diff --git a/pkg/controlplane/cache.go b/pkg/controlplane/cache.go
index 5d500a93..47b89527 100644
--- a/pkg/controlplane/cache.go
+++ b/pkg/controlplane/cache.go
@@ -13,6 +13,7 @@ import (
 	grpcwebv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3"
 	routerv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3"
 	httpinspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
+	dstv3inspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3"
 	httpconnectionmanager "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	tcpproxy "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3"
 	httpv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
@@ -61,6 +62,7 @@ func (a *Virtual) To() (
 			}
 		}
 		rr = append(rr, DefaultRoute())
+		clusters = append(clusters, OriginCluster())
 		routes = append(routes, &route.RouteConfiguration{
 			Name: routeName,
 			VirtualHosts: []*route.VirtualHost{
@@ -130,6 +132,10 @@ func ToCluster(clusterName string) *cluster.Cluster {
 }
 
 func OriginCluster() *cluster.Cluster {
+	anyFunc := func(m proto.Message) *anypb.Any {
+		pbst, _ := anypb.New(m)
+		return pbst
+	}
 	return &cluster.Cluster{
 		Name:           "origin_cluster",
 		ConnectTimeout: durationpb.New(time.Second * 5),
@@ -137,6 +143,13 @@ func OriginCluster() *cluster.Cluster {
 		ClusterDiscoveryType: &cluster.Cluster_Type{
 			Type: cluster.Cluster_ORIGINAL_DST,
 		},
+		TypedExtensionProtocolOptions: map[string]*anypb.Any{
+			"envoy.extensions.upstreams.http.v3.HttpProtocolOptions": anyFunc(&httpv3.HttpProtocolOptions{
+				UpstreamProtocolOptions: &httpv3.HttpProtocolOptions_UseDownstreamProtocolConfig{
+					UseDownstreamProtocolConfig: &httpv3.HttpProtocolOptions_UseDownstreamHttpConfig{},
+				},
+			}),
+		},
 	}
 }
 
@@ -323,6 +336,12 @@ func ToListener(listenerName string, routeName string, port int32, p corev1.Prot
 					TypedConfig: anyFunc(&httpinspector.HttpInspector{}),
 				},
 			},
+			{
+				Name: wellknown.OriginalDestination,
+				ConfigType: &listener.ListenerFilter_TypedConfig{
+					TypedConfig: anyFunc(&dstv3inspector.OriginalDst{}),
+				},
+			},
 		},
 	}
 }
diff --git a/pkg/mesh/envoy.yaml b/pkg/mesh/envoy.yaml
index b28b1ba7..6eecf88b 100644
--- a/pkg/mesh/envoy.yaml
+++ b/pkg/mesh/envoy.yaml
@@ -50,10 +50,4 @@ static_resources:
                       address: kubevpn-traffic-manager
                       port_value: 9002
                       ipv4_compat: true
-      http2_protocol_options: { }
-    - name: origin_cluster
-      connect_timeout: 5s
-      type: ORIGINAL_DST
-      lb_policy: CLUSTER_PROVIDED
-      dns_lookup_family: ALL
       http2_protocol_options: { }
\ No newline at end of file