diff --git a/internal/wire/header.go b/internal/wire/header.go
index 9df77a23..466ab289 100644
--- a/internal/wire/header.go
+++ b/internal/wire/header.go
@@ -2,6 +2,7 @@ package wire
 
 import (
 	"bytes"
+	"crypto/rand"
 	"errors"
 	"fmt"
 
@@ -18,8 +19,9 @@ type Header struct {
 
 	Version protocol.VersionNumber
 
-	DestConnectionID protocol.ConnectionID
-	SrcConnectionID  protocol.ConnectionID
+	DestConnectionID     protocol.ConnectionID
+	SrcConnectionID      protocol.ConnectionID
+	OrigDestConnectionID protocol.ConnectionID // only needed in the Retry packet
 
 	PacketNumberLen protocol.PacketNumberLen
 	PacketNumber    protocol.PacketNumber
@@ -72,8 +74,22 @@ func (h *Header) writeLongHeader(b *bytes.Buffer) error {
 		b.Write(h.Token)
 	}
 
-	utils.WriteVarInt(b, uint64(h.PayloadLen))
+	if h.Type == protocol.PacketTypeRetry {
+		odcil, err := encodeSingleConnIDLen(h.OrigDestConnectionID)
+		if err != nil {
+			return err
+		}
+		// randomize the first 4 bits
+		odcilByte := make([]byte, 1)
+		_, _ = rand.Read(odcilByte) // it's safe to ignore the error here
+		odcilByte[0] = (odcilByte[0] & 0xf0) | odcil
+		b.Write(odcilByte)
+		b.Write(h.OrigDestConnectionID.Bytes())
+		b.Write(h.Token)
+		return nil
+	}
 
+	utils.WriteVarInt(b, uint64(h.PayloadLen))
 	return utils.WriteVarIntPacketNumber(b, h.PacketNumber, h.PacketNumberLen)
 }
 
@@ -207,13 +223,17 @@ func (h *Header) logHeader(logger utils.Logger) {
 			logger.Debugf("\tVersionNegotiationPacket{DestConnectionID: %s, SrcConnectionID: %s, SupportedVersions: %s}", h.DestConnectionID, h.SrcConnectionID, h.SupportedVersions)
 		} else {
 			var token string
-			if h.Type == protocol.PacketTypeInitial {
+			if h.Type == protocol.PacketTypeInitial || h.Type == protocol.PacketTypeRetry {
 				if len(h.Token) == 0 {
 					token = "Token: (empty), "
 				} else {
 					token = fmt.Sprintf("Token: %#x, ", h.Token)
 				}
 			}
+			if h.Type == protocol.PacketTypeRetry {
+				logger.Debugf("\tLong Header{Type: %s, DestConnectionID: %s, SrcConnectionID: %s, %sOrigDestConnectionID: %s, Version: %s}", h.Type, h.DestConnectionID, h.SrcConnectionID, token, h.OrigDestConnectionID, h.Version)
+				return
+			}
 			logger.Debugf("\tLong Header{Type: %s, DestConnectionID: %s, SrcConnectionID: %s, %sPacketNumber: %#x, PacketNumberLen: %d, PayloadLen: %d, Version: %s}", h.Type, h.DestConnectionID, h.SrcConnectionID, token, h.PacketNumber, h.PacketNumberLen, h.PayloadLen, h.Version)
 		}
 	} else {
diff --git a/internal/wire/header_parser.go b/internal/wire/header_parser.go
index bcb43b86..fdf93a38 100644
--- a/internal/wire/header_parser.go
+++ b/internal/wire/header_parser.go
@@ -125,6 +125,27 @@ func (iv *InvariantHeader) parseLongHeader(b *bytes.Reader) (*Header, error) {
 	h := iv.toHeader()
 	h.Type = protocol.PacketType(iv.typeByte & 0x7f)
 
+	if h.Type != protocol.PacketTypeInitial && h.Type != protocol.PacketTypeRetry && h.Type != protocol.PacketType0RTT && h.Type != protocol.PacketTypeHandshake {
+		return nil, qerr.Error(qerr.InvalidPacketHeader, fmt.Sprintf("Received packet with invalid packet type: %d", h.Type))
+	}
+
+	if h.Type == protocol.PacketTypeRetry {
+		odcilByte, err := b.ReadByte()
+		if err != nil {
+			return nil, err
+		}
+		odcil := decodeSingleConnIDLen(odcilByte & 0xf)
+		h.OrigDestConnectionID, err = protocol.ReadConnectionID(b, odcil)
+		if err != nil {
+			return nil, err
+		}
+		h.Token = make([]byte, b.Len())
+		if _, err := io.ReadFull(b, h.Token); err != nil {
+			return nil, err
+		}
+		return h, nil
+	}
+
 	if h.Type == protocol.PacketTypeInitial {
 		tokenLen, err := utils.ReadVarInt(b)
 		if err != nil {
@@ -151,9 +172,6 @@ func (iv *InvariantHeader) parseLongHeader(b *bytes.Reader) (*Header, error) {
 	h.PacketNumber = pn
 	h.PacketNumberLen = pnLen
 
-	if h.Type != protocol.PacketTypeInitial && h.Type != protocol.PacketTypeRetry && h.Type != protocol.PacketType0RTT && h.Type != protocol.PacketTypeHandshake {
-		return nil, qerr.Error(qerr.InvalidPacketHeader, fmt.Sprintf("Received packet with invalid packet type: %d", h.Type))
-	}
 	return h, nil
 }
 
diff --git a/internal/wire/header_parser_test.go b/internal/wire/header_parser_test.go
index bef49119..94d7986a 100644
--- a/internal/wire/header_parser_test.go
+++ b/internal/wire/header_parser_test.go
@@ -159,6 +159,25 @@ var _ = Describe("Header Parsing", func() {
 				Expect(hdr.PacketNumberLen).To(Equal(protocol.PacketNumberLen2))
 			})
 
