diff --git a/openvpn/tunnel/setup_tun_linux.go b/openvpn/tunnel/setup_tun_linux.go
index 671d1c6..f74e0a1 100644
--- a/openvpn/tunnel/setup_tun_linux.go
+++ b/openvpn/tunnel/setup_tun_linux.go
@@ -20,9 +20,11 @@
 package tunnel
 
 import (
+	gerrors "errors"
 	"io/ioutil"
 	"os"
 	"os/exec"
+	"runtime"
 	"strconv"
 	"strings"
 
@@ -52,7 +54,20 @@ type tunDevice struct {
 
 // Setup sets the tunel up
 func (service *LinuxTunDeviceManager) Setup(configuration *config.GenericConfig) error {
-	configuration.SetScriptParam("iproute", config.SimplePath("nonpriv-ip"))
+
+	if !(runtime.GOOS == "linux" && os.Geteuid() == 0) {
+		// only need to pass this option when running as non-root user
+		if _, err := os.Stat(configuration.GetFullScriptPath(config.SimplePath("nonpriv-ip"))); gerrors.Is(err, os.ErrNotExist) {
+			return errors.Wrap(err, "required nonpriv-ip script was not found")
+		}
+
+		configuration.SetScriptParam("iproute", config.SimplePath("nonpriv-ip"))
+	}
+
+	if _, err := os.Stat(configuration.GetFullScriptPath(config.SimplePath("prepare-env.sh"))); gerrors.Is(err, os.ErrNotExist) {
+		return errors.Wrap(err, "required prepare-env.sh script was not found")
+	}
+
 	service.scriptSetup = configuration.GetFullScriptPath(config.SimplePath("prepare-env.sh"))
 
 	err := service.createDeviceNode()