diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
index 11524096b..f04138d93 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php
@@ -332,6 +332,7 @@ class ExportController extends ApiControllerBase
                 // fetch associated certificate data, add to config
                 $config['server_ca_chain'] = array();
                 $config['server_cn'] = null;
+                $config['server_subject_name'] = null;
                 $config['server_cert_is_srv'] = null;
                 if (!empty($server->certref)) {
                     if (isset(Config::getInstance()->object()->cert)) {
@@ -346,6 +347,7 @@ class ExportController extends ApiControllerBase
                                 $str_crt = base64_decode((string)$cert->crt);
                                 $inf_crt = openssl_x509_parse($str_crt);
                                 $config['server_cn'] = $inf_crt['subject']['CN'];
+                                $config['server_subject_name'] = $inf_crt['name'];
                                 // Is server type cert
                                 $config['server_cert_is_srv'] = (
                                     isset($inf_crt['extensions']['extendedKeyUsage']) &&
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
index d0f9ef7e0..a4b95fb00 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
@@ -28,6 +28,7 @@
     <field>
         <id>openvpn_export.random_local_port</id>
         <label>Use random local port</label>
+        <style>export_option</style>
         <type>checkbox</type>
         <help>Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.</help>
     </field>
@@ -40,9 +41,9 @@
     </field>
     <field>
         <id>openvpn_export.validate_server_cn</id>
-        <label>Validate server CN</label>
+        <label>Validate server subject</label>
         <type>checkbox</type>
-        <help>Verify the server certificate Common Name (CN) when the client connects</help>
+        <help>Verify the server certificate name when the client connects</help>
     </field>
     <field>
         <id>openvpn_export.plain_config</id>
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
index 600b33099..059167b36 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
@@ -48,7 +48,7 @@ class ArchiveOpenVPN extends PlainOpenVPN
      */
     public function supportedOptions()
     {
-        return array("plain_config", "p12_password");
+        return array("plain_config", "p12_password", "random_local_port");
     }
 
     /**
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
index 0fd8f40db..ddc85a194 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
@@ -48,7 +48,7 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
      */
     public function supportedOptions()
     {
-        return array("plain_config");
+        return array("plain_config", "random_local_port");
     }
 
     /**
@@ -117,9 +117,9 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
             $conf[] = "lport 0";
         }
 
-        if ($this->config['mode'] !== 'server_user' && !empty($this->config['server_cn'])
+        if ($this->config['mode'] !== 'server_user' && !empty($this->config['server_subject_name'])
                 && !empty($this->config['validate_server_cn'])) {
-            $conf[] = "verify-x509-name \"{$this->config['server_cn']}\" name";
+            $conf[] = "verify-x509-name \"{$this->config['server_subject_name']}\" subject";
             if (!empty($this->config['server_cert_is_srv'])) {
                 $conf[] = "remote-cert-tls server";
             }
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php
index 70b49bb18..127e59419 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/TheGreenBow.php
@@ -124,8 +124,8 @@ class TheGreenBow extends BaseExporter implements IExportProvider
 
         if (!empty($this->config['digest'])) {
             if (strpos($this->config['digest'], "SHA1") !== false) {
-                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Auth = "MD5";
-                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->AuthSize = "128";
+                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Auth = "SHA1";
+                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->AuthSize = "160";
             } elseif ($this->config['digest'] == "SHA256") {
                 $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Auth = "SHA2";
                 $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->AuthSize = "256";
@@ -135,6 +135,9 @@ class TheGreenBow extends BaseExporter implements IExportProvider
             } elseif ($this->config['digest'] == "SHA512") {
                 $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Auth = "SHA2";
                 $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->AuthSize = "SHA512";
+            } else {
+                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Auth = "MD5";
+                $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->AuthSize = "128";
             }
         }
         if (!empty($this->config['compression'])) {
@@ -143,6 +146,11 @@ class TheGreenBow extends BaseExporter implements IExportProvider
             $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->Compression = 'no';
         }
 
+        if ($this->config['mode'] !== 'server_user' && !empty($this->config['server_subject_name'])
+            && !empty($this->config['validate_server_cn'])) {
+            $output->cfg_ssl->cfg_sslconnection->cfg_tunnelestablish->GatewayName = $this->config['server_subject_name'];
+        }
+
         $output->cfg_ssl->cfg_sslconnection->cfg_tunneloptions->RenegSeconds = $this->config['reneg-sec'];
         if (!empty($this->config['tls'])) {
             $tls = array("\n-----BEGIN Static key-----");
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
index def2d22c7..2a8e88c29 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
@@ -48,7 +48,7 @@ class ViscosityVisz extends PlainOpenVPN
      */
     public function supportedOptions()
     {
-        return array("plain_config", "p12_password");
+        return array("plain_config", "p12_password", "random_local_port");
     }
 
     /**
diff --git a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
index dbfd10919..97a251e84 100644
--- a/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/OpenVPN/export.volt
@@ -65,6 +65,7 @@
                         $("#openvpn_export\\.template").append(this_opt);
                     });
                     $("#openvpn_export\\.servers").change();
+                    $("#openvpn_export\\.template").change();
                     $("#openvpn_export\\.template").selectpicker('refresh');
                 }
             });