- Install the Software
- Free Trial License
- Update Your Path Environment Variable
- Display Online Help or Examples
- Create or Import Your Key Pair
- Key Distribution Models
- Test Your Connection in Loopback Mode
- Install Additional Servers
- Add Your Public Key to One or More Servers
- Open Firewall Ports
- Test Between Servers
- Install a Production License
- Special Notes for Windows 2003 and XP
Install the Software
If you have not already done so, visit our Downloads Page to download the Windows or Linux installer.
To install the software, just run the installation package. For a detailed description of the process, refer to:
The instructions in the remainder of this document provide general instructions on WANFast installations that will be used for remote login, file copy, and block level synchronization. If you are installing the software to run WANFast's Continuous Replication, then you should follow the more detailed instructions specific to replication in Installing and Configuring the WANFast Replication Components.
Your Free Trial License
The WANFast software is licensed on a per-machine basis. During the beta period, a 30-day free trial license key is created for the machine when you install the software. This is a fully functional license and you can install the software on as many servers as you wish. Please review the terms of our Beta License prior to installing the software.
You can purchase a production license with full capabilities with a one-time payment or on a monthly or annual subscription.
Update Your Path Environment Variable
It is easiest to run the WANFast client programs from the command line if you add the WANFast installation directory to your PATH environment variable.
On Linux
Edit the file "/home/YourLoginName/.bashrc", assuming that you are using the bash shell, and add the following line to the end of the file:
export PATH=$PATH:/opt/wfst
or if you used the single-user client installer, (note the tilda):
export PATH=$PATH:~/opt/wfst
You will then either need to log out and in again to pick up the change, or run the command:
. ./.bashrc
to apply the changes to your currently running shell.
On Windows 2008 R2 and Later
Starting with the WANFast 2.0 release, the Windows installer will automatically update the PATH variable for the user installing the software. You will need to create a new command prompt Window after installation in order for the changes to take effect. If you are installing an older version, or if you are using an account other than the one that installed the software, you will need to update the PATH variable manually as follows:
Go to Control Panel -> User Accounts -> User Accounts -> Change my environment variables.
If you do not already have a User variable Path, then click on New... to create one.
Variable Name: Path
Variable Value: %Path%;C:\Program Files\WANFast\ Program Files (x86) for versions < 2.0
Then click on OK.
If you already have a Path variable, then add ";C:\Program Files\WANFast\" to the end.
Note that the Windows installer will also create a WANFast command prompt icon. When you double click on this icon, it will raise a command prompt Window with its working directory set to the WANFast program directory. You will be able to run any of the WANFast commands from this window.
Display Online Help or Examples
Calling any of the WANFast programs with just the -h command line parameter will display the full set of command line options, e.g.,
wcp -h
wfst -h
The command:
wfst examples
will display several common command examples. If the system is unable to find the WANFast client command, wfst, then either the installation process failed or you did not set your Path variable correctly in the previous section. Note that all command line options can also be used in your WANFast configuration file.
You can run the wgui or wrepl graphical user interfaces by running them from the command line. On Windows you will also find them in the WANFast folder on your start menu. To access help for either program, click on the Help drop down menu and then again on Help. This will raise your default web browser and display WANFast's oniine help.
Create or Import Your Key Pair
WANFast uses a system of private/public key pairs for Identifying and Authenticating users and servers. This system is modeled after the open source application Secure Shell, ssh, so it should be familiar to many users. In fact, you can even use your existing ssh keys with WANFast. If you are not familiar with Secure Shell, then read about WANFast Security before proceeding.
Create a Key Pair
To create a new WANfast key pair, run the following command in a command prompt window:
wfst -F ID
where ID is your email address or other unique identifier. This will create your personal WANFast directory and the two files wfst.key and wfst.pub storing your private and public key respectively. If you have a preexisting WANFast key pair, this command will not overwrite the existing key files. Instead it will create a new key pair with the name wfst-nnnnnnnn.key, where nnnnnnnn is a large integer corresponding to the current time. If you wish to deliberately create a new primary key pair, delete the existing key pair first. If you wish to create a 2nd key pair, then use the options, -i PrivateKeyPath.key to specify the new name of the key file. You can then use this 2nd key pair in any WANFast command by including the -i PrivateKeyPath.key option in the command.
