/config/rootfiles/common/perl-Imager
new file mode 100644
index 000000000..2416a78b5
--- /dev/null
+++ b/config/rootfiles/common/perl-Imager
@@ -0,0 +1,165 @@
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/API.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/APIRef.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Float.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Color/Table.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Cookbook.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/CountColor.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Draw.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Engines.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Expr/Assem.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ExtUtils.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/CUR.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/ICO.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/JPEG.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/PNG.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/SGI.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/File/TIFF.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Files.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fill.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/DynTest.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Flines.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filter/Mandelbrot.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Filters.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/BBox.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FT2.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/FreeType2.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Image.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Test.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Truetype.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Type1.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Font/Wrap.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Fountain.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Handy.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/IO.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/ImageTypes.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Inline.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Install.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/LargeSamples.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Matrix2d.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Preprocess.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Probe.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Regops.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Security.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Test.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Threads.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transform.pm
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Transformations.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/Tutorial.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/draw.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/dynaload.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ext.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/feat.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imager.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imageri.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imconfig.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imdatatypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imerror.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexif.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imext.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextdef.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpl.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imextpltypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imexttypes.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imio.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/immacros.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperl.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imperlio.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/imrender.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayer.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/iolayert.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/log.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/plug.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/ppport.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/regmach.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/rendert.h
