diff --git a/config.cfg b/config.cfg
index 51f0021..34a1908 100644
--- a/config.cfg
+++ b/config.cfg
@@ -64,3 +64,7 @@ ipsec_config:
 
 # IP address for the proxy and the local dns resolver
 local_service_ip: 172.16.0.1
+
+pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
+VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
+CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index dacc736..f5951a4 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -170,9 +170,6 @@
 - name: Set facts for mobileconfigs
   set_fact:
     proxy_enabled: false
-    pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
-    VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
-    CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
 
 - name: Build the mobileconfigs
   template: src=mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
@@ -191,8 +188,6 @@
   with_items:
     - "{{ users }}"
 
-
-
 - name: Fetch users P12
   fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 dest=configs/{{ IP_subject_alt_name }}_{{ item }}.p12 flat=yes
   with_items: "{{ users }}"
diff --git a/users.yml b/users.yml
index 6bdbf2e..fb79ba2 100644
--- a/users.yml
+++ b/users.yml
@@ -139,7 +139,7 @@
         remove: yes
         force: yes
       when: item not in users and ssh_tunneling_enabled is defined and ssh_tunneling_enabled == "y"
-      with_items: "{{ valid_users.stdout_lines }}"
+      with_items: "{{ valid_users.stdout_lines | default('null') }}"
 
     - name: SSH | Fetch users SSH private keys
       fetch: src='/var/jail/{{ item }}/.ssh/id_rsa' dest=configs/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem flat=yes