diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 7d60e3c94..47b42f991 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -13,3 +13,4 @@ var/ipfire/ovpn/openssl/ovpn.cnf
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/settings
 var/ipfire/ovpn/verify
+var/ipfire/ovpn/ovpn-leases.db
diff --git a/config/rootfiles/core/31/update.sh b/config/rootfiles/core/31/update.sh
index ebb5083a9..fcbee29ba 100644
--- a/config/rootfiles/core/31/update.sh
+++ b/config/rootfiles/core/31/update.sh
@@ -119,10 +119,20 @@ grub-install --no-floppy ${ROOT::`expr length $ROOT`-1} --recheck
 #
 # Add "script-security 3 system" to openvpn config
 #
-if [ ! -s "/var/ipfire/ovpn/server.conf" ]; then
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
 	grep -q "script-security" /var/ipfire/ovpn/server.conf \
 	|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
 fi
+
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
+	grep -q "ipp-persist" /var/ipfire/ovpn/server.conf \
+	|| echo "ipp-persist /var/ipfire/ovpn/ovpn-leases.db" >> /var/ipfire/ovpn/server.conf
+fi
+
+if [ ! -x "/var/ipfire/ovpn/ovpn-leases.db" ]; then
+	touch /var/ipfire/ovpn/ovpn-leases.db
+fi
+        
 #
 # Delete old lm-sensor modullist...
 #
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 8a8390a8f..b982ee99a 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -320,6 +320,7 @@ sub writeserverconf {
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
+    print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n";
     print CONF "tls-server\n";
     print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
     print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
diff --git a/lfs/openvpn b/lfs/openvpn
index e118f8b6c..2537a91c6 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -75,8 +75,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-	-mkdir -p /var/ipfire/ovpn/ca
-	-mkdir -p /var/ipfire/ovpn/crls
+	-mkdir -vp /var/ipfire/ovpn/ca
+	-mkdir -vp /var/ipfire/ovpn/crls
+	touch /var/ipfire/ovpn/ovpn-leases.db
+        chmod 700 /var/ipfire/ovpn/ovpn-leases.db
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
 	chmod 755 /var/ipfire/ovpn/verify