diff --git a/cstp.c b/cstp.c
index 8cca637a..68c3d511 100644
--- a/cstp.c
+++ b/cstp.c
@@ -462,6 +462,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
 
 		if (!strcmp(buf + 7, "Keepalive")) {
 			vpninfo->ssl_times.keepalive = atol(colon);
+		} else if (!strcmp(buf + 7, "Idle-Timeout")) {
+			vpninfo->idle_timeout = atol(colon);
 		} else if (!strcmp(buf + 7, "DPD")) {
 			int j = atol(colon);
 			if (j && (!vpninfo->ssl_times.dpd || j < vpninfo->ssl_times.dpd))
diff --git a/gpst.c b/gpst.c
index a396aa69..9742fe16 100644
--- a/gpst.c
+++ b/gpst.c
@@ -481,6 +481,11 @@ static int gpst_parse_config_xml(struct openconnect_info *vpninfo, xmlNode *xml_
 		else if (!xmlnode_get_text(xml_node, "mtu", &s)) {
 			vpninfo->ip_info.mtu = atoi(s);
 			free(s);
+		} else if (!xmlnode_get_text(xml_node, "disconnect-on-idle", &s)) {
+			int sec = atoi(s);
+			vpn_progress(vpninfo, PRG_INFO, _("Idle timeout is %d minutes.\n"), sec/60);
+			vpninfo->idle_timeout = sec;
+			free(s);
 		} else if (!xmlnode_get_text(xml_node, "ssl-tunnel-url", &s)) {
 			free(vpninfo->urlpath);
 			vpninfo->urlpath = s;
diff --git a/java/src/com/example/LibTest.java b/java/src/com/example/LibTest.java
index 44f4312c..034e450e 100644
--- a/java/src/com/example/LibTest.java
+++ b/java/src/com/example/LibTest.java
@@ -275,6 +275,8 @@ else if (ret > 0)
 		if (lib.makeCSTPConnection() != 0)
 			die("Error establishing VPN link");
 
+		int idleTimeout = lib.getIdleTimeout();
+		System.out.println("Idle Timeout: " + idleTimeout + " seconds");
 		printIPInfo(lib.getIPInfo());
 
 		if (lib.setupDTLS(60) != 0)
diff --git a/java/src/org/infradead/libopenconnect/LibOpenConnect.java b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
index c580f991..1ba7b420 100644
--- a/java/src/org/infradead/libopenconnect/LibOpenConnect.java
+++ b/java/src/org/infradead/libopenconnect/LibOpenConnect.java
@@ -157,6 +157,7 @@ public synchronized native void setMobileInfo(String mobilePlatformVersion,
 	public synchronized native String getCSTPCompression();
 	public synchronized native String getDTLSCompression();
 	public synchronized native String getProtocol();
+	public synchronized native int getIdleTimeout();
 
 	/* certificate info */
 
@@ -247,6 +248,7 @@ public static class IPInfo {
 		public String proxyPac;
 		public String gatewayAddr;
 		public int MTU;
+		public int idleTimeoutSec;
 
 		public ArrayList<String> splitDNS = new ArrayList<String>();
 		public ArrayList<String> splitIncludes = new ArrayList<String>();
diff --git a/jni.c b/jni.c
index c377a5cf..be170bcc 100644
--- a/jni.c
+++ b/jni.c
@@ -1108,6 +1108,16 @@ JNIEXPORT void JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_setXMLPo
 	openconnect_set_xmlpost(ctx->vpninfo, arg);
 }
 
+JNIEXPORT jint JNICALL Java_org_infradead_libopenconnect_LibOpenConnect_getIdleTimeout(
+	JNIEnv *jenv, jobject jobj)
+{
+	struct libctx *ctx = getctx(jenv, jobj);
+
+	if (!ctx)
+		return -EINVAL;
+	return openconnect_get_idle_timeout(ctx->vpninfo);
+}
+
 /* simple cases: return a const string (no need to free it) */
 
 #define RETURN_STRING_START \
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 0f4ccd05..1f297268 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -94,6 +94,7 @@ OPENCONNECT_5_4 {
 
 OPENCONNECT_5_5 {
  global:
+	openconnect_get_idle_timeout;
 	openconnect_get_protocol;
 	openconnect_get_supported_protocols;
 	openconnect_free_supported_protocols;
diff --git a/library.c b/library.c
index c1474609..3d134995 100644
--- a/library.c
+++ b/library.c
@@ -538,6 +538,11 @@ void openconnect_set_dpd(struct openconnect_info *vpninfo, int min_seconds)
 		vpninfo->dtls_times.dpd = vpninfo->ssl_times.dpd = 2;
 }
 
+int openconnect_get_idle_timeout(struct openconnect_info *vpninfo)
+{
+	return vpninfo->idle_timeout;
+}
+
 int openconnect_get_ip_info(struct openconnect_info *vpninfo,
 			    const struct oc_ip_info **info,
 			    const struct oc_vpn_option **cstp_options,
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 2c35e098..729d3014 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -586,6 +586,7 @@ struct openconnect_info {
 
 	struct oc_ip_info ip_info;
 	int cstp_basemtu; /* Returned by server */
+	int idle_timeout; /* Returned by server */
 
 #ifdef _WIN32
 	long dtls_monitored, ssl_monitored, cmd_monitored, tun_monitored;
diff --git a/openconnect.h b/openconnect.h
index f8ea6920..74a5124a 100644
--- a/openconnect.h
+++ b/openconnect.h
@@ -40,6 +40,7 @@ extern "C" {
  *  - Add openconnect_get_supported_protocols()
  *  - Add openconnect_free_supported_protocols()
  *  - Add openconnect_get_protocol()
+ *  - Add openconnect_get_idle_timeout()
  *
  * API version 5.4 (v7.08; 2016-12-13):
  *  - Add openconnect_set_pass_tos()
@@ -514,6 +515,7 @@ int openconnect_set_client_cert(struct openconnect_info *, const char *cert,
 const char *openconnect_get_ifname(struct openconnect_info *);
 void openconnect_set_reqmtu(struct openconnect_info *, int reqmtu);
 void openconnect_set_dpd(struct openconnect_info *, int min_seconds);
+int openconnect_get_idle_timeout(struct openconnect_info *);
 
 /* The returned structures are owned by the library and may be freed/replaced
    due to rekey or reconnect. Assume that once the mainloop starts, the