diff --git a/README.md b/README.md
index cb14d334cd2cf18b653fc558182e07599bc56a82..367cb20473e619d26798440388861af229470bd0 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@ create.py is a python program that generates a vagrant source file from a defini
 - Python 3
 - VirtualBox 6
 - Ansible 2.3.3.0
+- Vagrant 2.2.5
 - Virtualization must be enabled
 - DHCP server for vboxnet0 must be turned off in VirtualBox. It can be done manually in VirtualBox or with the command `$ VBoxManage dhcpserver remove --ifname vboxnet0`
 
@@ -16,7 +17,7 @@ create.py is a python program that generates a vagrant source file from a defini
 2. Install Python dependencies with `pip3 install -r requirements.txt`.
 3. Clone the project.
 4. Navigate to the project folder.
-5. Type `$ python3 create.py sandbox.yml`. 
+5. Type `$ python3 create.py sandbox.yml`. On Windows or in case of an error due to ansible/python use `python3 create.py -l sandbox.yml`. (note: This will rewrite the previously generated Vagrantfile and ansible files.)  
 6. Run `$ vagrant up`
 
 ### Input yaml file structure
@@ -86,11 +87,13 @@ The name of the correct network interface can be different for every box. The su
 - other VirtualBox attributes
 - more complex routing
 
-### Known [issues](https://gitlab.ics.muni.cz/cs4eu/sandbox-creator/issues?label_name%5B%5D=known_issue):
-- after running on Windows the output may contain invalid multibyte chars
+### Known [issues](https://gitlab.ics.muni.cz/cs4eu/sandbox-creator/issues?scope=all&utf8=âś“&state=all&label_name[]=known_issue):
+- After running on Windows the output may contain invalid multibyte chars.
+- Vagrant up can somtimes get stuck on "SSH auth method: private key" in case of "generic/debian10" box or on "SSH auth method: password" in case of "kalilinux/rolling-light" box. This is probably an issue of VirtualBox. In this case try to create the machine again. In case of "kalilinux/rolling-light" remove the line `device.ssh.password = "vagrant"` from the generated Vagrantfile and try to bring it up again.
+- On some machines ansible local (flag -l) can get stuck while connecting to the created virtual machine.
 
 ### Notes
-- tested on Vagrant 2.2.5, VirtualBox 6.0.4 and 6.0.10
+- tested on Vagrant 2.2.5, VirtualBox 6.0.4 and 6.0.10, Ansible 2.3.3.0
 - Vagrantfile and the provision directory contains everything needed by vagrant. Feel free to move them to a different directory after creation. 
 
 ### Credits
diff --git a/big_broker.yml b/big_broker.yml
new file mode 100644
index 0000000000000000000000000000000000000000..72fbd9515c1966a460944966a13367ec4eb9d39a
--- /dev/null
+++ b/big_broker.yml
@@ -0,0 +1,65 @@
+---
+name: big-broker
+hosts:
+  - name: web
+    base_box: generic/debian10
+    memory: 2048
+
+  - name: workstation
+    base_box: generic/debian10
+    memory: 2048
+
+  - name: database
+    base_box: generic/debian10
+    memory: 2048
+
+  - name: attacker
+    base_box: kalilinux/rolling-light
+    memory: 2048
+
+  - name: client
+    base_box: generic/debian10
+    memory: 2048
+
+routers:
+  - name: big-broker-router
+
+  - name: internet-router
+
+networks:
+  - name: big-broker
+    cidr: 172.18.1.0/24
+
+  - name: internet
+    cidr: 10.1.0.0/16
+
+net_mappings:
+  - host: web
+    network: big-broker
+    ip: 172.18.1.5
+
+  - host: workstation
+    network: big-broker
+    ip: 172.18.1.132
+
+  - host: database
+    network: big-broker
+    ip: 172.18.1.14
+
+  - host: attacker
+    network: internet
+    ip: 10.1.135.83
+
+  - host: client
+    network: internet
+    ip: 10.1.17.4
+
+router_mappings:
+  - router: big-broker-router
+    network: big-broker
+    ip: 172.18.1.1
+
+  - router: internet-router
+    network: internet
+    ip: 10.1.0.1
+...
diff --git a/create.py b/create.py
index b3ee2c796e367c3b3988622da3a8f506fa798ca1..5ad7906f65143bf67d7be9a16a1240b1b3ae5591 100644
--- a/create.py
+++ b/create.py
@@ -6,15 +6,27 @@ import jinja2
 
