diff --git a/README.md b/README.md
index 352a0f31277b1592088829287682f8a37a02be14..82a2278e5b74aa8e18f54388ce584d7280e28e8c 100644
--- a/README.md
+++ b/README.md
@@ -117,7 +117,7 @@ Cmnd_Alias  OPENFORTIVPN = /usr/bin/openfortivpn
 ```
 
 **Warning**: Make sure only trusted users can run openfortivpn as root! As
-described in #54, a malicious user could use `--ppp-plugin` and `--ppd-log`
+described in #54, a malicious user could use `--pppd-plugin` and `--pppd-log`
 options to divert the program's behaviour.
 
 Contributing
diff --git a/doc/openfortivpn.1.in b/doc/openfortivpn.1.in
index de60534631798944b1618acf3c6251c596088184..87774be104841a463272f930bb215a7fb37dbfb6 100644
--- a/doc/openfortivpn.1.in
+++ b/doc/openfortivpn.1.in
@@ -148,6 +148,14 @@ set-routes = 1
 .br
 pppd-use-peerdns = 1
 .br
+# aternatively, use a specific pppd plugin instead
+.br
+# pppd-plugin = /usr/lib/pppd/default/some-plugin.so
+.br
+# for debugging pppd write logs here
+.br
+# pppd-log = /var/log/pppd.log
+.br
 insecure-ssl = 0
 .br
 cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
diff --git a/src/config.c b/src/config.c
index 82ddf48c530eab320c99835e5daaae34bd01972b..430910e7e4cc289bf58f2c030bba4f4df9fb1c67 100644
--- a/src/config.c
+++ b/src/config.c
@@ -195,6 +195,10 @@ int load_config(struct vpn_config *cfg, const char *filename)
 				continue;
 			}
 			cfg->pppd_use_peerdns = pppd_use_peerdns;
+		} else if (strcmp(key, "pppd-log") == 0) {
+			cfg->pppd_log = strdup(val);
+		} else if (strcmp(key, "pppd-plugin") == 0) {
+			cfg->pppd_plugin = strdup(val);
 		} else if (strcmp(key, "use-syslog") == 0) {
 			int use_syslog = strtob(val);
 			if (use_syslog < 0) {
diff --git a/src/config.h b/src/config.h
index 6ce615f18faa09ccca0869ef76f3180c09808a20..f503615e4238b09cb4b29e0ab10bfe127d220352 100644
--- a/src/config.h
+++ b/src/config.h
@@ -103,6 +103,8 @@ struct vpn_config {
 		free((cfg)->cert_whitelist); \
 		(cfg)->cert_whitelist = tmp; \
 	} \
+	free((cfg)->pppd_log); \
+	free((cfg)->pppd_plugin); \
 	free((cfg)->ca_file); \
 	free((cfg)->user_cert); \
 	free((cfg)->user_key); \
diff --git a/src/main.c b/src/main.c
index 9505bb73f9a8a7a0a8761857db15d915f37fbc76..2a0d83907a0c4e90c14376a49d56b89bb231e25d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -24,7 +24,7 @@
 
 #define USAGE \
 "Usage: openfortivpn [<host>:<port>] [-u <user>] [-p <pass>]\n" \
-"                    [--realm=<realm>] [--no-routes]\n" \
+"                    [--realm=<realm>] [--otp=<otp>] [--no-routes]\n" \
 "                    [--no-dns] [--pppd-no-peerdns]\n" \
 "                    [--pppd-log=<file>] [--pppd-plugin=<file>]\n" \
 "                    [--ca-file=<file>] [--user-cert=<file>]\n" \
@@ -77,7 +77,7 @@
 "                                and do not make pppd rewrite /etc/resolv.conf\n" \
 "  --pppd-log=<file>             Set pppd in debug mode and save its logs into\n" \
 "                                <file>.\n" \
-"  --pppd-plugin=<file>          Use specified pppd plugin instead of configuring\n"\
+"  --pppd-plugin=<file>          Use specified pppd plugin instead of configuring\n" \
 "                                resolver and routes directly.\n" \
 "  -v                            Increase verbosity. Can be used multiple times\n" \
 "                                to be even more verbose.\n" \
@@ -149,7 +149,7 @@ int main(int argc, char **argv)
 		/* getopt_long stores the option index here. */
 		int c, option_index = 0;
 
-		c = getopt_long(argc, argv, "hvqc:u:p:",
+		c = getopt_long(argc, argv, "hvqc:u:p:o:",
 		                long_options, &option_index);
 
 		/* Detect the end of the options. */