diff --git a/cli/internal/helm/charts/cilium/values.yaml b/cli/internal/helm/charts/cilium/values.yaml
index 2cf46c2bc..bfc2190cb 100644
--- a/cli/internal/helm/charts/cilium/values.yaml
+++ b/cli/internal/helm/charts/cilium/values.yaml
@@ -132,7 +132,13 @@ extraArgs: []
 extraEnv: []
 
 # -- Additional agent hostPath mounts.
-extraHostPathMounts: []
+extraHostPathMounts:
+  - name: dev-net
+    mountPath: /dev/net
+    hostPath: /dev/net
+    hostPathType: Directory
+    readOnly: true
+    mountPropagation: HostToContainer
 
 # -- Additional agent volumes.
 extraVolumes: []
@@ -519,7 +525,7 @@ encryption:
 
   wireguard:
     # -- Enables the fallback to the user-space implementation.
-    userspaceFallback: false
+    userspaceFallback: true
 
   # -- Deprecated in favor of encryption.ipsec.keyFile.
   # Name of the key file inside the Kubernetes secret configured via secretName.
diff --git a/cli/internal/helm/charts/cilium/values.yaml.tmpl b/cli/internal/helm/charts/cilium/values.yaml.tmpl
index 5aef1fd9d..ee79f196c 100644
--- a/cli/internal/helm/charts/cilium/values.yaml.tmpl
+++ b/cli/internal/helm/charts/cilium/values.yaml.tmpl
@@ -522,7 +522,7 @@ encryption:
 
   wireguard:
     # -- Enables the fallback to the user-space implementation.
-    userspaceFallback: false
+    userspaceFallback: true
 
   # -- Deprecated in favor of encryption.ipsec.keyFile.
   # Name of the key file inside the Kubernetes secret configured via secretName.
@@ -1582,7 +1582,13 @@ operator:
   extraEnv: []
 
   # -- Additional cilium-operator hostPath mounts.
-  extraHostPathMounts: []
+  extraHostPathMounts:
+    - name: dev-net
+      mountPath: /dev/net
+      hostPath: /dev/net
+      hostPathType: Directory
+      readOnly: true
+      mountPropagation: HostToContainer
 
   # -- Additional cilium-operator volumes.
   extraVolumes: []
diff --git a/cli/internal/helm/values.go b/cli/internal/helm/values.go
index 1dcbd9726..8c89014e3 100644
--- a/cli/internal/helm/values.go
+++ b/cli/internal/helm/values.go
@@ -49,7 +49,8 @@ var azureVals = map[string]any{
 		"enabled": true,
 	},
 	"encryption": map[string]any{
-		"enabled": false,
+		"enabled": true,
+		"type":    "wireguard",
 	},
 	"l7Proxy": false,
 	"ipam": map[string]any{