 from modules.file_generator import generate_vagrantfile, generate_ansible_files
 from modules.device_creator import open_file
+from modules.routing import create_border_router
 
-""" Supressing error traceback. """
-sys.tracebacklimit = 0
-
-if len(sys.argv) != 2:
-    print("Error: Expecting 1 argument (yml file).")
+if len(sys.argv) == 3:
+    if str(sys.argv[1]) == "-l":
+        ansible_local = True
+        input_file_name = str(sys.argv[2])
+    elif str(sys.argv[2]) == "-l":
+        ansible_local = True
+        input_file_name = str(sys.argv[1])
+    else:
+        print("Error: Expecting a yml file and optionally a flag -l.")
+        sys.exit()
+elif len(sys.argv) == 2:
+    ansible_local = False
+    input_file_name = str(sys.argv[1])
+else:
+    print("Error: Expecting a yml file and optionally a flag -l.")
     sys.exit()
 
-device_definitions = open_file(str(sys.argv[1]))
+device_definitions = open_file(input_file_name)
+create_border_router(device_definitions)
 
-generate_vagrantfile(device_definitions)
+generate_vagrantfile(device_definitions, ansible_local)
 generate_ansible_files(device_definitions)
diff --git a/modules/ansible_data_generator.py b/modules/ansible_data_generator.py
index e720a48bee149a0885d66fe17067b55c9e97fec0..99e8ee4a09a865f35f17c7eb21135506d539e373 100644
--- a/modules/ansible_data_generator.py
+++ b/modules/ansible_data_generator.py
@@ -2,14 +2,16 @@ from modules.device_creator import open_file
 
 INTERFACE_FILE = "name_mapping/interface.yml"
 
-def create_network_map(net_mappings, router_mappings):
+def create_network_map(definitions):
     """ Creates a structure with network topology for Jinja2 template. """
 
     routings = []
 
-    for router_mapping in router_mappings:
+    for router_mapping in definitions["router_mappings"]:
         routing = dict()
         routing["router_name"] = router_mapping["router"]
+        routing["router_network"] = router_mapping["network"]
+        routing["router_network_ip"] = _find_network_ip(router_mapping["network"], definitions)
         routing["router_ip"] = router_mapping["ip"]
         routings.append(routing)
 
@@ -21,6 +23,10 @@ def _find_router_ip(network_name, router_mappings):
         if router_mapping["network"] == network_name:
             return router_mapping["ip"]
 
+def _find_network_ip(network_name, definitions):
+    for network in definitions["networks"]:
+        if network["name"] == network_name:
+            return network["cidr"]
 
 def _find_interface(host_name, hosts):
 
diff --git a/modules/device_creator.py b/modules/device_creator.py
index a6c8abbf6ef781515852ac3741137b894ee761af..12f67b6064f2c9a0c621f1854ac0dc04bb40b170 100644
--- a/modules/device_creator.py
+++ b/modules/device_creator.py
@@ -31,8 +31,17 @@ def _add_provisioning(hostname, host_definitions):
     except IOError:
         pass
 
+def _add_rsync(box, host_name, definitions):
+    """ add rsync to debian machines """
 
-def _create_hosts(yml, mappings, flavors):
+    if box == "generic/debian10":
+        definitions[host_name].append("# standard shared folder doesn't work on debian")
+        definitions[host_name].append("device.vm.synced_folder \".\", \"/vagrant\", type: \"rsync\", rsync__exclude: \".git/\"")
+    
+    if box == "kalilinux/rolling-light":
+        definitions[host_name].append("device.ssh.password = \"vagrant\"")
+
+def _create_hosts(yml, mappings, flavors, ansible_local):
     """ Creates a dictionary with formatted definition of each host. """
     host_definitions = {}
 
