diff --git a/README.md b/README.md
index e67931a..2aa0153 100644
--- a/README.md
+++ b/README.md
@@ -117,6 +117,7 @@ default         172.31.8.1      0.0.0.0         UG    202    0        0 eth0
  * `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
  * `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
  * `internal_interface`: the interface to route your _OWN_ networks to.  This should be the interface where your personal Lixonet subnets are reachable at, or in other words the interface at which the Lixonet EE router can send packets destined to networks you own.  Defaults to `eth0`.
+ * `vip`: virtual IP: a virtual IP address to assign to the Lixonet EE router directly, aside from 172.31.0.8.
 
 #### Tinc options
  * `network_name` - The name of the interface that Tinc should create when it's started.  Defaults to `lixonet`.  Set this for multiple networks.
diff --git a/tinc/tinc-up.tmpl b/tinc/tinc-up.tmpl
index ca9fbb2..5a4d8d7 100644
--- a/tinc/tinc-up.tmpl
+++ b/tinc/tinc-up.tmpl
@@ -1,5 +1,6 @@
 #!/bin/sh
 ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}
+{{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }}{{ end }}
 
 # Enable IPv4 kernel routing/forwarding for this network
 iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
@@ -9,4 +10,4 @@ iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j
 # Prevent spoofing attacks
 iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP
 {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -i \$INTERFACE -s {{.}} -j DROP
-{{ end }}{{ end }}
\ No newline at end of file
+{{ end }}{{ end }}