diff --git a/dist/images/install-pre-1.16.sh b/dist/images/install-pre-1.16.sh
index dfaddff1798..36867ef4ef5 100644
--- a/dist/images/install-pre-1.16.sh
+++ b/dist/images/install-pre-1.16.sh
@@ -1568,7 +1568,7 @@ spec:
           - /kube-ovn/start-cniserver.sh
         args:
           - --enable-mirror=$ENABLE_MIRROR
-          - --encap-checksum=false
+          - --encap-checksum=true
           - --service-cluster-ip-range=$SVC_CIDR
           - --iface=${IFACE}
           - --network-type=$NETWORK_TYPE
diff --git a/dist/images/install.sh b/dist/images/install.sh
index 00d991091a3..1b9f62eed06 100755
--- a/dist/images/install.sh
+++ b/dist/images/install.sh
@@ -1789,7 +1789,7 @@ spec:
           - /kube-ovn/start-cniserver.sh
         args:
           - --enable-mirror=$ENABLE_MIRROR
-          - --encap-checksum=false
+          - --encap-checksum=true
           - --service-cluster-ip-range=$SVC_CIDR
           - --iface=${IFACE}
           - --network-type=$NETWORK_TYPE
diff --git a/dist/images/uninstall.sh b/dist/images/uninstall.sh
index 516e2e5e950..77d5d4386f3 100644
--- a/dist/images/uninstall.sh
+++ b/dist/images/uninstall.sh
@@ -14,6 +14,7 @@ iptables -t filter -D FORWARD -m set --match-set ovn40subnets dst -j ACCEPT
 iptables -t filter -D FORWARD -m set --match-set ovn40subnets src -j ACCEPT
 iptables -t filter -D FORWARD -m set --match-set ovn40services dst -j ACCEPT
 iptables -t filter -D FORWARD -m set --match-set ovn40services src -j ACCEPT
+iptables -D OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0
 
 if [ -n "$1" ]; then
     iptables -t nat -D POSTROUTING ! -s "$1" -m set --match-set ovn40subnets dst -j MASQUERADE
@@ -37,6 +38,7 @@ ip6tables -t filter -D FORWARD -m set --match-set ovn60subnets dst -j ACCEPT
 ip6tables -t filter -D FORWARD -m set --match-set ovn60subnets src -j ACCEPT
 ip6tables -t filter -D FORWARD -m set --match-set ovn60services dst -j ACCEPT
 ip6tables -t filter -D FORWARD -m set --match-set ovn60services src -j ACCEPT
+ip6tables -D OUTPUT -p udp -m udp --dport 6081 -j MARK --set-xmark 0x0
 
 if [ -n "$1" ]; then
     ip6tables -t nat -D POSTROUTING ! -s "$1" -m set --match-set ovn60subnets dst -j MASQUERADE
diff --git a/pkg/daemon/gateway.go b/pkg/daemon/gateway.go
index 7575693f5ca..f0b07ad1f82 100644
--- a/pkg/daemon/gateway.go
+++ b/pkg/daemon/gateway.go
@@ -427,6 +427,8 @@ func (c *Controller) setIptables() error {
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn40subnets dst -j ACCEPT`)},
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn40services src -j ACCEPT`)},
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn40services dst -j ACCEPT`)},
+			// Output unmark to bypass kernel nat checksum issue https://github.com/flannel-io/flannel/issues/1279
+			{Table: "filter", Chain: "OUTPUT", Rule: strings.Fields(`-p udp -m udp --dport 6081 -j MARK --set-xmark 0x0`)},
 		}
 		v6Rules = []util.IPTableRule{
 			// nat outgoing
@@ -448,6 +450,8 @@ func (c *Controller) setIptables() error {
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn60subnets dst -j ACCEPT`)},
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn60services src -j ACCEPT`)},
 			{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(`-m set --match-set ovn60services dst -j ACCEPT`)},
+			// Output unmark to bypass kernel nat checksum issue https://github.com/flannel-io/flannel/issues/1279
+			{Table: "filter", Chain: "OUTPUT", Rule: strings.Fields(`-p udp -m udp --dport 6081 -j MARK --set-xmark 0x0`)},
 		}
 	)
 	protocols := make([]string, 2)