diff --git a/data/templates/sstp-client/peer.j2 b/data/templates/sstp-client/peer.j2
index 1127d0564..7a0b0e1f7 100644
--- a/data/templates/sstp-client/peer.j2
+++ b/data/templates/sstp-client/peer.j2
@@ -1,46 +1,53 @@
 ### Autogenerated by interfaces-sstpc.py ###
 {{ '# ' ~ description if description is vyos_defined else '' }}
 
 # Require peer to provide the local IP address if it is not
 # specified explicitly in the config file.
 noipdefault
 
 # Don't show the password in logfiles:
 hide-password
 
 remotename {{ ifname }}
 linkname   {{ ifname }}
 ipparam    {{ ifname }}
 ifname     {{ ifname }}
 pty "sstpc --ipparam {{ ifname }} --nolaunchpppd {{ server }}:{{ port }} --ca-cert {{ ca_file_path }}"
 
 # Override any connect script that may have been set in /etc/ppp/options.
 connect /bin/true
 
-# Don't try to authenticate the remote node
+# We don't need the server to auth itself
 noauth
 
 # We won't want EAP
 refuse-eap
 
 # Don't try to proxy ARP for the remote endpoint. User can set proxy
 # arp entries up manually if they wish. More importantly, having
 # the "proxyarp" parameter set disables the "defaultroute" option.
 noproxyarp
 
 # Unlimited connection attempts
 maxfail 0
 
 plugin sstp-pppd-plugin.so
 sstp-sock /var/run/sstpc/sstpc-{{ ifname }}
 
 persist
 debug
 
+# pppd should create a UUCP-style lock file for the serial device to ensure
+# exclusive access to the device. By default, pppd will not create a lock file.
+lock
+
+# Disables Deflate compression
+nodeflate
+
 {% if authentication is vyos_defined %}
 {{ 'user "' + authentication.user + '"' if authentication.user is vyos_defined }}
 {{ 'password "' + authentication.password + '"' if authentication.password is vyos_defined }}
 {% endif %}
 
 {{ "usepeerdns" if no_peer_dns is not vyos_defined }}