Add Rosenpass permissive mode doc

2026-04-16 07:26:35 +00:00 · 2024-02-24 17:37:40 +00:00
parent 6d9367af6b
commit fc0adf9591
1 changed files with 14 additions and 0 deletions
--- a/src/pages/how-to/enable-post-quantum-cryptography.mdx
+++ b/src/pages/how-to/enable-post-quantum-cryptography.mdx
@@ -39,12 +39,26 @@ This configuration is persistent and preserved by the agent during restarts.
 </Note>

 ## Disable Rosenpass
+
 To disable Rosenpass again use the following command.
 ```bash
 netbird down
 netbird up --enable-rosenpass=false
 ```

+## Enable permissive mode
+
+Enabling Rosenpass on one peer assumes that all peers have Rosenpass enabled. If one of the peers does not enable this feature
+or run an older version that lacks Rosenpass, the connection won't work.
+To allow non-Rosenpass enabled peers to connect to a Rosenpass peer, the permissive mode can be activated. In this case,
+the NetBird client will default to a standard WireGuard connection without pre-shared keys for those connections that
+don't support Rosenpass. It will continue negotiating PSKs with Rosenpass for the rest, ensuring enhanced security wherever possible:
+
+```bash
+netbird up --enable-rosenpass --rosenpass-permissive
+```
+
+
 ## Get started
 <p float="center" >
    <Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>