diff --git a/ping-portainer.yml b/ping-portainer.yml
new file mode 100644
index 0000000..190a0c2
--- /dev/null
+++ b/ping-portainer.yml
@@ -0,0 +1,59 @@
+---
+- name: Reach Portainer via SSH tunnel through bdc
+  hosts: localhost
+  connection: local
+  gather_facts: false
+
+  vars:
+    bastion_host: bdc.cci17.fr
+    bastion_port: 17100
+    bastion_user: ansible
+
+    portainer_ip: 10.30.0.151
+    portainer_port: 9443
+
+    local_port: "{{ 20000 + (9999 | random) }}"
+    ssh_control_socket: "/tmp/ssh-tunnel-{{ local_port }}.sock"
+
+  tasks:
+    - block:
+        - name: Open SSH tunnel (local -> portainer via bastion)
+          shell: >
+            ssh
+            -p {{ bastion_port }}
+            -o ExitOnForwardFailure=yes
+            -o StrictHostKeyChecking=no
+            -o UserKnownHostsFile=/dev/null
+            -o ServerAliveInterval=10
+            -o ServerAliveCountMax=3
+            -M -S {{ ssh_control_socket }}
+            -f -N
+            -L 127.0.0.1:{{ local_port }}:{{ portainer_ip }}:{{ portainer_port }}
+            {{ bastion_user }}@{{ bastion_host }}
+          changed_when: true
+
+        - name: Wait for local tunnel port
+          wait_for:
+            host: 127.0.0.1
+            port: "{{ local_port }}"
+            timeout: 20
+
+        - name: HTTPS check Portainer through tunnel
+          uri:
+            url: "https://127.0.0.1:{{ local_port }}/"
+            method: GET
+            validate_certs: false
+            status_code: [200, 301, 302, 403]
+          register: portainer_check
+
+        - name: OK
+          debug:
+            msg: "✅ Portainer joignable via tunnel (status {{ portainer_check.status }})"
+
+      always:
+        - name: Close tunnel if opened
+          shell: >
+            test -S {{ ssh_control_socket }} &&
+            ssh -p {{ bastion_port }} -S {{ ssh_control_socket }} -O exit
+            {{ bastion_user }}@{{ bastion_host }} || true
+          ignore_errors: true
\ No newline at end of file