Getting Started

Install the Software

If you have not already done so, visit our Downloads Page to download the Windows or Linux installer.

To install the software, just run the installation package.  For a detailed description of the process, refer to:

Windows Installation

Linux Installation

The instructions in the remainder of this document provide general instructions on WANFast installations that will be used for remote login, file copy, and block level synchronization.  If you are installing the software to run WANFast's Continuous Replication, then you should follow the more detailed instructions specific to replication in Installing and Configuring the WANFast Replication Components.

(back to top)

Your Free Trial License

The WANFast software is licensed on a per-machine basis.  During the beta period, a 30-day free trial license key is created for the machine when you install the software. This is a fully functional license and you can install the software on as many servers as you wish.   Please review the terms of our Beta License prior to installing the software.

You can purchase a production license with full capabilities with a one-time payment or on a monthly or annual subscription. 

(back to top)

Update Your Path Environment Variable

It is easiest to run the WANFast client programs from the command line if you add the WANFast installation directory to your PATH environment variable. 

On Linux

Edit the file "/home/YourLoginName/.bashrc", assuming that you are using the bash shell, and add the following line to the end of the file:

export PATH=$PATH:/opt/wfst

or if you used the single-user client installer, (note the tilda):

export PATH=$PATH:~/opt/wfst

You will then either need to log out and in again to pick up the change, or run the command:

. ./.bashrc

to apply the changes to your currently running shell.

On Windows 2008 R2 and Later

Starting with the WANFast 2.0 release, the Windows installer will automatically update the PATH variable for the user installing the software. You will need to create a new command prompt Window after installation in order for the changes to take effect.  If you are installing an older version, or if you are using an account other than the one that installed the software, you will need to update the PATH variable manually as follows:

Go to Control Panel -> User Accounts -> User Accounts -> Change my environment variables.

If you do not already have a User variable Path, then click on New... to create one. 

Variable Name: Path
Variable Value: %Path%;C:\Program Files\WANFast\     Program Files (x86) for versions < 2.0

Then click on OK.

If you already have a Path variable, then add ";C:\Program Files\WANFast\" to the end.

Note that the Windows installer will also create a WANFast command prompt icon.  When you double click on this icon, it will raise a command prompt Window with its working directory set to the WANFast program directory.  You will be able to run any of the WANFast commands from this window.

(back to top)

Display Online Help or Examples

Calling any of the WANFast programs with just the -h command line parameter will display the full set of command line options, e.g., 

wcp -h
wfst -h

The command:

wfst examples

will display several common command examples.  If the system is unable to find the WANFast client command, wfst, then either the installation process failed or you did not set your Path variable correctly in the previous section.  Note that all command line options can also be used in your WANFast configuration file.

You can run the wgui or wrepl graphical user interfaces by running them from the command line.  On Windows you will also find them in the WANFast folder on your start menu.  To access help for either program, click on the Help drop down menu and then again on Help.  This will raise your default web browser and display WANFast's oniine help.

(back to top)

Create or Import Your Key Pair

WANFast uses a system of private/public key pairs for Identifying and Authenticating users and servers.  This system is modeled after the open source application Secure Shell, ssh, so it should be familiar to many users.  In fact, you can even use your existing ssh keys with WANFast.  If you are not familiar with Secure Shell, then read about WANFast Security before proceeding.

Create a Key Pair

To create a new WANfast key pair, run the following command in a command prompt window:

wfst -F ID

where ID is your email address or other unique identifier.  This will create your personal WANFast directory and the two files wfst.key and wfst.pub storing your private and public key respectively.  If you have a preexisting WANFast key pair, this command will not overwrite the existing key files.  Instead it will create a new key pair with the name wfst-nnnnnnnn.key, where nnnnnnnn is a large integer corresponding to the current time.   If you wish to deliberately create a new primary key pair, delete the existing key pair first.  If you wish to create a 2nd key pair, then use the options, -i PrivateKeyPath.key to specify the new name of the key file.  You can then use this 2nd key pair in any WANFast command by including the -i PrivateKeyPath.key option in the command.  

Note that you should only create one key pair for each ID.  If you create more than one key pair, perhaps on different machines, using the same ID, then the machines will not be able to communicate.  If you plan to use different keys on different machines, be sure to use unique IDs for each key, such as Name@Hostname rather than your email address.

