diff --git a/usr/local/share/bastille/common.sh b/usr/local/share/bastille/common.sh
index 3ef2aeda..b1f041c4 100644
--- a/usr/local/share/bastille/common.sh
+++ b/usr/local/share/bastille/common.sh
@@ -60,3 +60,49 @@ info() {
 warn() {
     echo -e "${COLOR_YELLOW}$*${COLOR_RESET}"
 }
+
+generate_vnet_jail_netblock() {
+    local jail_name="$1"
+    local use_unique_bridge="$2"
+    local external_interface="$3"
+    ## determine number of containers + 1
+    ## iterate num and grep all jail configs
+    ## define uniq_epair
+    local jail_list=$(bastille list jails)
+    if [ -n "${jail_list}" ]; then
+        local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
+        local num_range=$((list_jails_num + 1))
+        for _num in $(seq 0 "${num_range}"); do
+            if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
+                local uniq_epair="bastille${_num}"
+                local uniq_epair_bridge="${_num}"
+                break
+            fi
+        done
+    else
+        local uniq_epair="bastille0"
+        local uniq_epair_bridge="0"
+    fi
+    if [ -n "${use_unique_bridge}" ]; then
+        ## generate bridge config
+        cat <<-EOF
+  vnet;
+  vnet.interface = "e${uniq_epair_bridge}b_${jail_name}";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
+  exec.prestart += "ifconfig ${external_interface} addm epair${uniq_epair_bridge}a";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${jail_name}";
+  exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${jail_name}";
+  exec.poststop += "ifconfig ${external_interface} deletem e${uniq_epair_bridge}a_${jail_name}";
+  exec.poststop += "ifconfig e${uniq_epair_bridge}a_${jail_name} destroy";
+EOF
+    else
+        ## generate config
+        cat <<-EOF
+  vnet;
+  vnet.interface = e0b_${uniq_epair};
+  exec.prestart += "jib addm ${uniq_epair} ${external_interface}";
+  exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${jail_name}\"";
+  exec.poststop += "jib destroy ${uniq_epair}";
+EOF
+    fi
+}
diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh
index b1b43b42..8f367d05 100644
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -185,28 +185,7 @@ EOF
 }
 
 generate_vnet_jail_conf() {
-    ## determine number of containers + 1
-    ## iterate num and grep all jail configs
-    ## define uniq_epair
-    local jail_list=$(bastille list jails)
-    if [ -n "${jail_list}" ]; then
-        local list_jails_num=$(echo "${jail_list}" | wc -l | awk '{print $1}')
-        local num_range=$((list_jails_num + 1))
-        for _num in $(seq 0 "${num_range}"); do
-            if ! grep -q "e[0-9]b_bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then
-                uniq_epair="bastille${_num}"
-                uniq_epair_bridge="${_num}"
-                break
-            fi
-        done
-    else
-        uniq_epair="bastille0"
-        uniq_epair_bridge="0"
-    fi
-
-   if [ -n "${VNET_JAIL_BRIDGE}" ]; then
-
-   ## generate bridge config
+    NETBLOCK=$(generate_vnet_jail_netblock "$NAME" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}")
     cat << EOF > "${bastille_jail_conf}"
 ${NAME} {
   devfs_ruleset = 13;
@@ -221,41 +200,9 @@ ${NAME} {
   path = ${bastille_jail_path};
   securelevel = 2;
 
-  exec.prestart += "ifconfig epair${uniq_epair_bridge} create";
-  exec.prestart += "ifconfig ${bastille_jail_conf_interface} addm epair${uniq_epair_bridge}a";
-  exec.prestart += "ifconfig epair${uniq_epair_bridge}a up name e${uniq_epair_bridge}a_${NAME}";
-  exec.prestart += "ifconfig epair${uniq_epair_bridge}b up name e${uniq_epair_bridge}b_${NAME}";
-  exec.poststop += "ifconfig ${bastille_jail_conf_interface} deletem e${uniq_epair_bridge}a_${NAME}";
-  exec.poststop += "ifconfig e${uniq_epair_bridge}a_${NAME} destroy";
-  vnet;
-  vnet.interface = "e${uniq_epair_bridge}b_${NAME}";
+${NETBLOCK}
 }
 EOF
-
-   else
-    ## generate config
-    cat << EOF > "${bastille_jail_conf}"
-${NAME} {
-  devfs_ruleset = 13;
-  enforce_statfs = 2;
-  exec.clean;
-  exec.consolelog = ${bastille_jail_log};
-  exec.start = '/bin/sh /etc/rc';
-  exec.stop = '/bin/sh /etc/rc.shutdown';
-  host.hostname = ${NAME};
-  mount.devfs;
-  mount.fstab = ${bastille_jail_fstab};
-  path = ${bastille_jail_path};
-  securelevel = 2;
-
-  vnet;
-  vnet.interface = e0b_${uniq_epair};
-  exec.prestart += "jib addm ${uniq_epair} ${bastille_jail_conf_interface}";
-  exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${NAME}\"";
-  exec.poststop += "jib destroy ${uniq_epair}";
-}
-EOF
-fi
 }
 
