Astrill Extractor

Extract certtificates and keys from astrill OVPN files. Should work for others


Astrill, my VPN of choice, allows you to export OpenVPN config files for all it's VPNs, allowing you to connect on platforms it doesn't provide clients for, which albeit isn't many. The AUR package astrill has started becoming really unstable on my machine recently, so I decided to switch it out for ovpn files, as gnome has excellent support for OpenVPN.

The export step is really simple, you just login to the web portal, create an entry for your machine, and export the config files. Their tutorial for this can be found here. The only problem is that some applications won't accept the certificates embedded into the file like astrill provide. (Gnome does, but I only realised that whilst writing this).

astrill-extractor.py    View Raw
 1import os, shutil
 2
 3from glob import glob
 4
 5def write_file(data, out_file_name, new_dir):
 6    with open(os.path.join(new_dir, out_file_name), 'w') as f:
 7        f.write(''.join(data))
 8
 9for ovpn_file in  glob('*.ovpn'):
10    new_dir = os.path.join(ovpn_file.replace('.ovpn', ''))
11
12    os.makedirs(new_dir, exist_ok=True)
13    shutil.copy2(ovpn_file, os.path.join(new_dir, ovpn_file.split('/')[-1]))
14
15    with open(ovpn_file) as f:
16        file_data = f.readlines()
17
18    in_block = False
19    data = []
20    for line in file_data:
21        if line.startswith('<') and line.strip().endswith('>'):  # if this is a tag line
22            if in_block: # we're in a block, write data
23                file_ext = line.strip().replace('</', '').replace('>', '') + ".pem"
24                write_file(data, ovpn_file.split('/')[-1] + '-' + file_ext, new_dir)
25                data = []
26                in_block = False
27            else:
28                in_block = True
29        elif in_block:
30            data.append(line)
31
32    os.remove(ovpn_file)
33    print("Exported {}".format(ovpn_file.split('/')[-1]))
34

The above script will split out the files and save them into separate directories for each config file. These files can then be imported and used in an OpenVPN-compatable application.

Is it even needed?

Certain network managers do support importing .ovpn files directly, and sets everything up for you, including the files for the keys etc, without needing to extract them before. Gnome's network-manager does this. This does make my script useless to me, but hopefully someone will find it useful!

Share this page