diff --git a/ocserv.conf b/ocserv.conf
index 53c626e..96082b7 100644
--- a/ocserv.conf
+++ b/ocserv.conf
@@ -155,6 +155,14 @@ dpd = 90
 # 'X-AnyConnect-Identifier-DeviceType'.
 mobile-dpd = 1800
 
+# If using DTLS, and no UDP traffic is received for this
+# many seconds, attempt to send future traffic over the TCP
+# connection instead, in an attempt to wake up the client
+# in the case that there is a NAT and the UDP translation
+# was deleted. If this is unset, do not attempt to use this
+# recovery mechanism.
+switch-to-tcp-timeout = 25
+
 # MTU discovery (DPD must be enabled)
 try-mtu-discovery = false