+			It("parses a Retry packet", func() {
+				data := []byte{
+					0x80 ^ uint8(protocol.PacketTypeRetry),
+					0x1, 0x2, 0x3, 0x4, // version number
+					0x0,                           // connection ID lengths
+					0x97,                          // Orig Destination Connection ID length
+					1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID
+					'f', 'o', 'o', 'b', 'a', 'r', // token
+				}
+				b := bytes.NewReader(data)
+				iHdr, err := ParseInvariantHeader(b, 0)
+				Expect(err).ToNot(HaveOccurred())
+				hdr, err := iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader)
+				Expect(err).ToNot(HaveOccurred())
+				Expect(hdr.Type).To(Equal(protocol.PacketTypeRetry))
+				Expect(hdr.OrigDestConnectionID).To(Equal(protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}))
+				Expect(hdr.Token).To(Equal([]byte("foobar")))
+			})
+
 			It("rejects packets sent with an unknown packet type", func() {
 				srcConnID := protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8}
 				buf := &bytes.Buffer{}
@@ -226,6 +245,26 @@ var _ = Describe("Header Parsing", func() {
 					Expect(err).To(Equal(io.EOF))
 				}
 			})
+
+			It("errors on EOF, for a Retry packet", func() {
+				data := []byte{
+					0x80 ^ uint8(protocol.PacketTypeRetry),
+					0x1, 0x2, 0x3, 0x4, // version number
+					0x0, // connection ID lengths
+				}
+				iHdrLen := len(data)
+				data = append(data, []byte{
+					0x97,                          // Orig Destination Connection ID length
+					1, 2, 3, 4, 5, 6, 7, 8, 9, 10, // source connection ID
+				}...)
+				for i := iHdrLen; i < len(data); i++ {
+					b := bytes.NewReader(data[:i])
+					iHdr, err := ParseInvariantHeader(b, 0)
+					Expect(err).ToNot(HaveOccurred())
+					_, err = iHdr.Parse(b, protocol.PerspectiveServer, versionIETFHeader)
+					Expect(err).To(Equal(io.EOF))
+				}
+			})
 		})
 
 		Context("Short Headers", func() {
diff --git a/internal/wire/header_test.go b/internal/wire/header_test.go
index b0b2bbab..78e9ff93 100644
--- a/internal/wire/header_test.go
+++ b/internal/wire/header_test.go
@@ -112,6 +112,37 @@ var _ = Describe("Header", func() {
 					expectedSubstring := append(encodeVarInt(uint64(len(token))), token...)
 					Expect(buf.Bytes()).To(ContainSubstring(string(expectedSubstring)))
 				})
+
+				It("writes a Retry packet", func() {
+					token := []byte("Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.")
+					err := (&Header{
+						IsLongHeader:         true,
+						Type:                 protocol.PacketTypeRetry,
+						Token:                token,
+						OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9},
+						Version:              0x1020304,
+					}).Write(buf, protocol.PerspectiveServer, versionIETFHeader)
+					Expect(err).ToNot(HaveOccurred())
+					Expect(buf.Bytes()[:6]).To(Equal([]byte{
+						0x80 ^ uint8(protocol.PacketTypeRetry),
+						0x1, 0x2, 0x3, 0x4, // version number
+						0x0, // connection ID lengths))
+					}))
+					Expect(buf.Bytes()[6] & 0xf).To(Equal(uint8(6)))
+					Expect(buf.Bytes()[7 : 7+9]).To(Equal([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9})) // Orig Dest Connection ID
+					Expect(buf.Bytes()[7+9:]).To(Equal(token))
+				})
+
+				It("refuses to write a Retry packet with an invalid Orig Destination Connection ID length", func() {
+					err := (&Header{
+						IsLongHeader:         true,
+						Type:                 protocol.PacketTypeRetry,
+						Token:                []byte("foobar"),
+						OrigDestConnectionID: protocol.ConnectionID{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, // connection IDs must be at most 18 bytes long
+						Version:              0x1020304,
+					}).Write(buf, protocol.PerspectiveServer, versionIETFHeader)
+					Expect(err).To(MatchError("invalid connection ID length: 19 bytes"))
+				})
 			})
 
 			Context("short header", func() {
@@ -623,6 +654,19 @@ var _ = Describe("Header", func() {
 				Expect(buf.String()).To(ContainSubstring("Long Header{Type: Initial, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: (empty), PacketNumber: 0x42, PacketNumberLen: 2, PayloadLen: 100, Version: 0xfeed}"))
 			})
 
+			It("logs Initial Packets without a Token", func() {
+				(&Header{
+					IsLongHeader:         true,
+					Type:                 protocol.PacketTypeRetry,
+					DestConnectionID:     protocol.ConnectionID{0xca, 0xfe, 0x13, 0x37},
+					SrcConnectionID:      protocol.ConnectionID{0xde, 0xca, 0xfb, 0xad},
+					OrigDestConnectionID: protocol.ConnectionID{0xde, 0xad, 0xbe, 0xef},
+					Token:                []byte{0x12, 0x34, 0x56},
+					Version:              0xfeed,
+				}).Log(logger)
+				Expect(buf.String()).To(ContainSubstring("Long Header{Type: Retry, DestConnectionID: 0xcafe1337, SrcConnectionID: 0xdecafbad, Token: 0x123456, OrigDestConnectionID: 0xdeadbeef, Version: 0xfeed}"))
+			})
+
 			It("logs Short Headers containing a connection ID", func() {
 				(&Header{
 					KeyPhase:         1,