@@ -44,28 +53,32 @@ def _create_hosts(yml, mappings, flavors):
         add_prov_attributes(
             host, flavors, mappings['need_provider'], host_definitions)
         _add_provisioning(host["name"], host_definitions)
+        if ansible_local:
+            _add_rsync(host["base_box"], host["name"], host_definitions)
 
     return host_definitions
 
 
-def _create_routers(yml):
+def _create_routers(yml, ansible_local):
     """ Creates a dictionary with formatted definition of each router. """
     router_definitions = {}
 
     for router in yml['routers']:
         router_definitions[router['name']] = []
         add_router_ip(router["name"], yml, router_definitions)
-        add_router_specification(router, router_definitions)
+        add_router_specification(router, router_definitions, ansible_local)
+        if ansible_local:
+            _add_rsync("generic/debian10", router["name"], router_definitions)
 
     return router_definitions
 
 
-def create_devices(definitions):
+def create_devices(definitions, ansible_local):
     """ Returns a merged dictionary of host and router definitions. """
 
     mappings = open_file(MAPPING_FILE)
     flavors = open_file(FLAVORS_FILE)
 
     return {
-        **_create_hosts(definitions, mappings, flavors),
-        **_create_routers(definitions)}
+        **_create_hosts(definitions, mappings, flavors, ansible_local),
+        **_create_routers(definitions, ansible_local)}
diff --git a/modules/file_generator.py b/modules/file_generator.py
index e748bbe1f781516d3ec652e11ae87a683f99544d..d73861e69095902cdff418c15719fe3962cbd528 100644
--- a/modules/file_generator.py
+++ b/modules/file_generator.py
@@ -3,7 +3,7 @@ import os
 
 from modules.device_creator import create_devices
 from modules.ansible_data_generator import create_network_map, create_host_map, create_network_ips
-
+from modules.routing import BORDER_ROUTER_IP, BORDER_ROUTER_NAME, BORDER_ROUTER_NETWORK_NAME, BORDER_ROUTER_PUBLIC_IP
 
 def _load_template(template_name):
     """ Returns a loaded jinja2 template. """
@@ -23,23 +23,23 @@ def _generate_file(filename, output_string):
         print("Error: cannot write to this location.")
 
 
-def _create_role_directory(role_name):
+def _create_role_directory(role_name, provisioning_dir):
     """ Creates directory structure for a role. """
 
     try:
-        os.mkdir("provisioning")
+        os.mkdir(provisioning_dir)
     except FileExistsError:
         pass
     try:
-        os.mkdir("provisioning/roles")
+        os.mkdir(provisioning_dir + "/roles")
     except FileExistsError:
         pass
     try:
-        os.mkdir("provisioning/roles/" + role_name)
+        os.mkdir(provisioning_dir + "/roles/" + role_name)
     except FileExistsError:
         pass
     try:
-        os.mkdir("provisioning/roles/" + role_name +"/tasks")
+        os.mkdir(provisioning_dir + "/roles/" + role_name +"/tasks")
     except FileExistsError:
         pass
 
@@ -54,13 +54,13 @@ def _find_user_ansible_files(definitions):
 
     return host_names
 
-def generate_vagrantfile(definitions):
+def generate_vagrantfile(definitions, ansible_local):
     """ Writes the prepared output to a Vagrantfile. """
-    
-    device_definitions = create_devices(definitions)
+   
+    device_definitions = create_devices(definitions, ansible_local)
     user_ansible_files = _find_user_ansible_files(definitions)
     template = _load_template("vagrantfile")
-    output = template.render(devices=device_definitions, user_files=user_ansible_files)
+    output = template.render(devices=device_definitions, user_files=user_ansible_files, ansible_local=ansible_local)
     _generate_file("Vagrantfile", output)
     
