diff --git a/doc/sample.config b/doc/sample.config
index 896ef0be..40f88ee8 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -481,6 +481,7 @@ no-route = 192.168.5.0/255.255.255.0
 # The options allowed in the configuration files are dns, nbns,
 #  ipv?-network, ipv4-netmask, rx/tx-per-sec, iroute, route, no-route,
 #  explicit-ipv4, explicit-ipv6, net-priority, deny-roaming, no-udp, 
+#  keepalive, dpd, mobile-dpd, max-same-clients,
 #  user-profile, cgroup, stats-report-time, and session-timeout.
 #
 # Note that the 'iroute' option allows to add routes on the server
diff --git a/src/ipc.proto b/src/ipc.proto
index 8cd27147..e577255e 100644
--- a/src/ipc.proto
+++ b/src/ipc.proto
@@ -13,9 +13,9 @@
    | <----------AUTH_COOKIE_REQ----------------- |
    |                      |                      |
    | ---SESSION_OPEN----> |                      |
-   | <--SESSION_REPLY---- |                      |
+   | <--SESSION_REPLY---- |                      |   #contains additional config for client
    |                      |                      |
-   | -----------------AUTH_REP-----------------> |
+   | -----------------AUTH_REP-----------------> |   #forwards the additional config for client
    |                      |                      |
    | <------------SESSION_INFO------------------ |
    |                      |                      |
@@ -83,6 +83,9 @@ message auth_reply_msg
 	optional uint32 interim_update_secs = 31;
 	optional uint32 session_timeout_secs = 32;
 	optional uint32 ipv6_subnet_prefix = 33;
+	optional uint32 dpd = 34;
+	optional uint32 mobile_dpd = 35;
+	optional uint32 keepalive = 36;
 }
 
 /* RESUME_FETCH_REQ + RESUME_DELETE_REQ */
@@ -289,6 +292,10 @@ message sec_auth_session_reply_msg
 	optional string explicit_ipv6 = 27;
 	repeated string no_routes = 28;
 	optional uint32 ipv6_subnet_prefix = 29;
+	optional uint32 dpd = 30;
+	optional uint32 mobile_dpd = 31;
+	optional uint32 keepalive = 32;
+	optional uint32 max_same_clients = 33;
 }
 
 /* SEC_BAN_IP: sent from sec-mod to main */
diff --git a/src/main-auth.c b/src/main-auth.c
index 43f512f9..8305e330 100644
--- a/src/main-auth.c
+++ b/src/main-auth.c
@@ -108,6 +108,21 @@ int send_cookie_auth_reply(main_server_st* s, struct proc_st* proc,
 			msg.session_timeout_secs = proc->config.session_timeout_secs;
 		}
 
+		if (proc->config.dpd != 0) {
+			msg.has_dpd = 1;
+			msg.dpd = proc->config.dpd;
+		}
+
+		if (proc->config.keepalive != 0) {
+			msg.has_keepalive = 1;
+			msg.keepalive = proc->config.keepalive;
+		}
+
+		if (proc->config.mobile_dpd != 0) {
+			msg.has_mobile_dpd = 1;
+			msg.mobile_dpd = proc->config.mobile_dpd;
+		}
+
 		if (proc->config.rx_per_sec != 0) {
 			msg.has_rx_per_sec = 1;
 			msg.rx_per_sec = proc->config.rx_per_sec;
@@ -311,8 +326,9 @@ int check_multiple_users(main_server_st *s, struct proc_st* proc)
 {
 struct proc_st *ctmp = NULL, *cpos;
 unsigned int entries = 1; /* that one */
+unsigned max;
 
-	if (s->config->max_same_clients == 0)
+	if (s->config->max_same_clients == 0 && proc->config.max_same_clients == 0)
 		return 0;
 
 	list_for_each_safe(&s->proc_list.head, ctmp, cpos, list) {
@@ -323,7 +339,12 @@ unsigned int entries = 1; /* that one */
 		}
 	}
 
-	if (s->config->max_same_clients && entries > s->config->max_same_clients)
+	if (proc->config.max_same_clients > 0)
+		max = proc->config.max_same_clients;
+	else
+		max = s->config->max_same_clients;
+
+	if (max && entries > max)
 		return -1;
 
 	return 0;
diff --git a/src/main-sec-mod-cmd.c b/src/main-sec-mod-cmd.c
index bbd3b142..709c0b38 100644
--- a/src/main-sec-mod-cmd.c
+++ b/src/main-sec-mod-cmd.c
@@ -241,6 +241,18 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
 	if (msg->has_no_udp)
 		proc->config.no_udp = msg->no_udp;
 