When creating your key pair, you will be asked for a password that will be used to protect your private key.  When your private key is password protected, you will be asked to enter the password each time it is used. If you are using your key pair on just the local machine, it is generally safe to hit CR to skip the password.  But if you plan to use your key pair on more than one machine, be sure to set a strong password to ensure that your keys are not compromised when copying to another machine.   

C:\Windows\System32>wfst -F This email address is being protected from spambots. You need JavaScript enabled to view it.
Initializing your WANFast configuration
Creating 2048 bit private key, C:/Users/cwatt/AppData/Local/WANFast/wfst.key
Enter new password for private key file (just CR for none):
Re-enter password:
SUCCESS!
 

The security of your private key is critical to the security of your account.  Anyone with access to this file can impersonate you and access any of the WANFast servers that you are authorized to access. When created by WANFast, the private key's file permissions are set so that only you can read the file.  If you change these permissions, the WANFast client will refuse to start until you have secured your key file.  On Windows, you can restore the permissions on your key files by running the wfstPerms command from a command prompt.

Your personal WANFast directory is located in:

Linux:    /home/YourLogin/.wfst
Windows:  C:\Users\YourLogin\AppData\Local\WANFast

If you look in your WANFast directory, you will see the following files in addition to your key files:

wfst.cfg  - which holds your WANFast configuration settings.

authorized_keys -- which holds the public keys for remote users that are allowed to log into your account on this computer.  The security of this file is critical to the security of your account on this computer.  When created, WANFast sets the permissions on this file so that only you can write to or modify the file.  This prevents other users from adding their key to your file and then accessing your account.

known_hosts -- which holds the list of servers that you have approved for access from your WANFast account.  It is used to detect any potentially suspicious changes to a server and help you avoid logging into a compromised server.  When created, WANFast sets the permissions on this file so that only you can write to or modify the file.

Importing a Key Pair

To import an existing ssh or WANFast key pair for use as your WANFast key on the local machine, run the following command in a command prompt window:

wfst -M PrivateKeyFile [ID]

where PrivateKeyFile is the path to your private key file, and ID is your email address or other unique ID to associate with your key.  If you do not specify an ID, the current value in the imported public key file will be used.  Note that the public key file matching the private key that you are importing must reside in the same directory as the private key and must have the same name as the private key but with the ".pub" extension.

The key import command will create the same directory and files as the key create command above.

Note that if the imported key is encrypted, you will be asked for the password prior to importing the key.  The resulting WANFast key will also be imported with the same password.

Changing the Password on a Key File

To change, add, or delete the password on a private key file, run the command wfst -i PrivateKeyFile.key --encrypt-key --of=ChangedPrivateKeyFile.key.  The command will not overwrite the original key file.  If you wish to change the password on your primary private key, first write to a new file, delete the original file, and rename the encrypted file.  If you wish to create a 2nd, encrypted version of the file, note that the command only handles the private key file and does not copy the public key file.  If you create a new key file kkk.key, then you will need to manually copy wfst.pub --> kkk.pub.

Key Distribution Models

WANFast's public key pairs can be used to implement several different models of access control to your servers.  It is up to you to implement the model that best matches the security needs of your organization.  The two most commonly used models are:

The global ID model, in which each user has a single key pair that is used to globally identify that user.  This is the easiest to understand and manage.

The discrete account/machine model, in which the user has a different key pair on each machine on which they have an account.  This provides more granular access control.

(back to top)

Testing Your Connection in Loopback Mode

If you have installed both the WANFast client and server on your computer, then you can test your installation in loop back mode.   In your WANFast directory, add your public key to your authorized_keys file.  For example, on Linux:

cat wfst.pub >> authorized_keys

or on Windows:

type wfst.pub >> authorized_keys

Then run the following command:

wping localhost

The first time you do this, you will see the message:

Host (127.0.0.1) key (C2H47RCJbJLZ813WG2yOW9RW+YdvQT6mnsQZiiNUsXs==) not found.  Add to known_hosts? (y/N)

This alerts you that you have not previously connected to this server.  If you wish to proceed, type "Y".   For details on how to verify the server's public key, see WANFast Security.

If successful, the command will print out:

Sent 1 BW 0.1 mbps
Sent 1 BW 0.1 mbps

Until you type in Control C to stop it.

If you see an error message:

Your WANFast private key (/home/cwatt/.wfst/wfst.key) cannot be read.
Either the file doesn't exist, it is encrypted, or it is in an incorrect format.
...

You have most likely not set up your WANFast account.  See Getting Started.

