diff --git a/ansible.cfg b/ansible.cfg
index be95dd1..8c16ad8 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,4 +1,4 @@
-# Ansible configuration, copy from the AURORE config.
+# Ansible configuration
 
 [defaults]
 
@@ -12,7 +12,7 @@ inventory = ./hosts
 roles_path = ./roles
 
 # Custom header in templates
-ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
+ansible_managed = Ansible managed
 
 # Do not use cows (with cowsay)
 nocows = 1
diff --git a/host_vars/vm1/networking.yml b/host_vars/vm1/networking.yml
index 40a8950..48f3977 100644
--- a/host_vars/vm1/networking.yml
+++ b/host_vars/vm1/networking.yml
@@ -1,8 +1,15 @@
 ---
 interfaces:
+  enp0s3:
+    ipv4: 10.0.2.14
+    netmaskv4: 24
+    type: static
+    routes:
+      - {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
   wg0:
     ipv4: "{{ intranet.subnets.test.subnets.vm1.ipv4 }}"
     netmaskv4: "{{ intranet.netmaskv4 }}"
+    type: wireguard
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/vm1/vpn.yml b/host_vars/vm1/vpn.yml
index 121dd03..c121d20 100644
--- a/host_vars/vm1/vpn.yml
+++ b/host_vars/vm1/vpn.yml
@@ -1,7 +1,6 @@
 ---
 vpn_interfaces:
   wg0:
-    ip: "{{ interfaces.wg0.ipv4 }}"
     private_key: "{{ vpn_vault_vm1_key }}"
     public_key: "uccS/p19vinH/S2GpVarDTYah4oRiSIABue8uEqKzRs="
     keepalive: true
diff --git a/host_vars/vm2/networking.yml b/host_vars/vm2/networking.yml
index 237ee5d..2e66036 100644
--- a/host_vars/vm2/networking.yml
+++ b/host_vars/vm2/networking.yml
@@ -1,8 +1,15 @@
 ---
 interfaces:
+  enp0s3:
+    ipv4: 10.0.2.16
+    netmaskv4: 24
+    type: static
+    routes:
+      - {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
   wg0:
     ipv4: "{{ intranet.subnets.test.subnets.vm2.ipv4 }}"
     netmaskv4: "{{ intranet.netmaskv4 }}"
+    type: wireguard
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/vm2/vpn.yml b/host_vars/vm2/vpn.yml
index a3022a6..4c60a77 100644
--- a/host_vars/vm2/vpn.yml
+++ b/host_vars/vm2/vpn.yml
@@ -1,7 +1,6 @@
 ---
 vpn_interfaces:
   wg0:
-    ip: "{{ interfaces.wg0.ipv4 }}"
     private_key: "{{ vpn_vault_vm2_key }}"
     public_key: "pxsYnL8N3VVVLlkXA8NOkqWsrSMrgdL1vj/VnZfKdRo="
     keepalive: true
diff --git a/host_vars/vm3/networking.yml b/host_vars/vm3/networking.yml
index 7f70508..9920737 100644
--- a/host_vars/vm3/networking.yml
+++ b/host_vars/vm3/networking.yml
@@ -1,8 +1,15 @@
 ---
 interfaces:
+  enp0s3:
+    ipv4: 10.0.2.17
+    netmaskv4: 24
+    type: static
+    routes:
+      - {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
   wg0:
     ipv4: "{{ intranet.subnets.test.subnets.vm3.ipv4 }}"
     netmaskv4: "{{ intranet.netmaskv4 }}"
+    type: wireguard
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/vm3/vpn.yml b/host_vars/vm3/vpn.yml
index 4f0556c..0195cd3 100644
--- a/host_vars/vm3/vpn.yml
+++ b/host_vars/vm3/vpn.yml
@@ -1,7 +1,6 @@
 ---
 vpn_interfaces:
   wg0:
-    ip: "{{ interfaces.wg0.ipv4 }}"
     private_key: "{{ vpn_vault_vm3_key }}"
     public_key: "Cj3HAjXXr9DcmJoOkQkHvLWujZm8h6tBt2d54g0pqEg="
     keepalive: true
diff --git a/host_vars/vm4/networking.yml b/host_vars/vm4/networking.yml
index da07dc2..174c3ed 100644
--- a/host_vars/vm4/networking.yml
+++ b/host_vars/vm4/networking.yml
@@ -1,8 +1,15 @@
 ---
 interfaces:
+  enp0s3:
+    ipv4: 10.0.2.32
+    netmaskv4: 24
+    type: static
+    routes:
+      - {subnet: 0.0.0.0, netmask: 0, gateway: 10.0.2.1}
   wg0:
     ipv4: "{{ intranet.subnets.test.subnets.vm4.ipv4 }}"
     netmaskv4: "{{ intranet.netmaskv4 }}"
+    type: wireguard
 
