diff --git a/RS/0FA.sh b/RS/0FA.sh
new file mode 100644
index 0000000..cc8cf2a
--- /dev/null
+++ b/RS/0FA.sh
@@ -0,0 +1,31 @@
+	#!/bin/bash
+ 
+#--- store google authenticator secret ---
+#╰» secret-tool store --label=GA_Name rshell secret
+#Password: 
+ 
+#--- read GA secret ---
+#╰» secret-tool lookup rshell secret
+ 
+#--- how to use ---
+# 1. put the following in ~/.bashrc
+# 2. open a new terminal
+# 3. $> vpn2
+ 
+function vpn2 {
+	D="$( date  +%S )"
+	P="0000"					# *CHANGE THIS* to match your pin (goes before OTP)
+	U="00000000-0000-0000-0000-000000000000" 	# *CHANGE THIS* to match your uuid (find with seahorse)
+	X=$( secret-tool lookup username secret )	# https://manpages.ubuntu.com/manpages/xenial/man1/secret-tool.1.html
+	Y=$( oathtool --totp -b "$X" )				# https://www.nongnu.org/oath-toolkit/man-oathtool.html
+ 
+	active_con=$(nmcli con show --active | grep "Name" | wc -l) # if "Name" not currently connected
+	if [ "${active_con}" = "0" ]; then
+		# update the password in system keyring
+		$( echo -n "$P$Y" | secret-tool store --label='VPN password secret for Name/org.freedesktop.NetworkManager.openvpn/vpn' setting-name vpn connection-uuid $U setting-key password )
+	   	nmcli con up id RootShell2
+	else
+		if [ "${active_con}"  = "1" ]; then
+        printf "connected: $D: $P$Y\n"
+	fi
+}