diff --git a/security/openconnect/pkg-descr b/security/openconnect/pkg-descr
index 192eda933..b71d60958 100644
--- a/security/openconnect/pkg-descr
+++ b/security/openconnect/pkg-descr
@@ -8,6 +8,8 @@ Plugin Changelog
 
 1.4.3
 
+
+* Add support for one-time password generation
 * Permit additional characters in group name
 
 1.4.2
diff --git a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
index 2631072a6..0e13339b8 100644
--- a/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
+++ b/security/openconnect/src/opnsense/mvc/app/controllers/OPNsense/Openconnect/forms/general.xml
@@ -47,6 +47,18 @@
         <type>dropdown</type>
         <help>Select the client certificate to use.</help>
     </field>
+    <field>
+        <id>general.tokenmode</id>
+        <label>Token Mode</label>
+        <type>dropdown</type>
+        <help>Use a one-time password generation mode.</help>
+    </field>
+    <field>
+        <id>general.tokensecret</id>
+        <label>Token Secret</label>
+        <type>text</type>
+        <help>Enter a secret to use with one-time password generation.</help>
+    </field>
     <field>
         <id>general.protocol</id>
         <label>Protocol</label>
diff --git a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
index 033edd54c..647d9accd 100644
--- a/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
+++ b/security/openconnect/src/opnsense/mvc/app/models/OPNsense/Openconnect/General.xml
@@ -47,6 +47,18 @@
             <Type>cert</Type>
             <Required>N</Required>
         </clientcertificate>
+        <tokenmode type="OptionField">
+            <Required>N</Required>
+            <OptionValues>
+                <rsa>RSA SecurID</rsa>
+                <totp>TOTP</totp>
+                <hotp>HOTP</hotp>
+                <oidc>OpenIDConnect</oidc>
+            </OptionValues>
+        </tokenmode>
+        <tokensecret type="TextField">
+            <Required>N</Required>
+        </tokensecret>
         <protocol type="OptionField">
             <default>anyconnect</default>
             <multiple>N</multiple>
diff --git a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
index 626091fad..e076e5e65 100644
--- a/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
+++ b/security/openconnect/src/opnsense/service/templates/OPNsense/Openconnect/openconnect.conf
@@ -19,6 +19,12 @@ authgroup={{ OPNsense.openconnect.general.group }}
 certificate=/usr/local/etc/openconnect_cert.pem
 sslkey=/usr/local/etc/openconnect_key.pem
 {%   endif %}
+{%   if helpers.exists('OPNsense.openconnect.general.tokenmode') and OPNsense.openconnect.general.tokenmode != '' %}
+{%     if helpers.exists('OPNsense.openconnect.general.tokensecret') and OPNsense.openconnect.general.tokensecret != '' %}
+token-mode={{ OPNsense.openconnect.general.tokenmode }}
+token-secret={{ OPNsense.openconnect.general.tokensecret }}
+{%     endif %}
+{%   endif %}
 {%   if helpers.exists('OPNsense.openconnect.general.protocol') and OPNsense.openconnect.general.protocol != '' %}
 protocol={{ OPNsense.openconnect.general.protocol }}
 {%   endif %}