diff --git a/packages/system/cilium/Makefile b/packages/system/cilium/Makefile
index 038b767c..1d0cc5d0 100644
--- a/packages/system/cilium/Makefile
+++ b/packages/system/cilium/Makefile
@@ -9,4 +9,4 @@ update:
 	helm repo update cilium
 	helm pull cilium/cilium --untar --untardir charts --version 1.15
 	sed -i -e '/Used in iptables/d' -e '/SYS_MODULE/d' charts/cilium/values.yaml
-	patch -p3 --no-backup-if-mismatch < patches/fix-cgroups.patch
+	patch -p4 --no-backup-if-mismatch < patches/startup-script.patch
diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
index 144025e0..3996e2f7 100644
--- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
@@ -114,15 +114,24 @@ spec:
           exec:
             command:
             - "true"
-        {{- else }}
+        {{- else if eq .Values.cni.chainingMode "generic-veth" }}
         command:
-        # Workaround: https://github.com/cilium/cilium/pull/27561
-        - /bin/sh
-        - -c
+        - /bin/bash
+        - -ec
         - |
-          rm -rf /run/cilium/cgroupv2
-          ln -sf /sys/fs/cgroup /run/cilium/cgroupv2
-          exec cilium-agent --config-dir=/tmp/cilium/config-map
+            # Workaround: https://github.com/kubeovn/kube-ovn/issues/4089
+            DEV=$(ip -j addr | jq --arg ip "$NODE_IP" -r '.[] | select(.addr_info[] | .local == $ip).ifname')
+            echo "using device: $DEV"
+            echo "waiting for ovn0 device"
+            until ip link show ovn0; do
+              sleep 5;
+            done
+            exec cilium-agent --config-dir=/tmp/cilium/config-map
+        {{- else }}
+        command:
+        - cilium-agent
+        args:
+        - --config-dir=/tmp/cilium/config-map
         {{- with .Values.extraArgs }}
         {{- toYaml . | trim | nindent 8 }}
         {{- end }}
diff --git a/packages/system/cilium/patches/fix-cgroups.patch b/packages/system/cilium/patches/fix-cgroups.patch
deleted file mode 100644
index db4fabfe..00000000
--- a/packages/system/cilium/patches/fix-cgroups.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/apps/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/apps/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
-index a608b69..1b5c622 100644
---- a/apps/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
-+++ b/apps/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
-@@ -105,9 +105,13 @@ spec:
-             - "true"
-         {{- else }}
-         command:
--        - cilium-agent
--        args:
--        - --config-dir=/tmp/cilium/config-map
-+        # Workaround: https://github.com/cilium/cilium/pull/27561
-+        - /bin/sh
-+        - -c
-+        - |
-+          rm -rf /run/cilium/cgroupv2
-+          ln -sf /sys/fs/cgroup /run/cilium/cgroupv2
-+          exec cilium-agent --config-dir=/tmp/cilium/config-map
-         {{- with .Values.extraArgs }}
-         {{- toYaml . | trim | nindent 8 }}
-         {{- end }}
diff --git a/packages/system/cilium/patches/startup-script.patch b/packages/system/cilium/patches/startup-script.patch
new file mode 100644
index 00000000..f7c398b6
--- /dev/null
+++ b/packages/system/cilium/patches/startup-script.patch
@@ -0,0 +1,24 @@
+diff --git a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+index 2949091..3996e2f 100644
+--- a/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
++++ b/packages/system/cilium/charts/cilium/templates/cilium-agent/daemonset.yaml
+@@ -114,6 +114,19 @@ spec:
+           exec:
+             command:
+             - "true"
++        {{- else if eq .Values.cni.chainingMode "generic-veth" }}
++        command:
++        - /bin/bash
++        - -ec
++        - |
++            # Workaround: https://github.com/kubeovn/kube-ovn/issues/4089
++            DEV=$(ip -j addr | jq --arg ip "$NODE_IP" -r '.[] | select(.addr_info[] | .local == $ip).ifname')
++            echo "using device: $DEV"
++            echo "waiting for ovn0 device"
++            until ip link show ovn0; do
++              sleep 5;
++            done
++            exec cilium-agent --config-dir=/tmp/cilium/config-map
+         {{- else }}
+         command:
+         - cilium-agent
diff --git a/packages/system/cilium/values.yaml b/packages/system/cilium/values.yaml
index 6e3a484f..73f9b03b 100644
--- a/packages/system/cilium/values.yaml
+++ b/packages/system/cilium/values.yaml
@@ -1,4 +1,5 @@
 cilium:
+  devices: " ovn0"
   hubble:
     enabled: false
   externalIPs:
@@ -24,4 +25,10 @@ cilium:
     configMap: cni-configuration
   routingMode: native
   enableIPv4Masquerade: false
+  enableIPv6Masquerade: false
   enableIdentityMark: false
+  extraEnv:
+  - name: NODE_IP
+    valueFrom:
+      fieldRef:
+        fieldPath: status.hostIP