diff --git a/.github/workflows/ostests-e2e.yaml b/.github/workflows/ostests-e2e.yaml
index 11cf4d71ce96..9f334e0065c7 100644
--- a/.github/workflows/ostests-e2e.yaml
+++ b/.github/workflows/ostests-e2e.yaml
@@ -24,6 +24,10 @@ on:
         type: string
         description: The k0s network provider to test.
         required: true
+      kube-proxy-mode:
+        type: string
+        description: The k0s kube-proxy mode to test.
+        required: true
       terraform-version:
         type: string
         description: The Terraform version to use when provisioning test resources.
@@ -64,6 +68,7 @@ jobs:
       TF_VAR_k0s_version: ${{ inputs.k0s-version }}
       TF_VAR_k0sctl_executable_path: ${{ github.workspace }}/.cache/k0sctl
       TF_VAR_k0s_network_provider: ${{ inputs.network-provider }}
+      TF_VAR_k0s_kube_proxy_mode: ${{ inputs.kube-proxy-mode }}
 
     defaults:
       run:
diff --git a/.github/workflows/ostests-matrix.yaml b/.github/workflows/ostests-matrix.yaml
index d5e18620907c..fea0c99dc055 100644
--- a/.github/workflows/ostests-matrix.yaml
+++ b/.github/workflows/ostests-matrix.yaml
@@ -42,6 +42,15 @@ on:
             "kuberouter",
             "calico"
           ]
+      kube-proxy-modes:
+        type: string
+        description: The k0s kube-proxy modes to test.
+        required: true
+        default: >-
+          [
+            "iptables",
+            "ipvs"
+          ]
 
 jobs:
   build:
@@ -56,8 +65,9 @@ jobs:
       matrix:
         os: ${{ fromJSON(github.event.inputs.oses) }}
         network-provider: ${{ fromJSON(github.event.inputs.network-providers) }}
+        kube-proxy-mode: ${{ fromJSON(github.event.inputs.kube-proxy-modes) }}
 
-    name: "${{ matrix.os }} :: ${{ matrix.network-provider }}"
+    name: "${{ matrix.os }} :: ${{ matrix.network-provider }} :: ${{ matrix.kube-proxy-mode }}"
     needs: build
     if: always() && (inputs.k0s-version != '' || needs.build.result == 'success')
     uses: ./.github/workflows/ostests-e2e.yaml
@@ -67,6 +77,7 @@ jobs:
       e2e-focus: ${{ inputs.e2e-focus }}
       os: ${{ matrix.os }}
       network-provider: ${{ matrix.network-provider }}
+      kube-proxy-mode: ${{ matrix.kube-proxy-mode }}
     secrets:
       aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
       aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
diff --git a/.github/workflows/ostests-nightly.yaml b/.github/workflows/ostests-nightly.yaml
index 25c0c6696c97..715d53ab08a2 100644
--- a/.github/workflows/ostests-nightly.yaml
+++ b/.github/workflows/ostests-nightly.yaml
@@ -26,6 +26,11 @@ env:
       "kuberouter",
       "calico"
     ]
+  KUBE_PROXY_MODES: >-
+    [
+      "iptables",
+      "ipvs"
+    ]
 
 jobs:
   select:
@@ -49,13 +54,14 @@ jobs:
           script: |
             const distros = JSON.parse(process.env.DISTRIBUTIONS)
             const networkProviders = JSON.parse(process.env.NETWORK_PROVIDERS)
+            const kubeProxyModes = JSON.parse(process.env.KUBE_PROXY_MODES)
 
             const oses = []
             for (let i = 0; ; i++) {
               let added = false
               for (const distro of distros) {
                 if (i < distro.length) {
-                  oses.push(distro[i]);
+                  oses.push(distro[i])
                   added = true
                 }
               }
@@ -65,17 +71,25 @@ jobs:
             }
 
             const combinations = []
-            for (const [i, _] of networkProviders.entries()) {
-              for (const [j, os] of oses.entries()) {
-                combinations.push([os, networkProviders[(i + j) % networkProviders.length]])
+            for (const [kpmIdx, _] of kubeProxyModes.entries()) {
+              for (const [npIdx, _] of networkProviders.entries()) {
+                for (const [osIdx, os] of oses.entries()) {
+                  combinations.push([
+                    os,
+                    networkProviders[(npIdx + osIdx) % networkProviders.length],
+                    kubeProxyModes[(kpmIdx + osIdx) % kubeProxyModes.length],
+                  ])
+                }
               }
             }
 
