OpenVPN+ Windows Radius +PrivacyIDEA TOTP authentication configuration

Ask for help:

In my environment, and install the OpenVPN on a ubuntu14.04 system + FreeRADIUS is + PrivacyIDEA, and running the AD server, set up a radius on the AD service, client to OpenVPN server IP address, my intention is to let the client through the AD account password + PrivacyIDEA TOTP generated code for authentication, at present has been set up, but the tests pass, the doubt there are two: first:Do openvpn and PrivacyIDEA services need to be installed on two computers and should not be used together?Second: what configuration does freeradius use to pass validation information to PrivacyIDEA for the second validation, and where does this configuration take place?