Add Rosenpass permissive mode doc

netbirdio · Feb 24, 2024 · fc0adf9 · fc0adf9
1 parent 6d9367a
commit fc0adf9
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/pages/how-to/enable-post-quantum-cryptography.mdx b/src/pages/how-to/enable-post-quantum-cryptography.mdx
@@ -39,12 +39,26 @@ This configuration is persistent and preserved by the agent during restarts.
 </Note>
 
 ## Disable Rosenpass
+
 To disable Rosenpass again use the following command.
 ```bash
 netbird down
 netbird up --enable-rosenpass=false
 ```
 
+## Enable permissive mode
+
+Enabling Rosenpass on one peer assumes that all peers have Rosenpass enabled. If one of the peers does not enable this feature
+or run an older version that lacks Rosenpass, the connection won't work.
+To allow non-Rosenpass enabled peers to connect to a Rosenpass peer, the permissive mode can be activated. In this case,
+the NetBird client will default to a standard WireGuard connection without pre-shared keys for those connections that
+don't support Rosenpass. It will continue negotiating PSKs with Rosenpass for the rest, ensuring enhanced security wherever possible:
+
+```bash
+netbird up --enable-rosenpass --rosenpass-permissive
+```
+
+
 ## Get started
 <p float="center" >
     <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>