 ipv4_forwarding: false
 ipv6_forwarding: false
diff --git a/host_vars/vm4/vpn.yml b/host_vars/vm4/vpn.yml
index e8ff96f..1dafb73 100644
--- a/host_vars/vm4/vpn.yml
+++ b/host_vars/vm4/vpn.yml
@@ -1,7 +1,6 @@
 ---
 vpn_interfaces:
   wg0:
-    ip: "{{ interfaces.wg0.ipv4 }}"
     private_key: "{{ vpn_vault_vm4_key }}"
     public_key: "5M84IO6uobYkMPupCI9h9y3iJXVIXAyDY8wkrMPcaRw="
     keepalive: true
diff --git a/roles/networking/handlers/main.yml b/roles/networking/handlers/main.yml
new file mode 100644
index 0000000..179f5f0
--- /dev/null
+++ b/roles/networking/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Reload network interfaces
+  become: true
+  command: /sbin/ifreload -a
diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml
index a15482a..7106816 100644
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -1,4 +1,15 @@
 ---
+
+- name: Install wireguard
+  apt:
+    name:
+      - ifupdown2
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
 - name: Enable ipv4 forwarding
   ansible.posix.sysctl:
     name: net.ipv4.ip_forward
@@ -26,3 +37,22 @@
     value: '0'
     sysctl_set: true
   when: not ipv6_forwarding
+
+- name: Create interface config files
+  ansible.builtin.template:
+    src: "interfaces.j2"
+    dest: "/etc/network/interfaces"
+    owner: root
+    group: root
+    mode: '644'
+  notify: Reload network interfaces
+
+- name: Create interface config files
+  ansible.builtin.template:
+    src: "interface.conf.j2"
+    dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
+    owner: root
+    group: root
+    mode: '640'
+  notify: Reload network interfaces
+  loop: "{{ lookup('dict', interfaces) }}"
diff --git a/roles/networking/templates/interface.conf.j2 b/roles/networking/templates/interface.conf.j2
new file mode 100644
index 0000000..0aa1e0d
--- /dev/null
+++ b/roles/networking/templates/interface.conf.j2
@@ -0,0 +1,30 @@
+{{ ansible_managed | comment }}
+
+auto {{ item.key }}
+{% if item.value.type == 'wireguard' %}
+iface {{ item.key }} inet static
+{% elif item.value.type == 'dhcp' %}
+iface {{ item.key }} inet dhcp
+{% elif item.value.type == 'static' %}
+iface {{ item.key }} inet static
+{% endif %}
+{% if item.value.type == 'wireguard' %}
+	pre-up ip link add $IFACE type wireguard
+	pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
+{% endif %}
+{% if 'routes' in item.value %}
+{% for route in item.value.routes %}
+	post-up ip route add {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
+{% endfor %}
+{% endif %}
+{% if 'ipv4' in item.value %}
+	address {{ item.value.ipv4 }}/{{ item.value.netmaskv4 }}
+{% endif %}
+{% if 'routes' in item.value %}
+{% for route in item.value.routes %}
+	post-down ip route del {{ route.subnet }}/{{ route.netmask }} via {{ route.gateway }}
+{% endfor %}
+{% endif %}
+{% if item.value.type == 'wireguard' %}
+	post-down ip link del $IFACE
+{% endif %}
diff --git a/roles/networking/templates/interfaces.j2 b/roles/networking/templates/interfaces.j2
new file mode 100644
index 0000000..aa536d0
--- /dev/null
+++ b/roles/networking/templates/interfaces.j2
@@ -0,0 +1,3 @@
+{{ ansible_managed | comment }}
+
+source /etc/network/interfaces.d/*
diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml
index a0e5595..179f5f0 100644
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@@ -1,9 +1,4 @@
 ---
-# This is so uggly
-- name: Restart wireguard for interface
-  systemd:
-    name: "wg-quick@{{ item.key }}"
-    state: restarted
-  loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: false
+- name: Reload network interfaces
+  become: true
+  command: /sbin/ifreload -a
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 14b5526..a9b4161 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -21,29 +21,21 @@
   apt:
     name:
       - wireguard
+      - ifupdown2
     state: latest
     update_cache: true
   register: apt_result
   retries: 3
   until: apt_result is succeeded
 
-- name: Create config files
+- name: Create wireguard config files
   ansible.builtin.template:
-    src: "wiregard.conf"
+    src: "wiregard.conf.j2"
     dest: "/etc/wireguard/{{ item.key }}.conf"
     owner: root
     group: root
     mode: '600'
-  notify: Restart wireguard for interface
+  notify: Reload network interfaces
   loop:
     - "{{ lookup('dict', vpn_interfaces) }}"
   no_log: true
-
-- name: Enable interface
-  systemd:
-    name: "wg-quick@{{ item.key }}"
-    state: started
-    enabled: yes
-  loop:
-    - "{{ lookup('dict', vpn_interfaces) }}"
-  no_log: false
diff --git a/roles/vpn/templates/wiregard.conf b/roles/vpn/templates/wiregard.conf.j2
similarity index 93%
rename from roles/vpn/templates/wiregard.conf
rename to roles/vpn/templates/wiregard.conf.j2
index 25890c7..9d442a2 100644
--- a/roles/vpn/templates/wiregard.conf
+++ b/roles/vpn/templates/wiregard.conf.j2
@@ -1,7 +1,6 @@
 {{ ansible_managed | comment }}
 
 [Interface]
-Address = {{ item.value.ip }}
 PrivateKey = {{ item.value.private_key }}
 ListenPort = {{ vpn_port }}