     print("Info: Vagrantfile successfully created.")
@@ -70,12 +70,10 @@ def _generate_playbook(definitions):
     """ Generates the main playbook. """
 
     host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
-    network = create_network_map(
-            definitions["net_mappings"], definitions["router_mappings"])
-    network_ips = create_network_ips(definitions["networks"])
+    network = create_network_map(definitions)
     
     template = _load_template("playbook")
-    output = template.render(hosts=host_map, routers=network, network_ips=network_ips)
+    output = template.render(hosts=host_map, routers=network)
 
     try:
         os.mkdir("provisioning")
@@ -89,19 +87,18 @@ def _generate_device_configuration(definitions):
     """ Generates a playbook with basic device configutarion. """
 
     host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
-    network = create_network_map(
-            definitions["net_mappings"], definitions["router_mappings"]) 
+    network = create_network_map(definitions) 
     network_ips = create_network_ips(definitions["networks"])
 
     template = _load_template("device_configuration")
-    output = template.render(hosts=host_map, routers=network, network_ips=network_ips)
+    output = template.render(hosts=host_map, routers=network, network_ips=network_ips, border_router_name = BORDER_ROUTER_NAME)
 
     try:
-        os.mkdir("provisioning")
+        os.mkdir("base_provisioning")
     except FileExistsError:
         pass
 
-    _generate_file("./provisioning/device_configuration.yml", output)
+    _generate_file("./base_provisioning/device_configuration.yml", output)
 
 
 def _generate_hosts_role(definitions):
@@ -109,16 +106,47 @@ def _generate_hosts_role(definitions):
 
     host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
 
-    network = create_network_map(
-            definitions["net_mappings"], definitions["router_mappings"])
+    network = create_network_map(definitions)
 
     template = _load_template("hosts")
     output = template.render(hosts=host_map, routers=network)
 
-    _create_role_directory("hosts")
+    _create_role_directory("hosts", "base_provisioning")
+    _generate_file("./base_provisioning/roles/hosts/tasks/main.yml", output)
+    
+    user_template = _load_template("user_hosts")
+    user_output = template.render()
+
+    _create_role_directory("hosts", "provisioning")
     _generate_file("./provisioning/roles/hosts/tasks/main.yml", output)
 
 
+def _generate_separate_hosts_role(definitions):
+    """ Generate roles for separate host devices. """
+    
+    host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
+
+    for host in definitions["hosts"]:
+
+        for host_attributes in host_map:
+            if host_attributes["host_name"] == host["name"]:
+                host_name = host_attributes["host_name"]
+                router_ip = host_attributes["router_ip"]
+                interface = host_attributes["interface"]
+
+        template = _load_template("separate_hosts")
+        output = template.render(host_name=host_name, router_ip=router_ip, interface=interface)
+
+        _create_role_directory(host["name"], "base_provisioning")
+        _generate_file("./base_provisioning/roles/" + host["name"]  + "/tasks/main.yml", output)
+
+
+        template = _load_template("user_separate_hosts")
+        output = template.render(host_name=host_name)
+
+        _create_role_directory(host["name"], "provisioning")
+        _generate_file("./provisioning/roles/" + host["name"]  + "/tasks/main.yml", output)
+
 def _generate_routers_role(definitions):
     """ Generates routers role. """
 
@@ -128,14 +156,52 @@ def _generate_routers_role(definitions):
 
     host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
 
-    network = create_network_map(
-            definitions["net_mappings"], definitions["router_mappings"]) 
+    network = create_network_map(definitions) 
 