             const daysSinceEpoch = Math.floor(Date.now() / (24 * 60 * 60 * 1000))
-            const [os, networkProvider] = combinations[daysSinceEpoch % combinations.length]
+            const [os, networkProvider, kubeProxyMode] =
+              combinations[daysSinceEpoch % combinations.length]
             console.log(`Selected ${os}/${networkProvider}`)
             core.setOutput('os', os)
             core.setOutput('network-provider', networkProvider)
+            core.setOutput('kube-proxy-mode', kubeProxyMode)
 
   build:
     name: Build
diff --git a/hack/ostests/README.md b/hack/ostests/README.md
index c49a6a2bfe83..404ef61e931a 100644
--- a/hack/ostests/README.md
+++ b/hack/ostests/README.md
@@ -51,6 +51,7 @@ other ways described [here][tf-config].
 export TF_VAR_os=alpine_3_17
 export TF_VAR_k0s_version=stable
 export TF_VAR_k0s_network_provider=calico
+export TF_VAR_k0s_kube_proxy_mode=ipvs
 ```
 
 [aws-config]: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
@@ -97,6 +98,11 @@ This may be a fixed version number, "stable" or "latest".
 * `kuberouter`
 * `calico`
 
+### `k0s_kube_proxy_mode`: Network provider
+
+* `iptables`
+* `ipvs`
+
 ### Adding a new operating system
 
 * Navigate to [modules/os/](modules/os/) and add a new file `os_<the-os-id>.tf`.
diff --git a/hack/ostests/main.tf b/hack/ostests/main.tf
index e68948b4bbbd..6b292062ca8e 100644
--- a/hack/ostests/main.tf
+++ b/hack/ostests/main.tf
@@ -4,6 +4,7 @@ provider "aws" {
       "ostests.k0sproject.io/instance"             = local.resource_name_prefix
       "ostests.k0sproject.io/os"                   = var.os
       "ostests.k0sproject.io/k0s-network-provider" = var.k0s_network_provider
+      "ostests.k0sproject.io/k0s-kube-proxy-mode"  = var.k0s_kube_proxy_mode
     })
   }
 }
@@ -50,6 +51,11 @@ module "k0sctl" {
     network = {
       provider = var.k0s_network_provider
       podCIDR  = local.podCIDR
+
+      kubeProxy = {
+        mode = var.k0s_kube_proxy_mode
+      }
+
       nodeLocalLoadBalancing = {
         enabled = true
       }
diff --git a/hack/ostests/modules/k0sctl/variables.tf b/hack/ostests/modules/k0sctl/variables.tf
index 8e019ed44e26..a85db4d4ed04 100644
--- a/hack/ostests/modules/k0sctl/variables.tf
+++ b/hack/ostests/modules/k0sctl/variables.tf
@@ -67,6 +67,9 @@ variable "k0s_config_spec" {
     network = optional(object({
       provider = optional(string),
       podCIDR  = optional(string),
+      kubeProxy = optional(object({
+        mode = string,
+      }))
       nodeLocalLoadBalancing = optional(object({
         enabled = optional(bool),
       })),
diff --git a/hack/ostests/variables.tf b/hack/ostests/variables.tf
index 8a8ae16ca3fd..7174398494ee 100644
--- a/hack/ostests/variables.tf
+++ b/hack/ostests/variables.tf
@@ -79,3 +79,14 @@ variable "k0s_network_provider" {
     error_message = "Unsupported k0s CNI stack."
   }
 }
+
+variable "k0s_kube_proxy_mode" {
+  type        = string
+  description = "The k0s kube-proxy mode to use (either iptables or ipvs)."
+  default     = "iptables"
+
+  validation {
+    condition     = var.k0s_kube_proxy_mode == "iptables" || var.k0s_kube_proxy_mode == "ipvs"
+    error_message = "Unsupported k0s kube-proxy mode."
+  }
+}