From fc0adf95913e303f6c11b0058fd9c6481531db66 Mon Sep 17 00:00:00 2001
From: braginini <bangvalo@gmail.com>
Date: Sat, 24 Feb 2024 17:37:40 +0000
Subject: [PATCH] Add Rosenpass permissive mode doc

---
 .../how-to/enable-post-quantum-cryptography.mdx    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/pages/how-to/enable-post-quantum-cryptography.mdx b/src/pages/how-to/enable-post-quantum-cryptography.mdx
index bf7c80a7..201c1961 100644
--- a/src/pages/how-to/enable-post-quantum-cryptography.mdx
+++ b/src/pages/how-to/enable-post-quantum-cryptography.mdx
@@ -39,12 +39,26 @@ This configuration is persistent and preserved by the agent during restarts.
 </Note>
 
 ## Disable Rosenpass
+
 To disable Rosenpass again use the following command.
 ```bash
 netbird down
 netbird up --enable-rosenpass=false
 ```
 
+## Enable permissive mode
+
+Enabling Rosenpass on one peer assumes that all peers have Rosenpass enabled. If one of the peers does not enable this feature
+or run an older version that lacks Rosenpass, the connection won't work.
+To allow non-Rosenpass enabled peers to connect to a Rosenpass peer, the permissive mode can be activated. In this case,
+the NetBird client will default to a standard WireGuard connection without pre-shared keys for those connections that
+don't support Rosenpass. It will continue negotiating PSKs with Rosenpass for the rest, ensuring enhanced security wherever possible:
+
+```bash
+netbird up --enable-rosenpass --rosenpass-permissive
+```
+
+
 ## Get started
 <p float="center" >
     <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>