     template = _load_template("routers")
-    output = template.render(hosts=host_map, routers=network)
+    output = template.render(hosts=host_map, routers=network, border_router_ip=BORDER_ROUTER_IP)
+
+    _create_role_directory("routers", "base_provisioning")
+    _generate_file("./base_provisioning/roles/routers/tasks/main.yml", output)
+
+
+def _find_cidr(network_name, definitions):
+    """ Finds cidr of a network from name. """
+
+    for network in definitions["networks"]:
+        if network["name"] == network_name:
+            return network["cidr"]
+
+def _get_br_routers(definitions):
+    """ Returns a list of router ips that are in the border router network. """
+
+    br_mappings = dict()
+    for router_mapping in definitions["router_mappings"]:
+        if router_mapping["network"] == BORDER_ROUTER_NETWORK_NAME:
+            for router_mapping2 in definitions["router_mappings"]:
+                if router_mapping["router"] == router_mapping2["router"] and router_mapping["network"] != router_mapping2["network"]:
+                    br_mappings[_find_cidr(router_mapping2["network"], definitions)] = router_mapping["ip"]
+
+    return br_mappings
+
+def _generate_br_role(definitions):
+    """ Generates br role. """
+
+    if not definitions['routers'] or not definitions['router_mappings']:
+        print("Info: No router definition was found. Skipping border router creation.")
+        return
+
+    network = create_network_map(definitions) 
+    
+    host_map = create_host_map(definitions["net_mappings"], definitions["router_mappings"], definitions["hosts"])
+
+    routers_in_br_network = _get_br_routers(definitions)
+
+    template = _load_template("br")
+    output = template.render(hosts = host_map, routers=network, br_routes=routers_in_br_network, border_router_name=BORDER_ROUTER_NAME, border_router_public_ip=BORDER_ROUTER_PUBLIC_IP)
 
-    _create_role_directory("routers")
-    _generate_file("./provisioning/roles/routers/tasks/main.yml", output)
+    _create_role_directory("br", "base_provisioning")
+    _generate_file("./base_provisioning/roles/br/tasks/main.yml", output)
 
 
 def generate_ansible_files(device_definitions):
@@ -144,6 +210,8 @@ def generate_ansible_files(device_definitions):
     _generate_playbook(device_definitions)
     _generate_device_configuration(device_definitions)
     _generate_hosts_role(device_definitions)
+    _generate_separate_hosts_role(device_definitions)
     _generate_routers_role(device_definitions)
+    _generate_br_role(device_definitions)
 
     print("Info: Ansible files successfully created.")
diff --git a/modules/network_parser.py b/modules/network_parser.py
index 8de9a8a9bc3df6c420e4b34f8be38a8b6cddbcec..a7224025003e77dd926ce0809e41df667cf94817 100644
--- a/modules/network_parser.py
+++ b/modules/network_parser.py
@@ -1,6 +1,7 @@
 """ This module handles network creation. """
 
 import sys
+from modules.routing import BORDER_ROUTER_NAME, BORDER_ROUTER_PUBLIC_IP
 
 
 def _find_networks(hostname, mappings, device_type):
@@ -50,9 +51,11 @@ def _add_interfaces(hostname, mapping, device_type, networks, definitions):
     definitions[hostname].append(
         "device.vm.network :private_network, ip: \"" + mapping["ip"]
         + "\", virtualbox__intnet: \"" + mapping["network"] + "\"")
+    
+    if hostname == BORDER_ROUTER_NAME:
+        definitions[BORDER_ROUTER_NAME].append("device.vm.network :public_network, ip: \" " + BORDER_ROUTER_PUBLIC_IP + "\"") 
 
-    if device_type == "host":
-        _add_netmask(hostname, mapping["network"], networks, definitions)
+    _add_netmask(hostname, mapping["network"], networks, definitions)
 
 def add_networks(hostname, yml, definitions):
     """ Adds ip address and natmask to a host. """
diff --git a/modules/provider.py b/modules/provider.py
index c4b6941783fb31150aedb535733a408ef37628d9..5bf02fc1d53ffa0c3de5d24fdd543df44055f803 100644
--- a/modules/provider.py
+++ b/modules/provider.py
@@ -48,7 +48,7 @@ def add_prov_attributes(host, flavors, provider_attributes, definitions):
         definitions[host['name']].append("end")
 