 create_jail() {
diff --git a/usr/local/share/bastille/import.sh b/usr/local/share/bastille/import.sh
index 9a450564..8ea0f4de 100644
--- a/usr/local/share/bastille/import.sh
+++ b/usr/local/share/bastille/import.sh
@@ -185,7 +185,13 @@ generate_config() {
             DEVFS_RULESET=${DEVFS_RULESET:-4}
             IS_THIN_JAIL=$(grep -wo '\"basejail\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/basejail://')
             CONFIG_RELEASE=$(grep -wo '\"release\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/release://' | sed 's/\-[pP].*//')
+            IS_VNET_JAIL=$(grep -wo '\"vnet\": .*' "${JSON_CONFIG}" | tr -d '" ,' | sed 's/vnet://')
+            VNET_DEFAULT_INTERFACE=$(grep -wo '\"vnet_default_interface\": \".*\"' "${JSON_CONFIG}" | tr -d '" ' | sed 's/vnet_default_interface://')
             ALLOW_EMPTY_DIRS_TO_BE_SYMLINKED=1
+            if [ "${VNET_DEFAULT_INTERFACE}" = "auto" ]; then
+                # Grab the default ipv4 route from netstat and pull out the interface
+                VNET_DEFAULT_INTERFACE=$(netstat -nr4 | grep default | cut -w -f 4)
+            fi
         fi
     elif [ "${FILE_EXT}" = ".tar.gz" ]; then
         # Gather some bits from foreign/ezjail config files
@@ -198,50 +204,62 @@ generate_config() {
         IS_THIN_JAIL=1
     fi
 
-    # If there are multiple IP/NIC let the user configure network
-    if [ -n "${IPV4_CONFIG}" ]; then
-        if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then
-            NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
-            if [ -z "${NETIF_CONFIG}" ]; then
-                config_netif
+    # See if we need to generate a vnet network section
+    if [ "${IS_VNET_JAIL:-0}" = "1" ]; then
+        NETBLOCK=$(generate_vnet_jail_netblock "${TARGET_TRIM}" "" "${VNET_DEFAULT_INTERFACE}")
+    else
+        # If there are multiple IP/NIC let the user configure network
+        if [ -n "${IPV4_CONFIG}" ]; then
+            if ! echo "${IPV4_CONFIG}" | grep -q '.*,.*'; then
+                NETIF_CONFIG=$(echo "${IPV4_CONFIG}" | grep '.*|' | sed 's/|.*//g')
+                if [ -z "${NETIF_CONFIG}" ]; then
+                    config_netif
+                fi
+                IPX_ADDR="ip4.addr"
+                IP_CONFIG="${IPV4_CONFIG}"
+                IP6_MODE="disable"
             fi
-            IPX_ADDR="ip4.addr"
-            IP_CONFIG="${IPV4_CONFIG}"
-            IP6_MODE="disable"
-        fi
-    elif [ -n "${IPV6_CONFIG}" ]; then
-        if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then
-            NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
-            if [ -z "${NETIF_CONFIG}" ]; then
-                config_netif
-            fi
-            IPX_ADDR="ip6.addr"
-            IP_CONFIG="${IPV6_CONFIG}"
-            IP6_MODE="new"
-        fi
-    elif [ -n "${IPVX_CONFIG}" ]; then
-        if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then
-            NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
-            if [ -z "${NETIF_CONFIG}" ]; then
-                config_netif
-            fi
-            IPX_ADDR="ip4.addr"
-            IP_CONFIG="${IPVX_CONFIG}"
-            IP6_MODE="disable"
-            if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
+        elif [ -n "${IPV6_CONFIG}" ]; then
+            if ! echo "${IPV6_CONFIG}" | grep -q '.*,.*'; then
+                NETIF_CONFIG=$(echo "${IPV6_CONFIG}" | grep '.*|' | sed 's/|.*//g')
+                if [ -z "${NETIF_CONFIG}" ]; then
+                    config_netif
+                fi
                 IPX_ADDR="ip6.addr"
+                IP_CONFIG="${IPV6_CONFIG}"
                 IP6_MODE="new"
             fi
+        elif [ -n "${IPVX_CONFIG}" ]; then
+            if ! echo "${IPVX_CONFIG}" | grep -q '.*,.*'; then
+                NETIF_CONFIG=$(echo "${IPVX_CONFIG}" | grep '.*|' | sed 's/|.*//g')
+                if [ -z "${NETIF_CONFIG}" ]; then
+                    config_netif
+                fi
+                IPX_ADDR="ip4.addr"
+                IP_CONFIG="${IPVX_CONFIG}"
+                IP6_MODE="disable"
+                if echo "${IPVX_CONFIG}" | sed 's/.*|//' | grep -Eq '^(([a-fA-F0-9:]+$)|([a-fA-F0-9:]+\/[0-9]{1,3}$))'; then
+                    IPX_ADDR="ip6.addr"
+                    IP6_MODE="new"
+                fi
+            fi
         fi
-    fi
 
-    # Let the user configure network manually
-    if [ -z "${NETIF_CONFIG}" ]; then
-        NETIF_CONFIG="lo1"
-        IPX_ADDR="ip4.addr"
-        IP_CONFIG="-"
-        IP6_MODE="disable"
-        warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
+        # Let the user configure network manually
+        if [ -z "${NETIF_CONFIG}" ]; then
+            NETIF_CONFIG="lo1"
+            IPX_ADDR="ip4.addr"
+            IP_CONFIG="-"
+            IP6_MODE="disable"
+            warn "Warning: See 'bastille edit ${TARGET_TRIM} jail.conf' for manual network configuration."
+        fi
+
+        NETBLOCK=$(cat <<-EOF
+  interface = ${NETIF_CONFIG};
+  ${IPX_ADDR} = ${IP_CONFIG};
+  ip6 = ${IP6_MODE};
+EOF
+        )
     fi
 
     if [ "${IS_THIN_JAIL:-0}" = "1" ]; then
@@ -277,9 +295,7 @@ ${TARGET_TRIM} {
   path = ${bastille_jailsdir}/${TARGET_TRIM}/root;
   securelevel = 2;
 
-  interface = ${NETIF_CONFIG};
-  ${IPX_ADDR} = ${IP_CONFIG};
-  ip6 = ${IP6_MODE};
+${NETBLOCK}
 }
 EOF
 }