diff --git a/openvpn/files/server.jinja b/openvpn/files/server.jinja
index 9e1c9db..712f8cb 100644
--- a/openvpn/files/server.jinja
+++ b/openvpn/files/server.jinja
@@ -112,6 +112,13 @@ management {{ config.management }}
 auth-user-pass-verify {{ config.auth_user_pass_verify }}
 {%- endif %}
 
+{#- `false is number` and `true is number` both also return true... #}
+{%- if config.auth_gen_token is defined
+        and (config.auth_gen_token|int is sameas (config.auth_gen_token)
+             or config.auth_gen_token is sameas true) %}
+auth-gen-token{% if config.auth_gen_token is not sameas true %} {{ config.auth_gen_token|int }}{% endif %}
+{%- endif %}
+
 {%- if config.setenv is defined %}
 {%- for setenv in config.setenv %}
 setenv {{ setenv }}
diff --git a/pillar.example b/pillar.example
index 273e429..1faa2c1 100644
--- a/pillar.example
+++ b/pillar.example
@@ -156,6 +156,9 @@ openvpn:
       verb: 3
       mute: 20
       management: 'tunnel 7505'
+      auth_gen_token: true
+      # or, a lifetime in seconds:
+      # auth_gen_token: 604800
     myserver3:
       daemon:
       port: 443