diff --git a/otp/openvpn b/otp/openvpn
index 754fd99..aa8cd0a 100644
--- a/otp/openvpn
+++ b/otp/openvpn
@@ -1,2 +1,4 @@
 # Uses google authenticator library as PAM module using a single folder for all users tokens
-auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator
\ No newline at end of file
+# User root is required to stick with an hardcoded user when trying to determine user id and allow unexisting system users
+# See https://github.com/google/google-authenticator/tree/master/libpam#secretpathtosecretfile--usersome-user
+auth required pam_google_authenticator.so secret=/etc/openvpn/otp/${USER}.google_authenticator user=root
\ No newline at end of file