diff --git a/lib/puppet/parser/functions/ipaddresses.rb b/lib/puppet/parser/functions/ipaddresses.rb
index 2f27fe6..9d9ff6c 100644
--- a/lib/puppet/parser/functions/ipaddresses.rb
+++ b/lib/puppet/parser/functions/ipaddresses.rb
@@ -1,54 +1,41 @@
 module Puppet::Parser::Functions
   newfunction(:ipaddresses, type: :rvalue, doc: <<-EOS
   Returns all ip addresses of network interfaces (except lo) found by facter.
   Special network interfaces (e.g. docker0) can be excluded by an exclude list as
   first argument for this function.
 EOS
              ) do |args|
-    interfaces = lookupvar('interfaces')
+    networking = lookupvar('networking')
 
+    # always exclude loopback interface
+    interfaces_exclude = ['lo']
     if args.size == 1
       unless args[0].is_a?(Array)
-        raise(Puppet::ParseError, 'ipaddresses(): Requires first argument to be a Array')
+        raise(Puppet::ParseError, 'ipaddresses(): Requires first argument to be an Array')
       end
-      interfaces_exclude = args[0]
-    else
-      interfaces_exclude = []
+      interfaces_exclude << args[0]
     end
 
-    # In Puppet v2.7, lookupvar returns :undefined if the variable does
-    # not exist.  In Puppet 3.x, it returns nil.
-    # See http://docs.puppetlabs.com/guides/custom_functions.html
-    return false if interfaces.nil? || interfaces == :undefined
+    return false if not networking.include?('interfaces')
 
     result = []
-    if interfaces.count(',') > 0
-      interfaces = interfaces.split(',')
-      interfaces.each do |iface|
-        next if iface.include?('lo')
-        skip_iface = false
-        interfaces_exclude.each do |iface_exclude|
-          skip_iface = true if iface.include?(iface_exclude)
+    networking['interfaces'].each do |iface, data|
+      # skip excluded interfaces
+      next if interfaces_exclude.include?(iface)
+
+      ['bindings', 'bindings6'].each do |binding_type|
+        next if not data.key?(binding_type)
+        data[binding_type].each do |binding|
+          next if not binding.key?('address')
+          result << binding['address']
         end
-        next if skip_iface == true
-        ipaddr = lookupvar("ipaddress_#{iface}")
-        ipaddr6 = lookupvar("ipaddress6_#{iface}")
-        result << ipaddr if ipaddr && (ipaddr != :undefined)
-        result << ipaddr6 if ipaddr6 && (ipaddr6 != :undefined)
-      end
-    else
-      unless interfaces.include?('lo')
-        ipaddr = lookupvar("ipaddress_#{interfaces}")
-        ipaddr6 = lookupvar("ipaddress6_#{interfaces}")
-        result << ipaddr if ipaddr && (ipaddr != :undefined)
-        result << ipaddr6 if ipaddr6 && (ipaddr6 != :undefined)
       end
     end
 
     # Throw away any v6 link-local addresses
     fe8064 = IPAddr.new('fe80::/64')
     result.delete_if { |ip| fe8064.include? IPAddr.new(ip) }
 
-    return result
+    return result.uniq
   end
 end
diff --git a/manifests/hostkeys.pp b/manifests/hostkeys.pp
index aead666..7816937 100644
--- a/manifests/hostkeys.pp
+++ b/manifests/hostkeys.pp
@@ -1,70 +1,72 @@
 # Class ssh::hostkeys
 class ssh::hostkeys(
-  Boolean          $export_ipaddresses = true,
-  Optional[String] $storeconfigs_group = undef,
-  Array            $extra_aliases      = [],
-  Array            $exclude_interfaces = [],
+  Boolean          $export_ipaddresses  = true,
+  Optional[String] $storeconfigs_group  = undef,
+  Array            $extra_aliases       = [],
+  Array            $exclude_interfaces  = [],
+  Array            $exclude_ipaddresses = [],
 ) {
 
   if $export_ipaddresses == true {
     $ipaddresses  = ipaddresses($exclude_interfaces)
-    $host_aliases = flatten([ $::fqdn, $::hostname, $extra_aliases, $ipaddresses ])
+    $ipaddresses_real = delete($ipaddresses, $exclude_ipaddresses)
+    $host_aliases = unique(flatten([ $::fqdn, $::hostname, $extra_aliases, $ipaddresses_real ]))
   } else {
-    $host_aliases = flatten([ $::fqdn, $::hostname, $extra_aliases])
+    $host_aliases = unique(flatten([ $::fqdn, $::hostname, $extra_aliases]))
   }
 
   if $storeconfigs_group {
     tag 'hostkey_all', "hostkey_${storeconfigs_group}"
   }
 
   if defined('$::sshdsakey') {
     @@sshkey { "${::fqdn}_dsa":
       ensure       => present,
       host_aliases => $host_aliases,
       type         => dsa,
       key          => $::sshdsakey,
     }
   } else {
     @@sshkey { "${::fqdn}_dsa":
       ensure => absent,
     }
   }
   if defined('$::sshrsakey') {
     @@sshkey { "${::fqdn}_rsa":
       ensure       => present,
       host_aliases => $host_aliases,
       type         => rsa,
       key          => $::sshrsakey,
     }
   } else {
     @@sshkey { "${::fqdn}_rsa":
       ensure => absent,
     }
   }
   if defined('$::sshecdsakey') {
     @@sshkey { "${::fqdn}_ecdsa":
       ensure       => present,
       host_aliases => $host_aliases,
       type         => 'ecdsa-sha2-nistp256',
       key          => $::sshecdsakey,
     }
   } else {
     @@sshkey { "${::fqdn}_ecdsa":
       ensure => absent,
       type   => 'ecdsa-sha2-nistp256',
     }
   }
   if defined('$::sshed25519key') {
     @@sshkey { "${::fqdn}_ed25519":
       ensure       => present,
       host_aliases => $host_aliases,
       type         => 'ed25519',
       key          => $::sshed25519key,
     }
   } else {
     @@sshkey { "${::fqdn}_ed25519":
       ensure => absent,
       type   => 'ed25519',
     }
   }
 }