diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py
index 5d8326bb32..979b625787 100644
--- a/python/vyos/ifconfig/interface.py
+++ b/python/vyos/ifconfig/interface.py
@@ -615,8 +615,18 @@ def set_vrf(self, vrf: str) -> bool:
 
         # Get current VRF table ID
         old_vrf_tableid = get_vrf_tableid(self.ifname)
-        self.set_interface('vrf', vrf)
 
+        # Always stop the DHCP client process to clean up routes within the VRF
+        # where the process was originally started. There is no need to add a
+        # condition to only call the method if "address dhcp" was defined, as
+        # this is handled inside set_dhcp(v6) by only stopping if the daemon is
+        # running. DHCP client process restart will be handled later on once the
+        # interface is moved to the new VRF.
+        self.set_dhcp(False)
+        self.set_dhcpv6(False)
+
+        # Move interface in/out of VRF
+        self.set_interface('vrf', vrf)
         if vrf:
             # Get routing table ID number for VRF
             vrf_table_id = get_vrf_tableid(vrf)
diff --git a/src/etc/netplug/vyos-netplug-dhcp-client b/src/etc/netplug/vyos-netplug-dhcp-client
index 55d15a163d..83fed70f0e 100755
--- a/src/etc/netplug/vyos-netplug-dhcp-client
+++ b/src/etc/netplug/vyos-netplug-dhcp-client
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2023-2025 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -20,10 +20,11 @@ import sys
 from time import sleep
 
 from vyos.configquery import ConfigTreeQuery
+from vyos.configdict import get_interface_dict
+from vyos.ifconfig import Interface
 from vyos.ifconfig import Section
 from vyos.utils.boot import boot_configuration_complete
 from vyos.utils.commit import commit_in_progress
-from vyos.utils.process import call
 from vyos import airbag
 airbag.enable()
 
@@ -35,28 +36,19 @@ if not boot_configuration_complete():
     airbag.noteworthy("System bootup not yet finished...")
     sys.exit(1)
 
+interface = sys.argv[1]
+# helper scripts should only work on physical interfaces not on individual
+# sub-interfaces. Moving e.g. a VLAN interface in/out a VRF will also trigger
+# this script which should be prohibited - bail out early
+if '.' in interface:
+    sys.exit(0)
+
 while commit_in_progress():
     sleep(1)
 
-interface = sys.argv[1]
 in_out = sys.argv[2]
 config = ConfigTreeQuery()
 
 interface_path = ['interfaces'] + Section.get_config_path(interface).split()
-
-for _, interface_config in config.get_config_dict(interface_path).items():
-    # Bail out early if we do not have an IP address configured
-    if 'address' not in interface_config:
-        continue
-    # Bail out early if interface ist administrative down
-    if 'disable' in interface_config:
-        continue
-    systemd_action = 'start'
-    if in_out == 'out':
-        systemd_action = 'stop'
-    # Start/Stop DHCP service
-    if 'dhcp' in interface_config['address']:
-        call(f'systemctl {systemd_action} dhclient@{interface}.service')
-    # Start/Stop DHCPv6 service
-    if 'dhcpv6' in interface_config['address']:
-        call(f'systemctl {systemd_action} dhcp6c@{interface}.service')
+_, interface_config = get_interface_dict(config, interface_path[:-1], ifname=interface, with_pki=True)
+Interface(interface).update(interface_config)