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/include/stackmach.h
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/interface.pod
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/regmach.pod
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/typemap
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/.packlist
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/CountColor/CountColor.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/ICO/ICO.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/JPEG/JPEG.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/PNG/PNG.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/SGI/SGI.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/File/TIFF/TIFF.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/DynTest/DynTest.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Flines/Flines.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Filter/Mandelbrot/Mandelbrot.so
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Font/FT2/FT2.so
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/Imager.so
+#usr/share/man/man3/Imager.3
+#usr/share/man/man3/Imager::API.3
+#usr/share/man/man3/Imager::APIRef.3
+#usr/share/man/man3/Imager::Color.3
+#usr/share/man/man3/Imager::Color::Float.3
+#usr/share/man/man3/Imager::Color::Table.3
+#usr/share/man/man3/Imager::Cookbook.3
+#usr/share/man/man3/Imager::CountColor.3
+#usr/share/man/man3/Imager::Draw.3
+#usr/share/man/man3/Imager::Engines.3
+#usr/share/man/man3/Imager::Expr.3
+#usr/share/man/man3/Imager::Expr::Assem.3
+#usr/share/man/man3/Imager::ExtUtils.3
+#usr/share/man/man3/Imager::File::ICO.3
+#usr/share/man/man3/Imager::File::JPEG.3
+#usr/share/man/man3/Imager::File::PNG.3
+#usr/share/man/man3/Imager::File::SGI.3
+#usr/share/man/man3/Imager::File::TIFF.3
+#usr/share/man/man3/Imager::Files.3
+#usr/share/man/man3/Imager::Fill.3
+#usr/share/man/man3/Imager::Filter::Flines.3
+#usr/share/man/man3/Imager::Filter::Mandelbrot.3
+#usr/share/man/man3/Imager::Filters.3
+#usr/share/man/man3/Imager::Font.3
+#usr/share/man/man3/Imager::Font::BBox.3
+#usr/share/man/man3/Imager::Font::FT2.3
+#usr/share/man/man3/Imager::Font::FreeType2.3
+#usr/share/man/man3/Imager::Font::Test.3
+#usr/share/man/man3/Imager::Font::Truetype.3
+#usr/share/man/man3/Imager::Font::Type1.3
+#usr/share/man/man3/Imager::Font::Wrap.3
+#usr/share/man/man3/Imager::Fountain.3
+#usr/share/man/man3/Imager::Handy.3
+#usr/share/man/man3/Imager::IO.3
+#usr/share/man/man3/Imager::ImageTypes.3
+#usr/share/man/man3/Imager::Inline.3
+#usr/share/man/man3/Imager::Install.3
+#usr/share/man/man3/Imager::LargeSamples.3
+#usr/share/man/man3/Imager::Matrix2d.3
+#usr/share/man/man3/Imager::Preprocess.3
+#usr/share/man/man3/Imager::Probe.3
+#usr/share/man/man3/Imager::Regops.3
+#usr/share/man/man3/Imager::Security.3
+#usr/share/man/man3/Imager::Test.3
+#usr/share/man/man3/Imager::Threads.3
+#usr/share/man/man3/Imager::Transform.3
+#usr/share/man/man3/Imager::Transformations.3
+#usr/share/man/man3/Imager::Tutorial.3
+#usr/share/man/man3/Imager::interface.3
+#usr/share/man/man3/Imager::regmach.3
diff --git a/config/rootfiles/common/perl-Imager-QRCode b/config/rootfiles/common/perl-Imager-QRCode
new file mode 100644
index 000000000..0ca11f270
--- /dev/null
+++ b/config/rootfiles/common/perl-Imager-QRCode
@@ -0,0 +1,5 @@
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/Imager/QRCode.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/.packlist
+usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Imager/QRCode/QRCode.so
+#usr/share/man/man3/Imager::QRCode.3
diff --git a/config/rootfiles/common/perl-MIME-Base32 b/config/rootfiles/common/perl-MIME-Base32
new file mode 100644
index 000000000..31c21ef21
--- /dev/null
+++ b/config/rootfiles/common/perl-MIME-Base32
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/MIME/Base32.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/MIME/Base32/.packlist
+#usr/share/man/man3/MIME::Base32.3
diff --git a/config/rootfiles/common/perl-Module-Build b/config/rootfiles/common/perl-Module-Build
new file mode 100644
index 000000000..16cecf272
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-Build
@@ -0,0 +1,51 @@
+#usr/bin/config_data
+#usr/lib/perl5/site_perl/5.32.1/Module
+#usr/lib/perl5/site_perl/5.32.1/Module/Build
