diff --git a/muxrpc/test/go/deny_test.go b/muxrpc/test/go/deny_test.go
index a4f2f3d..c0b9603 100644
--- a/muxrpc/test/go/deny_test.go
+++ b/muxrpc/test/go/deny_test.go
@@ -109,7 +109,7 @@ func TestConnEstablishmentDenyNonMembersRestrictedRoom(t *testing.T) {
 
 	// allow A, deny B
 	theBots[indexSrv].srv.Members.Add(ctx, botA.Whoami(), roomdb.RoleMember)
-	// since we want to verify denying connections for non members in a restricte room, let us:
+	// since we want to verify denying connections for non members in a restricted room, let us:
 	// a) NOT add B as a member
 	// theBots[indexSrv].srv.Members.Add(ctx, botB.Whoami(), roomdb.RoleMember)
 
@@ -122,7 +122,7 @@ func TestConnEstablishmentDenyNonMembersRestrictedRoom(t *testing.T) {
 	err = botA.Network.Connect(ctx, serv.Network.GetListenAddr())
 	r.NoError(err, "connect A to the Server")
 
-	// shouldn't work (we banned B)
+	// shouldn't work (we disallow B in restricted mode)
 	err = botB.Network.Connect(ctx, serv.Network.GetListenAddr())
 	r.NoError(err, "connect B to the Server") // we dont see an error because it just establishes the tcp connection
 
@@ -153,3 +153,72 @@ func TestConnEstablishmentDenyNonMembersRestrictedRoom(t *testing.T) {
 
 	cancel()
 }
+
+func TestConnEstablishmentAllowNonMembersCommunityRoom(t *testing.T) {
+	// defer leakcheck.Check(t)
+	ctx, cancel := context.WithCancel(context.Background())
+	theBots := createServerAndBots(t, ctx, 2)
+
+	r := require.New(t)
+	a := assert.New(t)
+
+	const (
+		indexSrv = iota
+		indexA
+		indexB
+	)
+
+	serv := theBots[indexSrv].srv
+	botA := theBots[indexA].srv
+	botB := theBots[indexB].srv
+
+	// make sure we are running in community mode on the server
+	err := serv.Config.SetPrivacyMode(ctx, roomdb.ModeCommunity)
+	r.NoError(err)
+	pm, err := serv.Config.GetPrivacyMode(ctx)
+	r.NoError(err)
+	r.EqualValues(roomdb.ModeCommunity, pm)
+
+	// allow A, allow B
+	theBots[indexSrv].srv.Members.Add(ctx, botA.Whoami(), roomdb.RoleMember)
+	// since we want to verify allowing connections for non members in a community room, let us:
+	// a) NOT add B as a member
+	// theBots[indexSrv].srv.Members.Add(ctx, botB.Whoami(), roomdb.RoleMember)
+
+	// hack: allow bots to dial the server
+	theBots[indexA].srv.Members.Add(ctx, serv.Whoami(), roomdb.RoleMember)
+	theBots[indexB].srv.Members.Add(ctx, serv.Whoami(), roomdb.RoleMember)
+
+	// dial up B->A and C->A
+	// should work (we allowed A)
+	err = botA.Network.Connect(ctx, serv.Network.GetListenAddr())
+	r.NoError(err, "connect A to the Server")
+
+	// should work (we don't disallow B in community mode)
+	err = botB.Network.Connect(ctx, serv.Network.GetListenAddr())
+	r.NoError(err, "connect B to the Server")
+
+	t.Log("letting handshaking settle..")
+	time.Sleep(1 * time.Second)
+
+	var srvWho struct {
+		ID refs.FeedRef
+	}
+
+	endpointB, has := botB.Network.GetEndpointFor(serv.Whoami())
+	r.True(has, "botB has no endpoint for the server")
+	err = endpointB.Async(ctx, &srvWho, muxrpc.TypeJSON, muxrpc.Method{"whoami"})
+	r.NoError(err)
+	t.Log(srvWho.ID.Ref())
+
+	endpointA, has := botA.Network.GetEndpointFor(serv.Whoami())
+	r.True(has, "botA has no endpoint for the server")
+
+	err = endpointA.Async(ctx, &srvWho, muxrpc.TypeJSON, muxrpc.Method{"whoami"})
+	r.NoError(err)
+
+	t.Log("server whoami:", srvWho.ID.Ref())
+	a.True(serv.Whoami().Equal(&srvWho.ID))
+
+	cancel()
+}