+	if (msg->has_max_same_clients)
+		proc->config.max_same_clients = msg->max_same_clients;
+
+	if (msg->has_dpd)
+		proc->config.dpd = msg->dpd;
+
+	if (msg->has_keepalive)
+		proc->config.keepalive = msg->keepalive;
+
+	if (msg->has_mobile_dpd)
+		proc->config.mobile_dpd = msg->mobile_dpd;
+
 	if (msg->has_deny_roaming)
 		proc->config.deny_roaming = msg->deny_roaming;
 
diff --git a/src/ocserv-args.def b/src/ocserv-args.def
index 01a591fa..766f28c3 100644
--- a/src/ocserv-args.def
+++ b/src/ocserv-args.def
@@ -565,6 +565,7 @@ no-route = 192.168.5.0/255.255.255.0
 # The options allowed in the configuration files are dns, nbns,
 #  ipv?-network, ipv4-netmask, rx/tx-per-sec, iroute, route, no-route,
 #  explicit-ipv4, explicit-ipv6, net-priority, deny-roaming, no-udp, 
+#  keepalive, dpd, mobile-dpd, max-same-clients,
 #  user-profile, cgroup, stats-report-time, and session-timeout.
 #
 # Note that the 'iroute' option allows to add routes on the server
diff --git a/src/sup-config/file.c b/src/sup-config/file.c
index fe596659..e84e114e 100644
--- a/src/sup-config/file.c
+++ b/src/sup-config/file.c
@@ -65,9 +65,13 @@ static struct cfg_options available_options[] = {
 	{ .name = "rx-data-per-sec", .type = OPTION_NUMERIC },
 	{ .name = "tx-data-per-sec", .type = OPTION_NUMERIC },
 	{ .name = "net-priority", .type = OPTION_STRING },
+	{ .name = "dpd", .type = OPTION_NUMERIC },
+	{ .name = "mobile-dpd", .type = OPTION_NUMERIC },
+	{ .name = "keepalive", .type = OPTION_NUMERIC },
 	{ .name = "cgroup", .type = OPTION_STRING },
 	{ .name = "user-profile", .type = OPTION_STRING },
 	{ .name = "session-timeout", .type = OPTION_NUMERIC},
+	{ .name = "max-same-clients", .type = OPTION_NUMERIC},
 	{ .name = "stats-report-time", .type = OPTION_NUMERIC}
 };
 
@@ -246,6 +250,11 @@ unsigned j;
 
 	READ_RAW_NUMERIC("stats-report-time", msg->interim_update_secs, msg->has_interim_update_secs);
 	READ_RAW_NUMERIC("session-timeout", msg->session_timeout_secs, msg->has_session_timeout_secs);
+
+	READ_RAW_NUMERIC("dpd", msg->dpd, msg->has_dpd);
+	READ_RAW_NUMERIC("mobile-dpd", msg->mobile_dpd, msg->has_mobile_dpd);
+	READ_RAW_NUMERIC("keepalive", msg->keepalive, msg->has_keepalive);
+	READ_RAW_NUMERIC("max-same-clients", msg->max_same_clients, msg->has_max_same_clients);
 	
 	/* net-priority will contain the actual priority + 1,
 	 * to allow having zero as uninitialized. */
diff --git a/src/vpn.h b/src/vpn.h
index 3c73c507..732c8836 100644
--- a/src/vpn.h
+++ b/src/vpn.h
@@ -215,6 +215,11 @@ struct group_cfg_st {
 	size_t rx_per_sec;
 	size_t tx_per_sec;
 
+	unsigned max_same_clients;
+	unsigned dpd;
+	unsigned keepalive;
+	unsigned mobile_dpd;
+
 	/* the number of secs to send interim updates. If set, it overrides
 	 * stats-report-time. */
 	unsigned interim_update_secs;
diff --git a/src/worker-auth.c b/src/worker-auth.c
index 1bcf7cc9..827acf90 100644
--- a/src/worker-auth.c
+++ b/src/worker-auth.c
@@ -629,6 +629,15 @@ static int recv_cookie_auth_reply(worker_st * ws)
 				ws->config->network.ipv6_subnet_prefix = msg->ipv6_subnet_prefix;
 			}
 
+			if (msg->has_dpd)
+				ws->config->dpd = msg->dpd;
+
+			if (msg->has_keepalive)
+				ws->config->keepalive = msg->keepalive;
+
+			if (msg->has_mobile_dpd)
+				ws->config->mobile_dpd = msg->mobile_dpd;
+
 			if (msg->has_rx_per_sec)
 				ws->config->rx_per_sec = msg->rx_per_sec;