Note that you should only create one key pair for each ID. If you create more than one key pair, perhaps on different machines, using the same ID, then the machines will not be able to communicate. If you plan to use different keys on different machines, be sure to use unique IDs for each key, such as Name@Hostname rather than your email address.
When creating your key pair, you will be asked for a password that will be used to protect your private key. When your private key is password protected, you will be asked to enter the password each time it is used. If you are using your key pair on just the local machine, it is generally safe to hit CR to skip the password. But if you plan to use your key pair on more than one machine, be sure to set a strong password to ensure that your keys are not compromised when copying to another machine.
C:\Windows\System32>wfst -F This email address is being protected from spambots. You need JavaScript enabled to view it.
Initializing your WANFast configuration
Creating 2048 bit private key, C:/Users/cwatt/AppData/Local/WANFast/wfst.key
Enter new password for private key file (just CR for none):
Re-enter password:
SUCCESS!
The security of your private key is critical to the security of your account. Anyone with access to this file can impersonate you and access any of the WANFast servers that you are authorized to access. When created by WANFast, the private key's file permissions are set so that only you can read the file. If you change these permissions, the WANFast client will refuse to start until you have secured your key file. On Windows, you can restore the permissions on your key files by running the wfstPerms command from a command prompt.
Your personal WANFast directory is located in:
Linux: /home/YourLogin/.wfst
Windows: C:\Users\YourLogin\AppData\Local\WANFast
If you look in your WANFast directory, you will see the following files in addition to your key files:
wfst.cfg - which holds your WANFast configuration settings.
authorized_keys -- which holds the public keys for remote users that are allowed to log into your account on this computer. The security of this file is critical to the security of your account on this computer. When created, WANFast sets the permissions on this file so that only you can write to or modify the file. This prevents other users from adding their key to your file and then accessing your account.
known_hosts -- which holds the list of servers that you have approved for access from your WANFast account. It is used to detect any potentially suspicious changes to a server and help you avoid logging into a compromised server. When created, WANFast sets the permissions on this file so that only you can write to or modify the file.
Importing a Key Pair
To import an existing ssh or WANFast key pair for use as your WANFast key on the local machine, run the following command in a command prompt window:
wfst -M PrivateKeyFile [ID]
where PrivateKeyFile is the path to your private key file, and ID is your email address or other unique ID to associate with your key. If you do not specify an ID, the current value in the imported public key file will be used. Note that the public key file matching the private key that you are importing must reside in the same directory as the private key and must have the same name as the private key but with the ".pub" extension.
The key import command will create the same directory and files as the key create command above.
Note that if the imported key is encrypted, you will be asked for the password prior to importing the key. The resulting WANFast key will also be imported with the same password.
Changing the Password on a Key File
To change, add, or delete the password on a private key file, run the command wfst -i PrivateKeyFile.key --encrypt-key --of=ChangedPrivateKeyFile.key. The command will not overwrite the original key file. If you wish to change the password on your primary private key, first write to a new file, delete the original file, and rename the encrypted file. If you wish to create a 2nd, encrypted version of the file, note that the command only handles the private key file and does not copy the public key file. If you create a new key file kkk.key, then you will need to manually copy wfst.pub --> kkk.pub.
Key Distribution Models
WANFast's public key pairs can be used to implement several different models of access control to your servers. It is up to you to implement the model that best matches the security needs of your organization. The two most commonly used models are:
The global ID model, in which each user has a single key pair that is used to globally identify that user. This is the easiest to understand and manage.
The discrete account/machine model, in which the user has a different key pair on each machine on which they have an account. This provides more granular access control.
Testing Your Connection in Loopback Mode
If you have installed both the WANFast client and server on your computer, then you can test your installation in loop back mode. In your WANFast directory, add your public key to your authorized_keys file. For example, on Linux:
cat wfst.pub >> authorized_keys
or on Windows:
type wfst.pub >> authorized_keys
Then run the following command:
wping localhost
The first time you do this, you will see the message:
Host (127.0.0.1) key (C2H47RCJbJLZ813WG2yOW9RW+YdvQT6mnsQZiiNUsXs==) not found. Add to known_hosts? (y/N)
This alerts you that you have not previously connected to this server. If you wish to proceed, type "Y". For details on how to verify the server's public key, see WANFast Security.
If successful, the command will print out:
Sent 1 BW 0.1 mbps Sent 1 BW 0.1 mbps
Until you type in Control C to stop it.