+#usr/lib/perl5/site_perl/5.32.1/Module/Build.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/API.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Authoring.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Base.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Bundling.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Compat.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Config.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/ConfigData.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Cookbook.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Dumper.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Notes.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/PPMMaker.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Default.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/MacOS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Unix.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VMS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/VOS.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/Windows.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/aix.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/cygwin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/darwin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/Platform/os2.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Build/PodParser.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Build/.packlist
+#usr/share/man/man1/config_data.1
+#usr/share/man/man3/Module::Build.3
+#usr/share/man/man3/Module::Build::API.3
+#usr/share/man/man3/Module::Build::Authoring.3
+#usr/share/man/man3/Module::Build::Base.3
+#usr/share/man/man3/Module::Build::Bundling.3
+#usr/share/man/man3/Module::Build::Compat.3
+#usr/share/man/man3/Module::Build::ConfigData.3
+#usr/share/man/man3/Module::Build::Cookbook.3
+#usr/share/man/man3/Module::Build::Notes.3
+#usr/share/man/man3/Module::Build::PPMMaker.3
+#usr/share/man/man3/Module::Build::Platform::Default.3
+#usr/share/man/man3/Module::Build::Platform::MacOS.3
+#usr/share/man/man3/Module::Build::Platform::Unix.3
+#usr/share/man/man3/Module::Build::Platform::VMS.3
+#usr/share/man/man3/Module::Build::Platform::VOS.3
+#usr/share/man/man3/Module::Build::Platform::Windows.3
+#usr/share/man/man3/Module::Build::Platform::aix.3
+#usr/share/man/man3/Module::Build::Platform::cygwin.3
+#usr/share/man/man3/Module::Build::Platform::darwin.3
+#usr/share/man/man3/Module::Build::Platform::os2.3
diff --git a/config/rootfiles/common/perl-Module-Install b/config/rootfiles/common/perl-Module-Install
new file mode 100644
index 000000000..caabe9375
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-Install
@@ -0,0 +1,66 @@
+#usr/lib/perl5/site_perl/5.32.1/Module/AutoInstall.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/Module/Install.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/API.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Bundle.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Compiler.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Find.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Include.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Makefile.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Manifest.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/Metadata.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/ScanDeps.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Admin/WriteAll.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/AutoInstall.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Base.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Bundle.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Can.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Compiler.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/DSL.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Deprecated.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/External.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/FAQ.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Fetch.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Include.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Inline.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/MakeMaker.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Makefile.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Metadata.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/PAR.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Philosophy.pod
