diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea992fc6..d2a42256 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Added
 
 * haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
+* openvpn: configure logrotate
 
 ### Changed
 
diff --git a/openvpn/files/logrotate_openvpn b/openvpn/files/logrotate_openvpn
new file mode 100644
index 00000000..e240faf6
--- /dev/null
+++ b/openvpn/files/logrotate_openvpn
@@ -0,0 +1,10 @@
+/var/log/openvpn.log
+{
+    weekly
+    rotate 52
+    missingok
+    notifempty
+    delaycompress
+    compress
+    copytruncate
+}
diff --git a/openvpn/tasks/debian.yml b/openvpn/tasks/debian.yml
index 8a9978d9..4c2f6c5d 100644
--- a/openvpn/tasks/debian.yml
+++ b/openvpn/tasks/debian.yml
@@ -149,6 +149,12 @@
     value: "1"
     sysctl_file: "/etc/sysctl.d/openvpn.conf"
 
+- name: Configure logrotate for OpenVPN
+  copy:
+    src: logrotate_openvpn
+    dest: /etc/logrotate.d/openvpn
+    force: no
+
 - name: Generate a password for the management interface
   set_fact:
     management_pwd: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters,digits') }}"