If you see an error message:
Your WANFast private key (/home/cwatt/.wfst/wfst.key) cannot be read. Either the file doesn't exist, it is encrypted, or it is in an incorrect format.
...
You have most likely not set up your WANFast account. See Getting Started.
If you see an error message similar to:
Server error: Not authorized: User@127.0.0.1 (ID=User@wanfast.net) --> User
then you do not added your public key key correctly to the authorized_keys file.
If you see the message:
Server error: You have insecure file permissions on the file /home/cwatt/.wfst/authorized_keys
then you need to run the command wfstPerms to set the security attributes on your WANFast files.
Note if you ever see the following message while logging into or creating a tunnel to a server:
WARNING: Host (127.0.0.1) key (C2H47RCJbJLZ813WG2yOW9RW+YdvQT6mnsQZiiNUsXs==) has changed. Update known_hosts? (y/N)
the key on that server has changed for some reason. This would be suspicious on a production server. Be sure that the key change is legitimate before type "Y" to proceed.
Install Additional Servers
In order to use the WANFast applications, the software needs to be installed on more than one machine, so repeat the instructions above to install WANFast on additional servers -- preferably at least one on the far side of your WAN so you can see some real performance improvement.
When
Add Your Public Key to One or More Servers
In order to create a WANFast connection between two computers for file transfer or an acceleration tunnel, your public key must be included in at least one account's authorized_keys file on the remote computer. Note that the authorized_keys file can hold any number of public keys (limited to two when using the free trial license). Just append additional keys to the end of the file. Note that the public key consists of a single line of text without any carriage return or newlines. Be careful when cutting and pasting that you do not accidentally add a carriage return in the middle of the key.
Open Firewall Ports
When you install the WANFast daemon on your machine, it will update your Windows or Linux firewall to open up the WANFast ports that you selected during installation. By default these are: 4900 for incoming TCP connections to that machine; 4900 - 4910 for UDP file data received by the machine. If there is an external firewall in your network between your two WANFast installations, you will need to update that firewall with similar changes to allow traffic between your WANFast machines.
Test Between Servers
Test your WANFast connection to another server by trying a remote login to the server. With the wping command you can test performance using both the UDP and tunnel transports, test performance using different encryption algorithms, test compression, etc.
If that succeeds, you are now ready for:
File Copy, Backup, and Synchronization
Running Remote Commands or a Remote Shell
Creating an Acceleration Tunnel
Install a Production License
You can purchase a production license from our web site's WANFast Products page, or by contacting This email address is being protected from spambots. You need JavaScript enabled to view it.. After purchase you will be able to manage your licenses using your WANFast login, see View Your Licenses for instructions on how to install your license.
Special Notes for Windows 2003 and Windows XP
The older versions of Windows -- 2003 and XP -- do not support the APIs used by the WANFast daemon on the server machine to securely switch between login accounts. It is possible that this limitation may be fixed in the future by using different APIs, but for now the server process always runs under the privileged WANFastD account. The privileges on this account allow it to overwrite critical system files, so allowing access to the account presents a security risk. Be sure to only grant access to users already trusted with Administrative privileges. Unprivileged users can still use wcp to transfer files as explained later in this section.
Setting Up the Server on Windows 2003
To set up the server on Windows 2003,
Log into an account with Administrator privileges.
Change the password on the WANFastD account.
Update the WANFastD service so that it logs into the WANFastD account using this new password.
Restart the service
Log out and log into the WANFastD account using the new password.
From a command prompt window, run the command: "C:\Program Files (x86)\WANFast\wfst.exe" -F WANFastD@localhost
Change your working directory to C:\Documents and Settings\WANFastD\Local Settings\Application Data\WANFast
Add any user public keys to the authorized keys files -- WARNING!!! Be sure you trust these users with Admin privileges.
You are now ready to log into the server as "wanfastd@ServerName".
Accessing the Windows 2003 Server as an Unprivileged User
An unprivileged user can still access the 2003 server, but must manually start a copy of the server process.
Log into your non-privileged account on the server.
Make sure your PATH environment variable is set up correctly.
Open a command prompt window.
Set up your WANFast account on the server using the command: wfst -F YourName@ServerName, if you haven't already done so.
From a command window, run the command: wfst --target-mode -p PortNumber, where PortNumber is an unused TCP port on the server. You will need to have an administrator update the Windows Firewall rules to allow access to this port.
You can now access the server by using the -p PortNumber option to specify the alternate port number.
Known Issues
Common Error Messages