diff --git a/templates/secure-tunnel.service b/templates/secure-tunnel.service
new file mode 100644
index 0000000..4077b34
--- /dev/null
+++ b/templates/secure-tunnel.service
@@ -0,0 +1,19 @@
+# Must be sent to /etc/systemd/system
+[Unit]
+Description=Setup a secure tunnel to %I
+After=network.target
+
+[Service]
+User=ansusr
+Environment="LOCAL_ADDR=localhost"
+EnvironmentFile=/etc/default/secure-tunnel@%i
+#ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${LOCAL_ADDR}:${LOCAL_PORT}:localhost:${REMOTE_PORT} ${TARGET}
+#ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${TARGET}
+ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${TARGET}
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+RestartSec=5
+Restart=always
+
+[Install]
+WantedBy=multi-user.target