diff --git a/Makefile b/Makefile
index af87c9e..e518027 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,14 @@
 SCRIPT := gre-on-wg.sh
 SCRIPT_NAME := $(SCRIPT:.sh=)
 PREFIX ?= /usr/local
+PREFIX_UNIT ?= /etc
 
-install: install-bin
+install: install-bin install-unit
 
 install-bin: $(SCRIPT)
-	install -D -m 0755 -o root -g root -T $(SCRIPT) $(PREFIX)/bin/$(SCRIPT_NAME)
+	install -D -m 0755 -o root -g root -T $< $(PREFIX)/bin/$(SCRIPT_NAME)
 
-.PHONY: install install-bin
+install-unit: gre-on-wg.target gre-on-wg@.service
+	install -D -m 0644 -o root -g root $^ $(PREFIX_UNIT)/systemd/system
+
+.PHONY: install install-bin install-unit
diff --git a/gre-on-wg.sh b/gre-on-wg.sh
index 824458a..5ddc1c3 100755
--- a/gre-on-wg.sh
+++ b/gre-on-wg.sh
@@ -2,6 +2,8 @@
 
 set -euo pipefail
 
+_="${DEBUG:=}"
+
 strstrip() {
     sed -E -e 's/^\s*//' -e 's/\s*$//'
 }
@@ -90,17 +92,30 @@ create_networks() {
     finish_br "$br_name" "$local_ip_trans"
 }
 
-main() {
+up() {
     local filepath translation_filepath
     local r local_ip remote_ips local_ip_trans
     filepath="$1"
+    translation_filepath=
     if [[ "$filepath" =~ .*/.* ]]; then
         # path, not a name, leave as is
         :
     else
-        filepath="/etc/wireguard/$filepath"
+        if [[ $# -eq 1 ]]; then
+            translation_filepath="$filepath"
+        fi
+        filepath="/etc/wireguard/$filepath.conf"
+    fi
+
+    if [[ -z "$translation_filepath" ]]; then
+        translation_filepath="$2"
+        if [[ "$translation_filepath" =~ .*/.* ]]; then
+            # path, not a name, leave as is
+            :
+        else
+            translation_filepath="/etc/gre-on-wg/$filepath.conf"
+        fi
     fi
-    translation_filepath="$(sort <<< "$2" | uniq)"
 
     r="$(read_wg_conf "$filepath")"
     local_ip="$(head -n1 <<< "$r")"
@@ -112,4 +127,20 @@ main() {
     create_networks "$(basename --suffix='.conf' "$filepath")" "$local_ip" "$local_ip_trans" "$remote_ips"
 }
 
-main "$@"
+down() {
+    local filepath
+    local wg_name link
+    filepath="$1"
+    if [[ "$filepath" =~ .*/.* ]]; then
+        # path, not a name, leave as is
+        :
+    else
+        filepath="/etc/wireguard/$filepath.conf"
+    fi
+    wg_name="$(basename --suffix=.conf "$filepath")"
+    for link in $(ip link list | grep -Eo '^[0-9]+:\s+wg0[^:@]+' | sed -E 's/[0-9]+:\s+//'); do
+        $DEBUG ip link del "$link"
+    done
+}
+
+"$@"
diff --git a/gre-on-wg.target b/gre-on-wg.target
new file mode 100644
index 0000000..fcd3219
--- /dev/null
+++ b/gre-on-wg.target
@@ -0,0 +1,2 @@
+[Unit]
+Description=GRETAP over wg-quick
diff --git a/gre-on-wg@.service b/gre-on-wg@.service
new file mode 100644
index 0000000..fc931ac
--- /dev/null
+++ b/gre-on-wg@.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=GRETAP over wg-quick network for %I
+After=wg-quick@%I
+Wants=wg-quick@%I
+PartOf=gre-on-wg.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/gre-on-wg up %i
+ExecStop=/usr/bin/gre-on-wg down %i
+
+[Install]
+WantedBy=multi-user.target