diff --git a/client/ovpncli.cpp b/client/ovpncli.cpp
index ffc01299..23e1bda7 100644
--- a/client/ovpncli.cpp
+++ b/client/ovpncli.cpp
@@ -947,7 +947,9 @@ namespace openvpn {
 #if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
       cc.extern_tun_factory = this;
 #endif
-
+#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY)
+      cc.extern_transport_factory = this;
+#endif
       // force Session ID use and disable password cache if static challenge is enabled
       if (state->creds
 	  && !state->creds->get_replace_password_with_session_id()
diff --git a/client/ovpncli.hpp b/client/ovpncli.hpp
index 7c965dc1..fb85b87a 100644
--- a/client/ovpncli.hpp
+++ b/client/ovpncli.hpp
@@ -31,6 +31,7 @@
 #include <openvpn/tun/builder/base.hpp>
 #include <openvpn/tun/extern/fw.hpp>
 #include <openvpn/pki/epkibase.hpp>
+#include <openvpn/transport/client/extern/fw.hpp>
 
 namespace openvpn {
   class OptionList;
@@ -416,6 +417,7 @@ namespace openvpn {
     class OpenVPNClient : public TunBuilderBase,            // expose tun builder virtual methods
 			  public LogReceiver,               // log message notification
 			  public ExternalTun::Factory,      // low-level tun override
+			  public ExternalTransport::Factory,// low-level transport override
 			  private ExternalPKIBase
     {
     public:
diff --git a/javacli/ovpncli.i b/javacli/ovpncli.i
index 6fc07c51..97c0e380 100644
--- a/javacli/ovpncli.i
+++ b/javacli/ovpncli.i
@@ -15,6 +15,7 @@
 // ignore these ClientAPI::OpenVPNClient bases
 %ignore openvpn::ClientAPI::LogReceiver;
 %ignore openvpn::ExternalTun::Factory;
+%ignore openvpn::ExternalTransport::Factory;
 
 // modify exported C++ class names to incorporate their enclosing namespace
 %rename(ClientAPI_OpenVPNClient) OpenVPNClient;
@@ -49,4 +50,5 @@ namespace std {
 %include "openvpn/pki/epkibase.hpp"
 %include "openvpn/tun/builder/base.hpp"
 %import  "openvpn/tun/extern/fw.hpp"     // ignored
+%import  "openvpn/transport/client/extern/fw.hpp"     // ignored
 %include "ovpncli.hpp"
diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp
index fc8ab1a6..0778744f 100644
--- a/openvpn/client/cliopt.hpp
+++ b/openvpn/client/cliopt.hpp
@@ -66,6 +66,11 @@
 #include <openvpn/client/cliemuexr.hpp>
 #endif
 
+#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY)
+#include <openvpn/transport/client/extern/config.hpp>
+#include <openvpn/transport/client/extern/fw.hpp>
+#endif
+
 #if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
 // requires that client implements ExternalTun::Factory::new_tun_factory
 #include <openvpn/tun/extern/config.hpp>
@@ -157,6 +162,10 @@ namespace openvpn {
 #if defined(OPENVPN_EXTERNAL_TUN_FACTORY)
       ExternalTun::Factory* extern_tun_factory = nullptr;
 #endif
+
+#if defined(OPENVPN_EXTERNAL_TRANSPORT_FACTORY)
+      ExternalTransport::Factory* extern_transport_factory = nullptr;
+#endif
     };
 
     ClientOptions(const OptionList& opt,   // only needs to remain in scope for duration of constructor call
@@ -183,6 +192,9 @@ namespace openvpn {
 	creds_locked(false),
 	asio_work_always_on_(false),
 	synchronous_dns_lookup(false)
+#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY
+	,extern_transport_factory(config.extern_transport_factory)
+#endif
     {
       // parse general client options
       const ParseClientConfig pcc(opt);
@@ -692,6 +704,21 @@ namespace openvpn {
       // should have been caught earlier in RemoteList::handle_proto_override.
 
       // construct transport object
+#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY
+      ExternalTransport::Config transconf;
+      transconf.remote_list = remote_list;
+      transconf.frame = frame;
+      transconf.stats = cli_stats;
+      transconf.socket_protect = socket_protect;
+      transconf.server_addr_float = server_addr_float;
+      transconf.synchronous_dns_lookup = synchronous_dns_lookup;
+      transport_factory = extern_transport_factory->new_transport_factory(transconf);
+#ifdef OPENVPN_GREMLIN
+      udpconf->gremlin_config = gremlin_config;
+#endif
+
+#else
+	
       if (dco)
 	{
 	  DCO::TransportConfig transconf;
@@ -766,6 +793,7 @@ namespace openvpn {
 	  else
 	    throw option_error("internal error: unknown transport protocol");
 	}
+#endif // OPENVPN_EXTERNAL_TRANSPORT_FACTORY
       return remote_list->current_server_host();
     }
 
@@ -808,6 +836,9 @@ namespace openvpn {
     ClientLifeCycle::Ptr client_lifecycle;
     AltProxy::Ptr alt_proxy;
     DCO::Ptr dco;
+#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY
+    ExternalTransport::Factory* extern_transport_factory;
+#endif
   };
 }
 
diff --git a/openvpn/transport/client/extern/config.hpp b/openvpn/transport/client/extern/config.hpp
new file mode 100644
index 00000000..0ef87d4e
--- /dev/null
+++ b/openvpn/transport/client/extern/config.hpp
@@ -0,0 +1,47 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_TRANSPORT_CLIENT_EXTERN_CONFIG_H
+#define OPENVPN_TRANSPORT_CLIENT_EXTERN_CONFIG_H
+
+#include <sstream>
+#include <openvpn/transport/client/transbase.hpp>
+#include <openvpn/transport/socket_protect.hpp>
+#include <openvpn/client/remotelist.hpp>
+
+namespace openvpn
+{
+  namespace ExternalTransport
+  {
+    struct Config
+    {
+      Protocol protocol;
+      RemoteList::Ptr remote_list;
+      bool server_addr_float = false;
+      bool synchronous_dns_lookup = false;
+      Frame::Ptr frame;
+      SessionStats::Ptr stats;
+      SocketProtect* socket_protect = nullptr;
+    };
+  }
+}
+
+#endif
diff --git a/openvpn/transport/client/extern/fw.hpp b/openvpn/transport/client/extern/fw.hpp
new file mode 100644
index 00000000..f6b1ae6d
--- /dev/null
+++ b/openvpn/transport/client/extern/fw.hpp
@@ -0,0 +1,43 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef OPENVPN_TRANSPORT_CLIENT_EXTERN_FW_H
+#define OPENVPN_TRANSPORT_CLIENT_EXTERN_FW_H
+
+#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY
+#include <openvpn/transport/client/transbase.hpp>
+#endif
+
+namespace openvpn {
+  namespace ExternalTransport {
+#ifdef OPENVPN_EXTERNAL_TRANSPORT_FACTORY
+    struct Config;
+    struct Factory
+    {
+      virtual TransportClientFactory* new_transport_factory(const Config& conf) = 0;
+      virtual ~Factory() {}
+    };
+#else
+    struct Factory {};
+#endif
+  }
+}
+#endif