If you see an error message similar to:

Server error: Not authorized: User@127.0.0.1 (ID=User@wanfast.net) --> User

then you do not added your public key key correctly to the authorized_keys file.

If you see the message:

Server error: You have insecure file permissions on the file /home/cwatt/.wfst/authorized_keys

then you need to run the command wfstPerms to set the security attributes on your WANFast files.

Note if you ever see the following message while logging into or creating a tunnel to a server:

WARNING: Host (127.0.0.1) key (C2H47RCJbJLZ813WG2yOW9RW+YdvQT6mnsQZiiNUsXs==) has changed.  Update known_hosts? (y/N)

the key on that server has changed for some reason.  This would be suspicious on a production server.  Be sure that the key change is legitimate before type "Y" to proceed.

(back to top)

Install Additional Servers

In order to use the WANFast applications, the software needs to be installed on more than one machine, so repeat the instructions above to install WANFast on additional servers -- preferably at least one on the far side of your WAN so you can see some real performance improvement. 

When 

(back to top)

Add Your Public Key to One or More Servers

In order to create a WANFast connection between two computers for file transfer or an acceleration tunnel, your public key must be included in at least one account's authorized_keys file on the remote computer.  Note that the authorized_keys file can hold any number of public keys (limited to two when using the free trial license).  Just append additional keys to the end of the file.  Note that the public key consists of a single line of text without any carriage return or newlines.  Be careful when cutting and pasting that you do not accidentally add a carriage return in the middle of the key.

(back to top)

Open Firewall Ports

When you install the WANFast daemon on your machine, it will update your Windows or Linux firewall to open up the WANFast ports that you selected during installation.  By default these are: 4900 for incoming TCP connections to that machine; 4900 - 4910 for UDP file data received by the machine.  If there is an external firewall in your network between your two WANFast installations, you will need to update that firewall with similar changes to allow traffic between your WANFast machines.  

(back to top)

Test Between Servers

Test your WANFast connection to another server by trying a remote login to the server.  With the wping command you can test performance using both the UDP and tunnel transports, test performance using different encryption algorithms, test compression, etc.

If that succeeds, you are now ready for:

File Copy, Backup, and Synchronization

Running Remote Commands or a Remote Shell

Creating an Acceleration Tunnel

(back to top)

Install a Production License

You can purchase a production license from our web site's WANFast Products page, or by contacting This email address is being protected from spambots. You need JavaScript enabled to view it..  After purchase you will be able to manage your licenses using your WANFast login, see View Your Licenses for instructions on how to install your license.

(back to top)

Special Notes for Windows 2003 and Windows XP

The older versions of Windows -- 2003 and XP -- do not support the APIs used by the WANFast daemon on the server machine to securely switch between login accounts.  It is possible that this limitation may be fixed in the future by using different APIs, but for now the server process always runs under the privileged WANFastD account.  The privileges on this account allow it to overwrite critical system files, so allowing access to the account presents a security risk.  Be sure to only grant access to users already trusted with Administrative privileges.  Unprivileged users can still use wcp to transfer files as explained later in this section.

Setting Up the Server on Windows 2003

To set up the server on Windows 2003, 

Log into an account with Administrator privileges.

Change the password on the WANFastD account.

Update the WANFastD service so that it logs into the WANFastD account using this new password.

Restart the service

Log out and log into the WANFastD account using the new password.

From a command prompt window, run the command:  "C:\Program Files (x86)\WANFast\wfst.exe" -F WANFastD@localhost

Change your working directory to C:\Documents and Settings\WANFastD\Local Settings\Application Data\WANFast

Add any user public keys to the authorized keys files -- WARNING!!! Be sure you trust these users with Admin privileges.

You are now ready to log into the server as "wanfastd@ServerName".

Accessing the Windows 2003 Server as an Unprivileged User

An unprivileged user can still access the 2003 server, but must manually start a copy of the server process.

Log into your non-privileged account on the server.

Make sure your PATH environment variable is set up correctly.

Open a command prompt window.

Set up your WANFast account on the server using the command:  wfst -F YourName@ServerName, if you haven't already done so.

From a command window, run the command:  wfst --target-mode -p PortNumber, where PortNumber is an unused TCP port on the server.  You will need to have an administrator update the Windows Firewall rules to allow access to this port.

You can now access the server by using the -p PortNumber option to specify the alternate port number.

(back to top)

Known Issues

Common Error Messages