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Run.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Scripts.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Share.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/Win32.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/With.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/Install/WriteAll.pm
+#usr/lib/perl5/site_perl/5.32.1/inc
+#usr/lib/perl5/site_perl/5.32.1/inc/Module
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install.pm
+#usr/lib/perl5/site_perl/5.32.1/inc/Module/Install/DSL.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/Install/.packlist
+#usr/share/man/man3/Module::AutoInstall.3
+#usr/share/man/man3/Module::Install.3
+#usr/share/man/man3/Module::Install::API.3
+#usr/share/man/man3/Module::Install::Admin.3
+#usr/share/man/man3/Module::Install::Admin::Include.3
+#usr/share/man/man3/Module::Install::Admin::Manifest.3
+#usr/share/man/man3/Module::Install::Base.3
+#usr/share/man/man3/Module::Install::Bundle.3
+#usr/share/man/man3/Module::Install::Can.3
+#usr/share/man/man3/Module::Install::Compiler.3
+#usr/share/man/man3/Module::Install::Deprecated.3
+#usr/share/man/man3/Module::Install::External.3
+#usr/share/man/man3/Module::Install::FAQ.3
+#usr/share/man/man3/Module::Install::Makefile.3
+#usr/share/man/man3/Module::Install::PAR.3
+#usr/share/man/man3/Module::Install::Philosophy.3
+#usr/share/man/man3/Module::Install::Share.3
+#usr/share/man/man3/Module::Install::With.3
+#usr/share/man/man3/inc::Module::Install.3
+#usr/share/man/man3/inc::Module::Install::DSL.3
diff --git a/config/rootfiles/common/perl-Module-ScanDeps b/config/rootfiles/common/perl-Module-ScanDeps
new file mode 100644
index 000000000..3886fb3ac
--- /dev/null
+++ b/config/rootfiles/common/perl-Module-ScanDeps
@@ -0,0 +1,8 @@
+#usr/bin/scandeps.pl
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps.pm
+#usr/lib/perl5/site_perl/5.32.1/Module/ScanDeps/Cache.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/Module/ScanDeps/.packlist
+#usr/share/man/man1/scandeps.pl.1
+#usr/share/man/man3/Module::ScanDeps.3
diff --git a/config/rootfiles/common/perl-URI-Encode b/config/rootfiles/common/perl-URI-Encode
new file mode 100644
index 000000000..2bae6f8c3
--- /dev/null
+++ b/config/rootfiles/common/perl-URI-Encode
@@ -0,0 +1,4 @@
+usr/lib/perl5/site_perl/5.32.1/URI/Encode.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/URI/Encode/.packlist
+#usr/share/man/man3/URI::Encode.3
diff --git a/config/rootfiles/common/perl-YAML-Tiny b/config/rootfiles/common/perl-YAML-Tiny
new file mode 100644
index 000000000..7114b12ac
--- /dev/null
+++ b/config/rootfiles/common/perl-YAML-Tiny
@@ -0,0 +1,6 @@
+#usr/lib/perl5/site_perl/5.32.1/YAML
+usr/lib/perl5/site_perl/5.32.1/YAML/Tiny.pm
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny
+#usr/lib/perl5/site_perl/5.32.1/xxxMACHINExxx-linux-thread-multi/auto/YAML/Tiny/.packlist
+#usr/share/man/man3/YAML::Tiny.3
diff --git a/config/rootfiles/common/qrencode b/config/rootfiles/common/qrencode
new file mode 100644
index 000000000..c0406bd9e
--- /dev/null
+++ b/config/rootfiles/common/qrencode
@@ -0,0 +1,8 @@
+usr/bin/qrencode
+#usr/include/qrencode.h
+#usr/lib/libqrencode.la
+#usr/lib/libqrencode.so
+usr/lib/libqrencode.so.4
+usr/lib/libqrencode.so.4.1.1
+#usr/lib/pkgconfig/libqrencode.pc
+#usr/share/man/man1/qrencode.1
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index c2558bd81..b8c3e5064 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -23,6 +23,10 @@
 ###
 use CGI;
 use CGI qw/:standard/;
+use Imager::QRCode;
+use MIME::Base32;
+use MIME::Base64;
+use URI::Encode qw(uri_encode uri_decode);;
 use Net::DNS;
 use Net::Ping;
 use Net::Telnet;
@@ -40,6 +44,7 @@ require "${General::swroot}/location-functions.pl";
 # enable only the following on debugging purpose
 #use warnings;
 #use CGI::Carp 'fatalsToBrowser';
+
 #workaround to suppress a warning when a variable is used only once
 my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
 undef (@dummy);
@@ -372,6 +377,8 @@ sub writeserverconf {
     }
     print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
+    print CONF "auth-user-pass-optional\n";
+    print CONF "reneg-sec 86400\n";
     print CONF "user nobody\n";
     print CONF "group nobody\n";
     print CONF "persist-key\n";
@@ -385,6 +392,11 @@ sub writeserverconf {
     print CONF "# Log clients connecting/disconnecting\n";
