diff --git a/src/config.c b/src/config.c
index 94f0d6aa..9c26ada1 100644
--- a/src/config.c
+++ b/src/config.c
@@ -61,6 +61,7 @@ const struct vpn_config invalid_cfg = {
 	.use_syslog = -1,
 	.half_internet_routes = -1,
 	.persistent = -1,
+	.retries = -1,
 #if HAVE_USR_SBIN_PPPD
 	.pppd_log = NULL,
 	.pppd_plugin = NULL,
@@ -315,6 +316,15 @@ int load_config(struct vpn_config *cfg, const char *filename)
 				continue;
 			}
 			cfg->half_internet_routes = half_internet_routes;
+		} else if (strcmp(key, "retries") == 0) {
+			unsigned long retries = strtoul(val, NULL, 0);
+
+			if (retries > UINT_MAX) {
+				log_warn("Bad value for retries in configuration file: \"%s\".\n",
+				         val);
+				continue;
+			}
+			cfg->retries = retries;
 		} else if (strcmp(key, "persistent") == 0) {
 			unsigned long persistent = strtoul(val, NULL, 0);
 
@@ -540,6 +550,8 @@ void merge_config(struct vpn_config *dst, struct vpn_config *src)
 		dst->use_syslog = src->use_syslog;
 	if (src->half_internet_routes != invalid_cfg.half_internet_routes)
 		dst->half_internet_routes = src->half_internet_routes;
+	if (src->retries != invalid_cfg.retries)
+		dst->retries = src->retries;
 	if (src->persistent != invalid_cfg.persistent)
 		dst->persistent = src->persistent;
 #if HAVE_USR_SBIN_PPPD
diff --git a/src/config.h b/src/config.h
index 6e47ce5e..46027235 100644
--- a/src/config.h
+++ b/src/config.h
@@ -108,6 +108,7 @@ struct vpn_config {
 	int	half_internet_routes;
 
 	unsigned int	persistent;
+	unsigned int	retries;
 
 #if HAVE_USR_SBIN_PPPD
 	char	*pppd_log;
diff --git a/src/main.c b/src/main.c
index 7e7efa1d..d5617489 100644
--- a/src/main.c
+++ b/src/main.c
@@ -85,6 +85,7 @@ PPPD_USAGE \
 "                    [--user-cert=<file>] [--user-key=<file>]\n" \
 "                    [--use-syslog] [--trusted-cert=<digest>]\n" \
 "                    [--persistent=<interval>] [-c <file>] [-v|-q]\n" \
+"                    [--persistent=<interval>] [--retries=<count>] [-c <file>] [-v|-q]\n" \
 "       openfortivpn --help\n" \
 "       openfortivpn --version\n" \
 "\n"
@@ -164,6 +165,7 @@ PPPD_USAGE \
 "                                dh key." help_seclevel_1 "\n" \
 "  --persistent=<interval>       Run the vpn persistently in a loop and try to re-\n" \
 "                                connect every <interval> seconds when dropping out.\n" \
+"  --retries=<count>             Limit persistent retries to <count> cycles.\n" \
 "  -v                            Increase verbosity. Can be used multiple times\n" \
 "                                to be even more verbose.\n" \
 "  -q                            Decrease verbosity. Can be used multiple times\n" \
@@ -212,6 +214,7 @@ int main(int argc, char **argv)
 		.use_syslog = 0,
 		.half_internet_routes = 0,
 		.persistent = 0,
+		.retries = 0,
 #if HAVE_RESOLVCONF
 		.use_resolvconf = USE_RESOLVCONF,
 #endif
@@ -267,6 +270,7 @@ int main(int argc, char **argv)
 		{"no-dns",               no_argument, &cli_cfg.set_dns, 0},
 		{"use-syslog",           no_argument, &cli_cfg.use_syslog, 1},
 		{"persistent",           required_argument, NULL, 0},
+		{"retries",              required_argument, NULL, 0},
 		{"ca-file",              required_argument, NULL, 0},
 		{"user-cert",            required_argument, NULL, 0},
 		{"user-key",             required_argument, NULL, 0},
@@ -504,6 +508,18 @@ int main(int argc, char **argv)
 				cli_cfg.persistent = persistent;
 				break;
 			}
+			if (strcmp(long_options[option_index].name,
+			           "retries") == 0) {
+				long retries = strtol(optarg, NULL, 0);
+
+				if (retries < 0 || retries > UINT_MAX) {
+					log_warn("Bad retries option: \"%s\"\n",
+					         optarg);
+					break;
+				}
+				cli_cfg.retries = retries;
+				break;
+			}
 			if (strcmp(long_options[option_index].name,
 			           "set-dns") == 0) {
 				int set_dns = strtob(optarg);
@@ -671,6 +687,8 @@ int main(int argc, char **argv)
 			ret = EXIT_FAILURE;
 		else
 			ret = EXIT_SUCCESS;
+		if (cfg.retries-- == 0)
+			cfg.persistent = 0;
 		if ((cfg.persistent > 0) && (get_sig_received() == 0))
 			sleep(cfg.persistent);
 	} while ((get_sig_received() == 0) && (cfg.persistent != 0));