 
-def add_router_specification(router, definitions):
+def add_router_specification(router, definitions, ansible_local):
     """ Adds the default specification for a router. """
 
     router_box = "generic/debian10"
diff --git a/modules/routing.py b/modules/routing.py
new file mode 100644
index 0000000000000000000000000000000000000000..f1b556f0b45f4292075b1c8c56ffe352f2f80ca0
--- /dev/null
+++ b/modules/routing.py
@@ -0,0 +1,73 @@
+import sys
+
+BORDER_ROUTER_NAME = "br"
+BORDER_ROUTER_IP = "172.18.0.1"
+BORDER_ROUTER_PUBLIC_IP = "172.18.10.1"
+BORDER_ROUTER_NETWORK_NAME = "BR"
+BORDER_ROUTER_NETWORK_IP = "172.18.0.0/24"
+
+def _are_br_parameters_free(definitions):
+    """ Checks if border router parameters are not already taken. """
+
+    for host in definitions["hosts"]:
+        if host["name"] == BORDER_ROUTER_NAME:
+            return False
+
+    for router in definitions["routers"]:
+        if router["name"] == BORDER_ROUTER_NAME:
+            return False
+    
+    for network in definitions["networks"]:
+        if network["name"] == BORDER_ROUTER_NETWORK_NAME or network["cidr"] == BORDER_ROUTER_NETWORK_IP:
+            return False
+
+    for net_mapping in definitions["net_mappings"]:
+        if net_mapping["ip"] == BORDER_ROUTER_IP:
+            return False
+
+
+    for router_mapping in definitions["router_mappings"]:
+        if router_mapping["ip"] == BORDER_ROUTER_IP:
+            return False
+
+    return True
+
+
+def _create_mappings_to_border_router(definitions):
+    """ Creates router_mapping entries from routers to border router. """
+
+    for router in definitions["routers"]:
+        num = definitions["routers"].index(router) + 5
+        if num > 255:
+            print("Error: too many routers.")
+            sys.exit(1)
+
+        ip = BORDER_ROUTER_IP[:(0-len(str(num)))]
+        ip += str(num)
+
+        definitions["router_mappings"].append({"router":router["name"]
+                                              ,"network":BORDER_ROUTER_NETWORK_NAME
+                                              ,"ip":ip}) 
+        
+
+def create_border_router(definitions):
+    """ Adds the definition of border router to definitions """
+
+    # TODO this should be later moved to input check
+    if not _are_br_parameters_free:
+        print("Error: Device parameter conflict.")
+
+    """ Last number in the ip of routers in border network. """
+    router_n = 5
+
+    _create_mappings_to_border_router(definitions)
+        
+
+    definitions["routers"].append({"name":BORDER_ROUTER_NAME })
+    definitions["networks"].append({"name":BORDER_ROUTER_NETWORK_NAME
+                                    ,"cidr":BORDER_ROUTER_NETWORK_IP})
+    definitions["router_mappings"].append({"router":BORDER_ROUTER_NAME
+                                          ,"network":BORDER_ROUTER_NETWORK_NAME
+                                          ,"ip":BORDER_ROUTER_IP} )
+
+
diff --git a/name_mapping/interface.yml b/name_mapping/interface.yml
index 9761b225a446b5ec75d2ab8a733c0f89404d5ee6..b675069d546ccf754b9c2ea5a5000dabe4c82f75 100644
--- a/name_mapping/interface.yml
+++ b/name_mapping/interface.yml
@@ -2,3 +2,4 @@ kalilinux/rolling-light: eth1
 xubuntu-16.04-desktop-amd64: eth1
 ubuntu/xenial64: enp0s8
 acntech/xubuntu-developer: enp0s8
+debian/contrib-jessie64: eth1
diff --git a/templates/br b/templates/br
new file mode 100644
index 0000000000000000000000000000000000000000..570104710ca254c62eeefeb5c0fd1ab8b56b4ba4
--- /dev/null
+++ b/templates/br
@@ -0,0 +1,40 @@
+---
+# Configuration for the border router
+
+- name: Enable IP forwarding
+  copy:
+    dest: "/etc/sysctl.conf"
+    content: "net.ipv4.ip_forward=1"
+
+- name: Restarting procps service
+  command: /etc/init.d/procps restart
+
+{% for host in hosts %}
+- name: Add {{ host.host_name }} alias
+  lineinfile:
+    path: /etc/hosts
+    line: {{ host.host_ip }} {{ host.host_name }}
+
+{% endfor %}
+{% for router in routers %}
+- name: Add {{ router.router_name }} alias
+  lineinfile:
+    path: /etc/hosts
+    line: {{ router.router_ip }} {{ router.router_name }}
+
+{% endfor %}
+
+{% for target_cidr, router_ip in br_routes.items() %} 
+- name: Add routing to network {{ target_cidr }} 
+  command: route add -net {{ target_cidr }} gw {{ router_ip }} eth1
+{% endfor %}
+
+- name: Add postrouting
+  # ssh connection fails without async after execution of iptables commands
+  shell: "sleep 2 && sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source {{ border_router_public_ip }}"
+  async: 1
+  poll: 0
+
+- name: Save postrouting rule
+  command: su -c 'iptables-save > /etc/iptables.rules'
+...
diff --git a/templates/device_configuration b/templates/device_configuration
index 73a852fe23a6ad5db658fbe1de3a385b43a7718b..e8ba8322319433a12718201c9e7823f43b14a95a 100644
--- a/templates/device_configuration
+++ b/templates/device_configuration
@@ -7,18 +7,34 @@
   roles:
     - hosts
 