     print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
     print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+    print CONF "\n";
+
+    print CONF "# Enable Management Socket\n";
+    print CONF "management /var/run/openvpn.sock unix\n";
+    print CONF "management-client-auth\n";
 
     # Print server.conf.local if entries exist to server.conf
     if ( !-z $local_serverconf  && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
@@ -2431,6 +2443,16 @@ else
 	print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
     }
 
+    # Disable storing any credentials in memory
+    print CLIENTCONF "auth-nocache\r\n";
+
+    # Set a fake user name for authentication
+    print CLIENTCONF "auth-token-user USER\r\n";
+    print CLIENTCONF "auth-token TOTP\r\n";
+
+    # If the server is asking for TOTP this needs to happen interactively
+    print CLIENTCONF "auth-retry interact\r\n";
+
     if ($include_certs) {
 	print CLIENTCONF "\r\n";
 
@@ -2617,6 +2639,45 @@ else
 	exit(0);
     }
 
+###
+### Display OTP QRCode
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show otp qrcode'}) {
+   &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+   my $qrcode = Imager::QRCode->new(
+      size          => 6,
+      margin        => 0,
+      version       => 0,
+      level         => 'M',
+      mode          => '8-bit',
+      casesensitive => 1,
+      lightcolor    => Imager::Color->new(255, 255, 255),
+      darkcolor     => Imager::Color->new(0, 0, 0),
+   );
+   my $cn = uri_encode($confighash{$cgiparams{'KEY'}}[2]);
+   my $secret = encode_base32(pack('H*', $confighash{$cgiparams{'KEY'}}[44]));
+   my $issuer = uri_encode("$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}");
+   my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer");
+   my $qrcodeimgdata;
+   $qrcodeimg->write(data => \$qrcodeimgdata, type=> 'png')
+      or die $qrcodeimg->errstr;
+   $qrcodeimgdata = encode_base64($qrcodeimgdata, '');
+
+   &Header::showhttpheaders();
+   &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+   &Header::openbigbox('100%', 'LEFT', '', '');
+   &Header::openbox('100%', 'LEFT', "$Lang::tr{'otp qrcode'}:");
+   print <<END;
+$Lang::tr{'secret'}:&nbsp;$secret</br></br>
+<img alt="$Lang::tr{'otp qrcode'}" src="data:image/png;base64,$qrcodeimgdata">
+END
+   &Header::closebox();
+   print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+   &Header::closebigbox();
+   &Header::closepage();
+   exit(0);
+
 ###
 ### Display Diffie-Hellman key
 ###
@@ -3660,6 +3721,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		$cgiparams{'DAUTH'}		= $confighash{$cgiparams{'KEY'}}[39];
 		$cgiparams{'DCIPHER'}		= $confighash{$cgiparams{'KEY'}}[40];
 		$cgiparams{'TLSAUTH'}		= $confighash{$cgiparams{'KEY'}}[41];
+		$cgiparams{'OTP_STATE'}		= $confighash{$cgiparams{'KEY'}}[43];
 	} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
 
@@ -4422,6 +4484,16 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		$confighash{$key}[41] = "no-pass";
 	}
 
+   $confighash{$key}[42] = 'HOTP/T30/6';
+	$confighash{$key}[43] = $cgiparams{'OTP_STATE'};
+	if (($confighash{$key}[43] eq 'on') && ($confighash{$key}[44] eq '')) {
+		my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
+      chomp($otp_secret[0]);
+		$confighash{$key}[44] = $otp_secret[0];
+	} elsif ($confighash{$key}[43] eq '') {
+		$confighash{$key}[44] = '';
+	}
+
 	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 	if ($cgiparams{'CHECK1'} ){
@@ -4835,6 +4907,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
 	    print"</td></tr></table><br><br>";
 		my $name=$cgiparams{'CHECK1'};
 		$checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
+		$checked{'OTP_STATE'}{$cgiparams{'OTP_STATE'}} = 'CHECKED';
 
 	if (! -z "${General::swroot}/ovpn/ccd.conf"){
 		print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
@@ -4970,6 +5043,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
 
 	print <<END;
 	<table border='0' width='100%'>
+	<tr><td width='20%'>$Lang::tr{'enable otp'}:</td><td colspan='3'><input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} /></td></tr>
 	<tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
 	<tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
 	<tr><td colspan='4'>&nbsp</td></tr>
@@ -5413,7 +5487,7 @@ END
 	<th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
 	<th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
 	<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
