I hated loosing connectivity so I spent a few days on this till it worked great. Just have your epairs pre-cloned in rc.conf.
Code:
# Generated by rc.d/jail at 2015-10-28 15:24:36
host.hostname = "${name}";
path = "/usr/jails/${name}";
allow.raw_sockets = 1;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.consolelog = "/var/log/jail_${name}_console.log";
mount.fstab = "/etc/fstab.${name}";
mount.devfs;
mount.fdescfs;
mount.procfs;
allow.mount;
allow.set_hostname = 1;
allow.sysvipc = 1;
vnet;
data {
vnet="new";
vnet.interface =epair0b;
exec.prestart +="ifconfig bridge0 addm epair0a";
exec.prestart +="ifconfig epair0a up";
exec.start +="ifconfig epair0b vnet ${name}";
command ="/sbin/ifconfig epair0b inet 10.0.21.1";
command +="route add -inet default 10.0.0.1";
exec.start ="/bin/sh /etc/rc";
exec.prestop +="ifconfig bridge0 deletem epair0a";
exec.stop = "/bin/sh /etc/rc.shutdown";
persist;
}
# Generated by rc.d/jail at 2015-10-28 15:24:36
www {
vnet="new";
vnet.interface =epair1b;
exec.prestart +="ifconfig bridge0 addm epair1a";
exec.prestart +="ifconfig epair1a up";
exec.start +="ifconfig epair1b vnet ${name}";
command ="/sbin/ifconfig epair1b inet 10.0.22.1";
command +="route add -inet default 10.0.0.1";
exec.start ="/bin/sh /etc/rc";
exec.prestop +="ifconfig bridge0 deletem epair1a";
exec.stop = "/bin/sh /etc/rc.shutdown";
persist;
}