diff --git a/VM_CONFIG.sh b/VM_CONFIG.sh
index f84e2d8..86be8e7 100755
--- a/VM_CONFIG.sh
+++ b/VM_CONFIG.sh
@@ -22,3 +22,15 @@ cp ca/serial "${CA_DIR}/serial"
 
 mkdir -p /etc/openvpn/server
 mkdir -p /etc/openvpn/client
+
+# NOTE(vasco): tive problemas com a sincronização de tempo
+# se nao tiver sincronizado, o TOTP nao funciona
+systemctl stop chronyd
+ntpdate pool.ntp.org
+systemctl start chronyd
+
+# NOTE(vasco): o openvpn não consegui aceder ao home e ler os secrets
+# do google authenticator, por isso fiz isto:
+mkdir -p /etc/systemd/system/openvpn-server@.service.d
+echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/openvpn-server@.service.d/override.conf
+systemctl daemon-reload
diff --git a/VM_VPN_GATEWAY.sh b/VM_VPN_GATEWAY.sh
index 461db38..0f3aa88 100644
--- a/VM_VPN_GATEWAY.sh
+++ b/VM_VPN_GATEWAY.sh
@@ -8,17 +8,6 @@
 source VM_CONFIG.sh
 yum install -y google-authenticator qrencode ntpsec
 
-# NOTE(vasco): tive problemas com a sincronização de tempo
-# se nao tiver sincronizado, o TOTP nao funciona
-systemctl stop chronyd
-ntpdate pool.ntp.org
-systemctl start chronyd
-
-# NOTE(vasco): o openvpn não consegui aceder ao home e ler os secrets
-# do google authenticator, por isso fiz isto:
-mkdir -p /etc/systemd/system/openvpn-server@.service.d
-echo -e "[Service]\nProtectHome=false" > /etc/systemd/system/openvpn-server@.service.d/override.conf
-systemctl daemon-reload
 
 # --- forwarding --- #
 if_fora="enp0s8"
diff --git a/user2.p12 b/user2.p12
new file mode 100644
index 0000000..2e76dfe
Binary files /dev/null and b/user2.p12 differ