-	<th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
+	<th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
 </tr>
 END
 		}
@@ -5427,7 +5501,7 @@ END
 	<th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
 	<th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
 	<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
-	<th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
+	<th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
 </tr>
 END
 		}
@@ -5560,6 +5634,19 @@ END
 	; } else {
 	    print "<td>&nbsp;</td>";
 	}
+
+   if ($confighash{$key}[43] eq 'on') {
+      print <<END;
+<form method='post' name='frm${key}o'><td align='center' $col>
+<input type='image' name='$Lang::tr{'show otp qrcode'}' src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}' title='$Lang::tr{'show otp qrcode'}' border='0' />
+<input type='hidden' name='ACTION' value='$Lang::tr{'show otp qrcode'}' />
+<input type='hidden' name='KEY' value='$key' />
+</td></form>
+END
+; } else {
+      print "<td $col>&nbsp;</td>";
+   }
+
 	if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
 	    print <<END;
 	    <form method='post' name='frm${key}c'><td align='center' $col>
@@ -5628,6 +5715,8 @@ END
 		<td class='base'>$Lang::tr{'download certificate'}</td>
 		<td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
 		<td class='base'>$Lang::tr{'dl client arch'}</td>
+		<td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
+		<td class='base'>$Lang::tr{'show otp qrcode'}</td>
 		</tr>
     </table><br>
 END
diff --git a/html/html/images/qr-code.png b/html/html/images/qr-code.png
new file mode 100644
index 000000000..946e10a2a
Binary files /dev/null and b/html/html/images/qr-code.png differ
diff --git a/html/html/images/qr-code.svg b/html/html/images/qr-code.svg
new file mode 100644
index 000000000..66c6b9d17
--- /dev/null
+++ b/html/html/images/qr-code.svg
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!-- Generator: Adobe Illustrator 19.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+	 viewBox="0 0 512 512" style="enable-background:new 0 0 512 512;" xml:space="preserve">
+<path d="M0,0v233.739h233.739V0H0z M200.348,200.348H33.391V33.391h166.957V200.348z"/>
+<rect x="66.783" y="66.783" width="100.174" height="100.174"/>
+<path d="M278.261,0v233.739H512V0H278.261z M478.609,200.348H311.652V33.391h166.957V200.348z"/>
+<rect x="345.043" y="66.783" width="100.174" height="100.174"/>
+<path d="M0,278.261V512h233.739V278.261H0z M200.348,478.609H33.391V311.652h166.957V478.609z"/>
+<rect x="66.783" y="345.043" width="100.174" height="100.174"/>
+<polygon points="278.261,278.261 278.261,512 345.043,512 345.043,478.609 311.652,478.609 311.652,411.826 345.043,411.826 
+	345.043,378.435 311.652,378.435 311.652,311.652 345.043,311.652 345.043,278.261 "/>
+<rect x="478.609" y="278.261" width="33.391" height="33.391"/>
+<polygon points="478.609,478.609 445.217,478.609 445.217,512 512,512 512,356.174 478.609,356.174 "/>
+<rect x="378.435" y="278.261" width="66.783" height="33.391"/>
+<polygon points="445.217,411.826 411.826,411.826 411.826,378.435 445.217,378.435 445.217,345.043 378.435,345.043 
+	378.435,445.217 445.217,445.217 "/>
+<rect x="378.435" y="478.609" width="33.391" height="33.391"/>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+<g>
+</g>
+</svg>
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 7a39e233b..1799d8c74 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -979,6 +979,7 @@
 'empty profile' => 'Unbenannt',
 'enable ignore filter' => '&quot;Ignorieren&quot;-Filter ein',
 'enable javascript' => 'Javascript aktivieren',
+'enable otp' => 'Aktiviere OTP',
 'enable smt' => 'Simultaneous Multi-Threading (SMT) einschalten',
 'enable wildcards' => 'Wildcards erlauben:',
 'enabled' => 'Aktiviert:',
@@ -1903,6 +1904,7 @@
 'other login script' => 'Anderes Anmeldeskript',
 'otherip' => 'Andere IP',
 'otherport' => 'Anderer Port',
+'otp qrcode' => 'OTP QRCode',
 'our donors' => 'Unsere Unterstützer',
 'out' => 'Aus',
 'outgoing' => 'ausgehend',
@@ -2201,6 +2203,7 @@
 'secondary ntp server' => 'Sekundärer NTP-Server',
 'secondary wins server address' => 'Sekundärer WINS-Server',
 'seconds' => 'Sek.',
+'secret' => 'Geheimnis',
 'section' => 'Abschnitt',
 'secure shell server' => 'Secure Shell Server',
 'security' => 'Sicherheit',
@@ -2244,6 +2247,7 @@
 'show last x lines' => 'die letzten x Zeilen anzeigen',
 'show root certificate' => 'Root-Zertifikat anzeigen',
