Astrill Extractor

Extract certificates and keys from astrill OVPN files. Should work for others

Astrill, my VPN of choice, allows you to export OpenVPN config files for all its VPNs, allowing you to connect on platforms it doesn't provide clients for, which albeit isn't many. The AUR package astrill has started becoming really unstable on my machine recently, so I decided to switch it out for ovpn files, as gnome has excellent support for OpenVPN.

The export step is really simple, you just log in to the web portal, create an entry for your machine, and export the config files. Their tutorial for this can be found here. The only problem is that some applications won't accept the certificates embedded into the file like astrill provide. (Gnome does, but I only realized that whilst writing this).
import os, shutil

from glob import glob

def write_file(data, out_file_name, new_dir):
    with open(os.path.join(new_dir, out_file_name), 'w') as f:

for ovpn_file in  glob('*.ovpn'):
    new_dir = os.path.join(ovpn_file.replace('.ovpn', ''))

    os.makedirs(new_dir, exist_ok=True)
    shutil.copy2(ovpn_file, os.path.join(new_dir, ovpn_file.split('/')[-1]))

    with open(ovpn_file) as f:
        file_data = f.readlines()

    in_block = False
    data = []
    for line in file_data:
        if line.startswith('<') and line.strip().endswith('>'):  # if this is a tag line
            if in_block: # we're in a block, write data
                file_ext = line.strip().replace('</', '').replace('>', '') + ".pem"
                write_file(data, ovpn_file.split('/')[-1] + '-' + file_ext, new_dir)
                data = []
                in_block = False
                in_block = True
        elif in_block:

    print("Exported {}".format(ovpn_file.split('/')[-1]))

The above script will split out the files and save them into separate directories for each config file. These files can then be imported and used in an OpenVPN-compatible application.

#Is this even needed?

Certain network managers do support importing .ovpn files directly, and sets everything up for you, including the files for the keys etc, without needing to extract them before. Gnome's network-manager does this. This does make my script useless to me, but hopefully someone will find it useful!

Share this page