diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 7b1a719693..de6c321d25 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -353,6 +353,10 @@ wsgi_wants_apache: true
 # IPA settings
 additional_host_keytabs: []
 ipa_server: ipa01.iad2.fedoraproject.org
+ipa_server_nodes:
+  - ipa01.iad2.fedoraproject.org
+  - ipa02.iad2.fedoraproject.org
+  - ipa03.iad2.fedoraproject.org
 ipa_realm: FEDORAPROJECT.ORG
 ipa_admin_password: "{{ ipa_prod_admin_password }}"
 # Let this become "ipa" at some point
diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index 606bcbd4a2..7c37b46fae 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -17,6 +17,9 @@
 - name: Enroll system as IPA client
   command:
     cmd: ipa-client-install
+         {% if (vpn | default(false)) %}{% for node in ipa_server_nodes | default([]) %}
+         --server={{ node }}
+         {% endfor %}{% endif %}
          --hostname={{ inventory_hostname }}
          --domain={{ ipa_realm | lower }}
          --realm={{ ipa_realm }}