 'show share options' => 'Anzeige der Freigabeeinstellungen',
+'show otp qrcode' => 'Zeige OTP QRCode',
 'shuffle' => 'Zufall',
 'shutdown' => 'Herunterfahren',
 'shutdown ask' => 'Herunterfahren?',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index f90e3103b..9cc2fde05 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1018,6 +1018,7 @@
 'empty' => 'This field may be left blank',
 'empty profile' => 'empty',
 'enable' => 'Enable',
+'enable otp' => 'Enable OTP',
 'enable ignore filter' => 'Enable ignore filter',
 'enable javascript' => 'Enable javascript',
 'enable smt' => 'Enable Simultaneous Multi-Threading (SMT)',
@@ -1955,6 +1956,7 @@
 'other login script' => 'Other login script',
 'otherip' => 'other IP',
 'otherport' => 'other Port',
+'otp qrcode' => 'OTP QRCode',
 'our donors' => 'Our donors',
 'out' => 'Out',
 'outgoing' => 'outgoing',
@@ -2253,6 +2255,7 @@
 'secondary ntp server' => 'Secondary NTP server',
 'secondary wins server address' => 'Secondary WINS server address',
 'seconds' => 'Secs',
+'secret' => 'Secret',
 'section' => 'Section',
 'secure shell server' => 'Secure Shell Server',
 'security' => 'Security',
@@ -2297,6 +2300,7 @@
 'show host certificate' => 'Show host certificate',
 'show last x lines' => 'Show last x lines',
 'show lines' => 'Show lines',
+'show otp qrcode' => 'Show OTP QRCode',
 'show root certificate' => 'Show root certificate',
 'show share options' => 'Show shares options',
 'show tls-auth key' => 'Show tls-auth key',
diff --git a/lfs/oath-toolkit b/lfs/oath-toolkit
new file mode 100644
index 000000000..e3225f45b
--- /dev/null
+++ b/lfs/oath-toolkit
@@ -0,0 +1,77 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 2.6.7
+
+THISAPP    = oath-toolkit-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 23f377c51eb633bf01d6085d33c7362cd91b6bed1cf4c2bbf32dc9433849e20c53f6896b16e5056b13f420f6a65a3c593fa1dafd7e184ed9e52666d94a7f75d1
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./configure --prefix=/usr
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/openvpn b/lfs/openvpn
index 27a052ae1..8d6ba07ed 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -101,5 +101,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	chown root:root /etc/fcron.daily/openvpn-crl-updater
 	chmod 750 /etc/fcron.daily/openvpn-crl-updater
 
+	# Install authenticator
+	install -v -m 755 $(DIR_SRC)/config/ovpn/openvpn-authenticator \
+		/usr/sbin/openvpn-authenticator
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
diff --git a/lfs/perl-File-Remove b/lfs/perl-File-Remove
new file mode 100644
index 000000000..88a567349
--- /dev/null
+++ b/lfs/perl-File-Remove
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.60
+
+THISAPP    = File-Remove-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = ffb98155d757bae6ec0d4f56dabdb78749fc968845e284797d0f0611fe9068722a007c7e0e890179720745d1451c926575949f36642dceef7071468a2863c7c6
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-Imager b/lfs/perl-Imager
new file mode 100644
index 000000000..e7301b92b
--- /dev/null
+++ b/lfs/perl-Imager
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.012
+
+THISAPP    = Imager-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 32dad83e9cfd66a162380b502ab49b343dae8c87eca8e6c0537d260956bf466e200511a7b4f89eed9b0bc1f20447584c7c4aabffaad77f0824ee9d5126848c39
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-Imager-QRCode b/lfs/perl-Imager-QRCode
new file mode 100644
index 000000000..303671540
--- /dev/null
+++ b/lfs/perl-Imager-QRCode
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.035
+
+THISAPP    = Imager-QRCode-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 740119e2d7fab7286f8eeb0c1d9690f94146d51b09b721eaa65a8f9849784c6f113f64344d0fb2550cd5981665369b3881fe8f034b00f925987bb69ccd537b59
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-MIME-Base32 b/lfs/perl-MIME-Base32
new file mode 100644
index 000000000..4cb7c9616
--- /dev/null
+++ b/lfs/perl-MIME-Base32
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.303
+
+THISAPP    = MIME-Base32-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = d9dad50d7474a42741f7a61fad4a7b30c4acb72eb80684e24c45d0478480cfe936d6b87ab37b735ff2065afeb0b5457cc50130187264fcb6addefa8e8cb8d934
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-Module-Build b/lfs/perl-Module-Build
new file mode 100644
index 000000000..977f7f653
--- /dev/null
+++ b/lfs/perl-Module-Build
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.4231
