diff --git a/algo b/algo
index 4b088f7e..a9d4914c 100755
--- a/algo
+++ b/algo
@@ -2,6 +2,15 @@
 
 set -e
 
+ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate"
+if [ -f "$ACTIVATE_SCRIPT" ]
+then
+	source $ACTIVATE_SCRIPT
+else
+	echo "$ACTIVATE_SCRIPT not found.  Did you follow documentation to install dependencies?"
+	exit 1
+fi
+
 SKIP_TAGS="_null encrypted"
 ADDITIONAL_PROMPT="[pasted values will not be displayed]"
 
@@ -252,10 +261,10 @@ Name the vpn server:
     11.  eu-west-1           EU (Ireland)
     12.  eu-west-2           EU (London)
     13.  ca-central-1        Canada (Central)
+    14.  sa-east-1           São Paulo
 Enter the number of your desired region:
 [1]: " -r aws_region
   aws_region=${aws_region:-1}
-  # sa-east-1 region does not support the size instance we use.
 
   case "$aws_region" in
     1) region="us-east-1" ;;
@@ -271,6 +280,7 @@ Enter the number of your desired region:
     11) region="eu-west-1" ;;
     12) region="eu-west-2";;
     13) region="ca-central-1" ;;
+    14) region="sa-east-1" ;;
   esac
 
   ROLES="ec2 vpn cloud"
diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml
index db312818..934c34f3 100644
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@@ -25,5 +25,5 @@ ciphers:
     ike: aes128gcm16-sha2_512-prfsha512-ecp256!
     esp: aes128gcm16-sha2_512-ecp256!
   compat:
-    ike: aes128-sha2_512-prfsha512-ecp256,aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
-    esp: aes128-sha2_512-ecp256,aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048!
+    ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
+    esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_512-ecp256,aes128-sha2_256-modp2048!
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 5ec7f3db..006479d7 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -8,7 +8,7 @@
 
 - name: Generate password for the CA key
   shell: >
-    openssl rand -hex 6
+    openssl rand -hex 16
   register: CA_password
 
 - set_fact:
diff --git a/roles/vpn/templates/client_ipsec.conf.j2 b/roles/vpn/templates/client_ipsec.conf.j2
index 8a12d7de..7fde04ab 100644
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@@ -21,7 +21,7 @@ conn ikev2-{{ IP_subject_alt_name }}
 
     leftsourceip=%config
     leftauth=pubkey
-    leftcert={{ IP_subject_alt_name }}_{{ item }}.crt
+    leftcert={{ item }}.crt
     leftfirewall=yes
     left=%defaultroute
 
diff --git a/roles/vpn/templates/client_ipsec.secrets.j2 b/roles/vpn/templates/client_ipsec.secrets.j2
index 61603129..0d8356ee 100644
--- a/roles/vpn/templates/client_ipsec.secrets.j2
+++ b/roles/vpn/templates/client_ipsec.secrets.j2
@@ -1,5 +1,5 @@
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
-{{ IP_subject_alt_name }} : RSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : RSA {{ item }}.key
 {% else %}
-{{ IP_subject_alt_name }} : ECDSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : ECDSA {{ item }}.key
 {% endif %}
diff --git a/users.yml b/users.yml
index 421c5814..b4cdf742 100644
--- a/users.yml
+++ b/users.yml
@@ -34,6 +34,7 @@
   become: true
   vars_files:
     - config.cfg
+    - roles/vpn/defaults/main.yml
 
   pre_tasks:
     - name: Common pre-tasks