diff --git a/ansible/roles/jail/files/jails/cloak.conf b/ansible/roles/jail/files/jails/cloak.conf
index 9c413c3..181974f 100644
--- a/ansible/roles/jail/files/jails/cloak.conf
+++ b/ansible/roles/jail/files/jails/cloak.conf
@@ -2,6 +2,7 @@ cloak {
     path = "/jail/main/jails/cloak";
     vnet;
     vnet.interface += "host_link2";
+    vnet.interface += "wg_uplink0";
     devfs_ruleset = 13;
     mount.devfs; # To expose tun device
 
diff --git a/ansible/roles/jail/files/setup_netgraph_odo b/ansible/roles/jail/files/setup_netgraph_odo
index 10a6dfe..7ed26c9 100644
--- a/ansible/roles/jail/files/setup_netgraph_odo
+++ b/ansible/roles/jail/files/setup_netgraph_odo
@@ -4,6 +4,9 @@ cleanup() {
     ngctl shutdown host_link2:
     ngctl shutdown host_uplink0:
     ngctl shutdown host_bridge0:
+    ngctl shutdown wg_link2:
+    ngctl shutdown wg_uplink0:
+    ngctl shutdown wg_bridge0:
 }
 
 setup_netgraph_start() {
@@ -28,6 +31,23 @@ EOF
     ifconfig $(ngctl msg 'host_bridge0:link2' getifname | grep Args | cut -d '"' -f 2) name host_link2
 
     # Create internal bridge for jails that are forced through wireguard
+    ngctl -d -f - <<EOF
+mkpeer . eiface hook ether
+name .:hook wg_uplink0
+EOF
+
+    ngctl -d -f - <<EOF
+mkpeer wg_uplink0: bridge ether link0
+name wg_uplink0:ether wg_bridge0
+EOF
+
+    ngctl -d -f - <<EOF
+mkpeer wg_bridge0: eiface link2 ether
+name wg_bridge0:link2 wg_link2
+EOF
+
+    ifconfig $(ngctl msg 'wg_uplink0:' getifname | grep Args | cut -d '"' -f 2) name wg_uplink0 10.241.199.1/24 up
+    ifconfig $(ngctl msg 'wg_bridge0:link2' getifname | grep Args | cut -d '"' -f 2) name wg_link2
 }
 
 setup_netgraph_stop() {