+
+THISAPP    = Module-Build-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = f35be09072a2facc505b199dd69cdb2605ab32c34376ef393170dca9d67871bc00cbe25b1fa6dcb925e92724a778ad5ddc3157afb33d18a10648ef1133c83991
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-Module-Install b/lfs/perl-Module-Install
new file mode 100644
index 000000000..3389aa63d
--- /dev/null
+++ b/lfs/perl-Module-Install
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.19
+
+THISAPP    = Module-Install-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = a6f4b93ba964ff6f4b16a8db7117bee8c125cd8a280c649b007622ece8c14b79e36f6747a1b792fb312d2c6c8153aee05e7479ca53a76a253a415374839e6b90
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-Module-ScanDeps b/lfs/perl-Module-ScanDeps
new file mode 100644
index 000000000..19c36c689
--- /dev/null
+++ b/lfs/perl-Module-ScanDeps
@@ -0,0 +1,79 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.31
+
+THISAPP    = Module-ScanDeps-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 61d7438359d035d847fefdfa1427b4e444935c8207d41b7e4994a3704fb4c6fb48d7fac169214abed3d71212fd372f478b01cb91d8876c0fdb68962c791101ba
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-URI-Encode b/lfs/perl-URI-Encode
new file mode 100644
index 000000000..6a1478738
--- /dev/null
+++ b/lfs/perl-URI-Encode
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.1.1
+
+THISAPP    = URI-Encode-v$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 2eb668d645be7ab726689dee7d3e1c9aa333623653b34d538666eb3b70cf28b3f2e0a27b4380db6148a85b3cdd738193262ab58c0b828d8119531c7011264449
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/perl-YAML-Tiny b/lfs/perl-YAML-Tiny
new file mode 100644
index 000000000..052bcb8ce
--- /dev/null
+++ b/lfs/perl-YAML-Tiny
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.73
+
+THISAPP    = YAML-Tiny-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 42e9c5cffa2b9babb0dd1453af69866405fd7273c2b340ceb010d78d8fe28db61268b6bb5ad1840b1aa72819ae048150bf5c416bed1b2e518b28f77b2ba978be
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && yes 'n' | perl Makefile.PL
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/lfs/qrencode b/lfs/qrencode
new file mode 100644
index 000000000..aaf004b4d
--- /dev/null
+++ b/lfs/qrencode
@@ -0,0 +1,80 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2022  IPFire Team  <info@ipfire.org>                          #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 4.1.1
+
+THISAPP    = qrencode-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 03416ffdb8bf992ef2323a0bc92b52f3a6605e7eb182e3839178fea3c3669242780171b10e77674f0945224e57bcd1a841282a0d5f396d3955f23e3990d761c7
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+dist:.
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && ./configure --prefix=/usr
+	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+	cd $(DIR_APP) && make install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 2a4f6d0bd..fde39bb29 100755
--- a/make.sh
+++ b/make.sh
@@ -1693,6 +1693,17 @@ buildipfire() {
   lfsmake2 squid-asnbl
   lfsmake2 qemu-ga
   lfsmake2 gptfdisk
+  lfsmake2 oath-toolkit
+  lfsmake2 qrencode
+  lfsmake2 perl-File-Remove
+  lfsmake2 perl-Module-Build
+  lfsmake2 perl-Module-ScanDeps
+  lfsmake2 perl-YAML-Tiny
+  lfsmake2 perl-Module-Install
+  lfsmake2 perl-Imager
+  lfsmake2 perl-Imager-QRCode
+  lfsmake2 perl-MIME-Base32
+  lfsmake2 perl-URI-Encode
 }
 
 buildinstaller() {
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index db23e9f00..b9e4fd2a6 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -457,6 +457,15 @@ void setFirewallRules(void) {
 	}
 }
 
+static void stopAuthenticator() {
+	const char* argv[] = {
+		"/usr/sbin/openvpn-authenticator",
+		NULL,
+	};
+
+	run("/sbin/killall", argv);
+}
+
 void stopDaemon(void) {
 	char command[STRING_SIZE];
 
@@ -470,6 +479,15 @@ void stopDaemon(void) {
 
 	snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
 	executeCommand(command);
+
+	// Stop OpenVPN authenticator
+	stopAuthenticator();
+}
+
+static int startAuthenticator(void) {
+	const char* argv[] = { "-d", NULL };
+
+	return run("/usr/sbin/openvpn-authenticator", argv);
 }
 
 void startDaemon(void) {
@@ -487,6 +505,9 @@ void startDaemon(void) {
 		executeCommand(command);
 		snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log");
 		executeCommand(command);
+
+		// Start OpenVPN Authenticator
+		startAuthenticator();
 	}
 }