+{% for host in hosts %}
+- name: Configuring host {{ host.host_name }} separately
+  hosts: {{ host.host_name }}
+  become: yes
+  roles:
+    - {{ host.host_name }}
+
+{% endfor %}
 {% for host in hosts %}
 - name: Configuring host {{ host.host_name }}
   hosts: {{ host.host_name }}
   become: yes
   tasks:
-  - name: Change default gateway
-    command: route add default gw {{ host.router_ip }} {{ host.interface }}
+{% for network_ip in network_ips %}
+  - name: Add gateway for {{ network_ip }}
+    command: route add -net {{ network_ip }} gw {{ host.router_ip }} {{ host.interface }}
+{% endfor %}
 
 {% endfor %}
 - name: Configuring all routers
-  hosts: {{ routers|map(attribute='router_name')|unique|join(',') }}
+  hosts: {{ routers|map(attribute='router_name')|unique|reject('eq', border_router_name)|join(',') }}
   become: yes
   roles:
     - routers
+
+- name: Configuring border router
+  hosts: {{ border_router_name }}
+  become: yes
+  roles:
+    - br
 ...
diff --git a/templates/hosts b/templates/hosts
index 7ec4b06d1cb50d78bbeb36dd935879df7ea9cbac..e9254f11c31650636be65efaf1f4cdc53326191e 100644
--- a/templates/hosts
+++ b/templates/hosts
@@ -1,5 +1,5 @@
 ---
-# Configuration of all host devices
+# Basic configuration of all host devices
 
 - name: Install net-tools
   command: apt install net-tools
@@ -18,4 +18,7 @@
     line: {{ router.router_ip }} {{ router.router_name }}
 
 {% endfor %}
+
+- name: Delete default gateway
+  command: route del default
 ...
diff --git a/templates/playbook b/templates/playbook
index cfe188a59a72408645ea38f871339d4b5b7d9110..7f3e1c7089a960a7da5b952b974f818a23081acf 100644
--- a/templates/playbook
+++ b/templates/playbook
@@ -1,33 +1,12 @@
 ---
-# Main ansible playbook
-
-#- import_playbook: device_configuration.yml - for new version
-
-- name: Configuring all hosts
-  hosts: {{ hosts|map(attribute='host_name')|unique|join(',') }}
-  become: yes
-  roles:
-    - hosts
-
-{% for host in hosts %}
-- name: Configuring host {{ host.host_name }}
-  hosts: {{ host.host_name }}
-  become: yes
-  tasks:
-{% for network_ip in network_ips %} 
-  - name: Add gateway for {{ network_ip }}
-    command: route add -net {{ network_ip }} gw {{ host.router_ip }} {{ host.interface }}
-{% endfor %}
-
-
-{% endfor %}
-- name: Configuring all routers
-  hosts: {{ routers|map(attribute='router_name')|unique|join(',') }}
-  become: yes
-  roles:
-    - routers
-
+# Main user ansible playbook
 # Write your custom configuration here:
 
