diff --git a/openvpn/tasks/main.yml b/openvpn/tasks/main.yml
index 6f553ba9..d58dc4bf 100644
--- a/openvpn/tasks/main.yml
+++ b/openvpn/tasks/main.yml
@@ -14,24 +14,16 @@
   tags:
   - openvpn
 
-- set_fact:
-    minifirewall_tail_included: True
-    minifirewall_tail_file: /etc/default/minifirewall.tail
-
-- include_role:
-    name: minifirewall
-  tags:
-  - openvpn
-
 - name: Allow OpenVPN input
-  blockinfile:
-    dest: "{{ minifirewall_tail_file }}"
-    marker: "# {mark} INPUT OPENVPN" 
-    block: |                   
-       /sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-  notify: restart minifirewall
+  lineinfile: 
+    dest: /etc/default/minifirewall
+    line: "/sbin/iptables -A INPUT -p udp --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #OPENVPN"
+    regexp: '#OPENVPN$'
+    state: present
+  failed_when: False
   tags:
   - openvpn
+  - openvpn-minifirewall
 
 - name: Create /etc/shellpki directory
   file:
@@ -53,6 +45,11 @@
   tags:
   - openvpn
 
+- include_role:
+    name: remount-usr
+  tags:
+  - openvpn
+
 - name: Copy some shellpki files
   copy: 
     src: "{{ item.src }}"      
@@ -67,6 +64,12 @@
   tags:
     - openvpn
 
+- name: Deploy DH PARAMETERS
+  template:                    
+    src: "dh2048.pem.j2" 
+    dest: "/etc/shellpki/dh2048.pem"
+    mode: "0600"               
+
 - name: Verify shellpki sudoers file presence
   copy:
     src: "sudo_shellpki"
diff --git a/openvpn/templates/dh2048.pem.j2 b/openvpn/templates/dh2048.pem.j2
new file mode 100644
index 00000000..9db20bb3
--- /dev/null
+++ b/openvpn/templates/dh2048.pem.j2
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAuimweC/f5W/AIIFhLX256Bi5IU+AkN9sKZ9sxGx0xc3J8NwIBnEP
+R/2RgclJqJ8OodY70zeDHNLDyc01crGvihuupiWVlvQxS4osdhfdM+GoV9pcmCVr
+TRTybsUPkkm4rQ/SC7I2MxiYnXwDrrYnpMvBDaRZjoHlgTKjOGoYSd+DIDZSFKkv
+ASkXQkIC9FpvjnxfW5gtzzm6NheqgYUI2Y2QiqM6BmGVZiPcqyUpbWvRCcZLoPa2
+Z+FV9LxE4J7CX0ilTJXXhs3RaMlG8qZha3l0hEL4SAZp5xn74Ej/9hA5cWqnKEOQ
+aLfwADI4rPe9uTu9Qnw87DgM2tQeETBlmwIBAg==
+-----END DH PARAMETERS-----
diff --git a/openvpn/templates/server.conf.j2 b/openvpn/templates/server.conf.j2
index 356e88e8..466bb861 100644
--- a/openvpn/templates/server.conf.j2
+++ b/openvpn/templates/server.conf.j2
@@ -21,7 +21,9 @@ log-append  /var/log/openvpn/openvpn.log
 ca   /etc/shellpki/cacert.pem
 cert /etc/shellpki/certs/{{ ansible_fqdn }}.crt
 key  /etc/shellpki/private/{{ ansible_fqdn }}.key
-dh   /etc/shellpkca/dh2048.pem
+dh   /etc/shellpki/dh2048.pem
 
 server {{ openvpn_lan }} {{ openvpn_netmask }}
 
+# Management interface (used by check_openvpn for Nagios)
+management 127.0.0.1 1195 /etc/openvpn/management-pwd