diff --git a/riocli/vpn/connect.py b/riocli/vpn/connect.py
index 94cb6a10..e07ca9f6 100644
--- a/riocli/vpn/connect.py
+++ b/riocli/vpn/connect.py
@@ -27,6 +27,7 @@
 from riocli.utils.spinner import with_spinner
 from riocli.v2client import Client as v2Client
 from riocli.vpn.util import (
+    get_command,
     is_tailscale_up,
     stop_tailscale,
     install_vpn_tools,
@@ -107,13 +108,10 @@ def start_tailscale(
         client: v2Client,
         spinner: Yaspin,
 ) -> bool:
-    cmd = ('sudo tailscale up --auth-key={} --login-server={}'
-           ' --reset --force-reauth --accept-routes --accept-dns'
-           ' --advertise-tags={} --timeout=30s')
+    cmd = get_command('tailscale up --auth-key={} --login-server={} --reset --force-reauth '
+                      '--accept-routes --accept-dns --advertise-tags={} --timeout=30s')
     args = generate_tailscale_args(ctx, client, spinner)
-    command = cmd.format(args.HEADSCALE_PRE_AUTH_KEY,
-                         args.HEADSCALE_URL,
-                         args.HEADSCALE_ACL_TAG)
+    command = cmd.format(args.HEADSCALE_PRE_AUTH_KEY, args.HEADSCALE_URL, args.HEADSCALE_ACL_TAG)
     output, code = run_bash_with_return_code(command)
     if code != 0:
         spinner.write(
diff --git a/riocli/vpn/util.py b/riocli/vpn/util.py
index dc4b3ae8..6c2f535e 100644
--- a/riocli/vpn/util.py
+++ b/riocli/vpn/util.py
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import json
+import os
 import socket
 import tempfile
 from os.path import exists, join
@@ -57,11 +58,11 @@ def get_tailscale_ip() -> str:
 
 
 def stop_tailscale() -> bool:
-    _, code = run_bash_with_return_code('sudo tailscale down')
+    _, code = run_bash_with_return_code(get_command('tailscale down'))
     if code != 0:
         return False
 
-    output, code = run_bash_with_return_code('sudo tailscale logout')
+    output, code = run_bash_with_return_code(get_command('tailscale logout'))
     if code != 0 and 'no nodekey to log out' not in output:
         return False
 
@@ -126,3 +127,11 @@ def is_vpn_enabled_in_project(client: v2Client, project_guid: str) -> bool:
     project = client.get_project(project_guid)
     return (project.status.status.lower() == 'success' and
             project.status.vpn.lower() == 'success')
+
+
+def get_command(cmd: str) -> str:
+    """Returns an effective command to execute."""
+    if is_linux() and os.geteuid() == 0:
+        return cmd
+
+    return 'sudo {}'.format(cmd)