+- name: Hello world
+  hosts: all
+  tasks:
 
+    - name: print hello world
+      debug:
+        msg: "Hello World"
 ...
diff --git a/templates/routers b/templates/routers
index 88a4207a4b61b42d98dde36d273a8d71595ae16e..01f390d6dece8929ead4c09d6144659bc2ac05aa 100644
--- a/templates/routers
+++ b/templates/routers
@@ -23,4 +23,9 @@
     line: {{ router.router_ip }} {{ router.router_name }}
 
 {% endfor %}
+- name: Delete default gateway
+  command: route del default
+
+- name: Add default path to border router
+  command: route add default gw {{ border_router_ip }} eth2
 ...
diff --git a/templates/separate_hosts b/templates/separate_hosts
new file mode 100644
index 0000000000000000000000000000000000000000..42e3f8076cb7cd468c1bf1cfb87f295d4ddbac46
--- /dev/null
+++ b/templates/separate_hosts
@@ -0,0 +1,6 @@
+---
+# Role for the host {{ host_name }}
+
+- name: Add default path to router
+  command: route add default gw {{ router_ip }} {{ interface }}
+...
diff --git a/templates/user_hosts b/templates/user_hosts
new file mode 100644
index 0000000000000000000000000000000000000000..0dccf70c06e2ec8580828c2c8c6693e870030b59
--- /dev/null
+++ b/templates/user_hosts
@@ -0,0 +1,8 @@
+---
+# This is a role for all hosts.
+# You can write your tasks here.
+# These changes will affect all hosts.
+
+
+
+...
diff --git a/templates/user_separate_hosts b/templates/user_separate_hosts
new file mode 100644
index 0000000000000000000000000000000000000000..f49a8bafc9297f21682d4a170677d597336f6544
--- /dev/null
+++ b/templates/user_separate_hosts
@@ -0,0 +1,8 @@
+---
+# This is a role for the host {{ host_name }}.
+# You can write your tasks here.
+# These changes will affect only the host {{ host_name }}.
+
+
+
+...
diff --git a/templates/vagrantfile b/templates/vagrantfile
index c6dc87ac323c84fb3bb77fecef40e8906a11b12d..946446c71fc08127a3026740579c095125186d20 100644
--- a/templates/vagrantfile
+++ b/templates/vagrantfile
@@ -19,17 +19,29 @@ Vagrant.configure("2") do |config|
 {{ printAttributes(name) }}  end
 {% endfor %}
 
-  # configuration of devices with ansible
-  config.vm.provision "ansible" do |ansible|
+  # basic ansible configuration of devices and networks
+  config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible|
+    ansible.playbook = "base_provisioning/device_configuration.yml"
+    ansible.verbose = true
+    ansible.extra_vars = {
+      ansible_python_interpreter: "/usr/bin/python3",
+    }
+  end
+
+
+  # user configuration of devices with ansible
+  config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible|
     ansible.playbook = "provisioning/playbook.yml"
+    ansible.verbose = true
     ansible.extra_vars = {
       ansible_python_interpreter: "/usr/bin/python3",
     }
   end
 
   {% for name in user_files %}
-  config.vm.provision "ansible" do |ansible|
+  config.vm.provision :ansible{% if ansible_local %}_local{% endif %} do |ansible|
     ansible.playbook = "provisioning/{{ name }}.yml"
+    ansible.verbose = true
     ansible.extra_vars = {
       ansible_python_interpreter: "/usr/bin/python3",
     }