diff --git a/doc/openfortivpn.1.in b/doc/openfortivpn.1.in
index 87774be104841a463272f930bb215a7fb37dbfb6..16e1dcef8280e239b206d521b3ef624b2890da70 100644
--- a/doc/openfortivpn.1.in
+++ b/doc/openfortivpn.1.in
@@ -21,6 +21,7 @@ openfortivpn \- Client for PPP+SSL VPN tunnel services
 [\fB\-\-pppd-no-peerdns\fR]
 [\fB\-\-pppd-log=\fI<file>\fR]
 [\fB\-\-pppd-plugin=\fI<file>\fR]
+[\fB\-\-pppd-ipparam=\fI<string>\fR]
 [\fB\-c\fR \fI<file>\fR]
 [\fB\-v|\-q\fR]
 .br
@@ -108,6 +109,11 @@ Set pppd in debug mode and save its logs into \fI<file>\fR.
 Use specified pppd plugin instead of configuring the resolver and routes
 directly.
 .TP
+\fB\-\-pppd-ipparam=\fI<string>\fR
+Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts. see man
+.BR pppd(8)
+for further details
+.TP
 \fB\-v\fR
 Increase verbosity. Can be used multiple times to be even more verbose.
 .TP
@@ -156,6 +162,8 @@ pppd-use-peerdns = 1
 .br
 # pppd-log = /var/log/pppd.log
 .br
+# pass an ipparam string to pppd
+# pppd-ipparam = somestringtopasstopppd
 insecure-ssl = 0
 .br
 cipher-list = HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
diff --git a/src/config.c b/src/config.c
index 430910e7e4cc289bf58f2c030bba4f4df9fb1c67..cd7d6ddfb7114179b0d2bd8b1f57ae95a3edf690 100644
--- a/src/config.c
+++ b/src/config.c
@@ -199,6 +199,8 @@ int load_config(struct vpn_config *cfg, const char *filename)
 			cfg->pppd_log = strdup(val);
 		} else if (strcmp(key, "pppd-plugin") == 0) {
 			cfg->pppd_plugin = strdup(val);
+		} else if (strcmp(key, "pppd-ipparam") == 0) {
+			cfg->pppd_ipparam = strdup(val);
 		} else if (strcmp(key, "use-syslog") == 0) {
 			int use_syslog = strtob(val);
 			if (use_syslog < 0) {
diff --git a/src/config.h b/src/config.h
index f503615e4238b09cb4b29e0ab10bfe127d220352..1ab3b818286ccbeeba3127950d7867b561ff8141 100644
--- a/src/config.h
+++ b/src/config.h
@@ -69,6 +69,7 @@ struct vpn_config {
 
 	char	*pppd_log;
 	char	*pppd_plugin;
+	char	*pppd_ipparam;
 
 	char	                *ca_file;
 	char	                *user_cert;
@@ -89,6 +90,7 @@ struct vpn_config {
 		(cfg)->otp[0] = '\0'; \
 		(cfg)->pppd_log = NULL; \
 		(cfg)->pppd_plugin = NULL; \
+		(cfg)->pppd_ipparam = NULL; \
 		(cfg)->ca_file = NULL; \
 		(cfg)->user_cert = NULL; \
 		(cfg)->user_key = NULL; \
@@ -104,6 +106,7 @@ struct vpn_config {
 		(cfg)->cert_whitelist = tmp; \
 	} \
 	free((cfg)->pppd_log); \
+	free((cfg)->pppd_ipparam); \
 	free((cfg)->pppd_plugin); \
 	free((cfg)->ca_file); \
 	free((cfg)->user_cert); \
diff --git a/src/main.c b/src/main.c
index 2a0d83907a0c4e90c14376a49d56b89bb231e25d..c4eb6c950162882f6eb73b1da031a07f2fe0dedc 100644
--- a/src/main.c
+++ b/src/main.c
@@ -25,8 +25,8 @@
 #define USAGE \
 "Usage: openfortivpn [<host>:<port>] [-u <user>] [-p <pass>]\n" \
 "                    [--realm=<realm>] [--otp=<otp>] [--no-routes]\n" \
-"                    [--no-dns] [--pppd-no-peerdns]\n" \
-"                    [--pppd-log=<file>] [--pppd-plugin=<file>]\n" \
+"                    [--no-dns] [--pppd-no-peerdns] [--pppd-log=<file>]\n" \
+"                    [--pppd-ipparam=<string>] [--pppd-plugin=<file>]\n" \
 "                    [--ca-file=<file>] [--user-cert=<file>]\n" \
 "                    [--user-key=<file>] [--trusted-cert=<digest>]\n" \
 "                    [--use-syslog] [-c <file>] [-v|-q]\n" \
@@ -79,6 +79,8 @@
 "                                <file>.\n" \
 "  --pppd-plugin=<file>          Use specified pppd plugin instead of configuring\n" \
 "                                resolver and routes directly.\n" \
+"  --pppd-ipparam=<string>       Provides  an extra parameter to the ip-up, ip-pre-up\n" \
+"                                and ip-down scripts. see man (8) pppd\n" \
 "  -v                            Increase verbosity. Can be used multiple times\n" \
 "                                to be even more verbose.\n" \
 "  -q                            Decrease verbosity. Can be used multiple times\n" \
@@ -141,6 +143,7 @@ int main(int argc, char **argv)
 		{"cipher-list",     required_argument, 0, 0},
 		{"pppd-log",        required_argument, 0, 0},
 		{"pppd-plugin",     required_argument, 0, 0},
+		{"pppd-ipparam",    required_argument, 0, 0},
 		{"plugin",          required_argument, 0, 0}, // deprecated
 		{0, 0, 0, 0}
 	};
@@ -177,6 +180,11 @@ int main(int argc, char **argv)
 				cfg.pppd_plugin = optarg;
 				break;
 			}
+			if (strcmp(long_options[option_index].name,
+			           "pppd-ipparam") == 0) {
+				cfg.pppd_ipparam = optarg;
+				break;
+			}
 			// --plugin is deprecated, --pppd-plugin should be used
 			if (cfg.pppd_plugin == NULL &&
 			    strcmp(long_options[option_index].name,
diff --git a/src/tunnel.c b/src/tunnel.c
index e0c9dd2d4453b4206340aa1e7ed4856ac68de75f..28819acaf05e6aec9922e605e3d81991ce5663de 100644
--- a/src/tunnel.c
+++ b/src/tunnel.c
@@ -113,7 +113,8 @@ static int pppd_run(struct tunnel *tunnel)
 			"nodefaultroute", ":1.1.1.1", "nodetach",
 			"lcp-max-configure", "40", "mru", "1354",
 			NULL, NULL, NULL, NULL,
-			NULL, NULL, NULL
+			NULL, NULL, NULL, NULL,
+			NULL
 		};
 		// Dynamically get first NULL pointer so that changes of
 		// args above don't need code changes here
@@ -134,6 +135,10 @@ static int pppd_run(struct tunnel *tunnel)
 			args[i++] = "plugin";
 			args[i++] = tunnel->config->pppd_plugin;
 		}
+		if (tunnel->config->pppd_ipparam) {
+			args[i++] = "ipparam";
+			args[i++] = tunnel->config->pppd_ipparam;
+		}
 		// Assert that we didn't use up all NULL pointers above
 		assert (i < sizeof (args) / sizeof (*args));