diff --git a/cmd/gluetun/main.go b/cmd/gluetun/main.go
index a560a026..81ec9a5e 100644
--- a/cmd/gluetun/main.go
+++ b/cmd/gluetun/main.go
@@ -71,10 +71,11 @@ func main() {
 	unix := unix.New()
 	cli := cli.New()
 	env := params.NewEnv()
+	cmder := command.NewCommander()
 
 	errorCh := make(chan error)
 	go func() {
-		errorCh <- _main(ctx, buildInfo, args, logger, env, unix, cli)
+		errorCh <- _main(ctx, buildInfo, args, logger, env, unix, cmder, cli)
 	}()
 
 	select {
@@ -113,7 +114,7 @@ var (
 //nolint:gocognit,gocyclo
 func _main(ctx context.Context, buildInfo models.BuildInformation,
 	args []string, logger logging.ParentLogger, env params.Env,
-	unix unix.Unix, cli cli.CLI) error {
+	unix unix.Unix, cmder command.Commander, cli cli.CLI) error {
 	if len(args) > 1 { // cli operation
 		switch args[1] {
 		case "healthcheck":
@@ -135,7 +136,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 	alpineConf := alpine.NewConfigurator()
 	ovpnConf := openvpn.NewConfigurator(
 		logger.NewChild(logging.Settings{Prefix: "openvpn configurator: "}),
-		unix)
+		unix, cmder)
 	dnsCrypto := dnscrypto.New(httpClient, "", "")
 	const cacertsPath = "/etc/ssl/certs/ca-certificates.crt"
 	dnsConf := unbound.NewConfigurator(nil, dnsCrypto,
@@ -162,8 +163,6 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		fmt.Println(line)
 	}
 
-	cmder := command.NewCommander()
-
 	err = printVersions(ctx, logger, []printVersionElement{
 		{name: "Alpine", getVersion: alpineConf.Version},
 		{name: "OpenVPN 2.4", getVersion: ovpnConf.Version24},
@@ -233,7 +232,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		Prefix: "firewall: ",
 		Level:  firewallLogLevel,
 	})
-	firewallConf := firewall.NewConfigurator(firewallLogger, routingConf)
+	firewallConf := firewall.NewConfigurator(firewallLogger, cmder, routingConf)
 
 	defaultInterface, defaultGateway, err := routingConf.DefaultRoute()
 	if err != nil {
diff --git a/internal/firewall/firewall.go b/internal/firewall/firewall.go
index a7ceb89c..2ccc06aa 100644
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -50,14 +50,13 @@ type configurator struct { //nolint:maligned
 }
 
 // NewConfigurator creates a new Configurator instance.
-func NewConfigurator(logger logging.Logger, routing routing.Routing) Configurator {
-	commander := command.NewCommander()
+func NewConfigurator(logger logging.Logger, cmder command.Commander, routing routing.Routing) Configurator {
 	return &configurator{
-		commander:         commander,
+		commander:         cmder,
 		logger:            logger,
 		routing:           routing,
 		allowedInputPorts: make(map[uint16]string),
-		ip6Tables:         ip6tablesSupported(context.Background(), commander),
+		ip6Tables:         ip6tablesSupported(context.Background(), cmder),
 		customRulesPath:   "/iptables/post-rules.txt",
 	}
 }
diff --git a/internal/openvpn/openvpn.go b/internal/openvpn/openvpn.go
index 7389a72a..55b88ff9 100644
--- a/internal/openvpn/openvpn.go
+++ b/internal/openvpn/openvpn.go
@@ -29,10 +29,11 @@ type configurator struct {
 	tunDevPath   string
 }
 
-func NewConfigurator(logger logging.Logger, unix unix.Unix) Configurator {
+func NewConfigurator(logger logging.Logger, unix unix.Unix,
+	cmder command.Commander) Configurator {
 	return &configurator{
 		logger:       logger,
-		commander:    command.NewCommander(),
+		commander:    cmder,
 		unix:         unix,
 		authFilePath: constants.OpenVPNAuthConf,
 		tunDevPath:   constants.TunnelDevice,