swarupsro/OpenVPN Extractor.md

## extract_ovpn_cert.py
#!/usr/bin/python3
#
# Extract certificates and keys from an OpenVPN config file (*.ovpn)
# The config file is rewritten to use the extracted certificates.
#
# Usage: >$ extract_ovpn_cert.py VPNCONFIG.ovpn
#

import os
import re
import sys

# open input ovpn config file
ovpn_file_path =  os.path.dirname(os.path.abspath(sys.argv[1]))
ovpn_file = open(sys.argv[1], 'r')
ovpn_config = ovpn_file.read()
ovpn_file.close()

# open output config file
ovpn_file = open(os.path.splitext(sys.argv[1])[0]+"_nocert.ovpn", 'w')

# prepare regex
regex_tls = re.compile("<tls-auth>(.*)</tls-auth>", re.IGNORECASE|re.DOTALL)
regex_ca = re.compile("<ca>(.*)</ca>", re.IGNORECASE|re.DOTALL)
regex_cert = re.compile("<cert>(.*)</cert>", re.IGNORECASE|re.DOTALL)
regex_key = re.compile("<key>(.*)</key>", re.IGNORECASE|re.DOTALL)

# extract keys
match_string = regex_tls.search(ovpn_config)
if match_string is not None:
    cert_file = open(os.path.join(ovpn_file_path, 'tls-auth.key'), 'w')
    cert_file.write(match_string.group(1))
    cert_file.close()
    ovpn_config = regex_tls.sub("",ovpn_config)
    # get key direction setting
    regex_tls = re.compile("key-direction ([01])", re.IGNORECASE)
    match_string = regex_tls.search(ovpn_config)
    if match_string is not None:
        key_direction = match_string.group(1)
    else:
        key_direction = ""
    ovpn_file.write("tls-auth tls-auth.key " + key_direction + "\n")

match_string = regex_ca.search(ovpn_config)
if match_string is not None:
    cert_file = open(os.path.join(ovpn_file_path, 'ca.crt'), 'w')
    cert_file.write(match_string.group(1))
    cert_file.close()
    ovpn_config = regex_ca.sub("",ovpn_config)
    ovpn_file.write("ca ca.crt\n")

match_string = regex_cert.search(ovpn_config)
if match_string is not None:
    cert_file = open(os.path.join(ovpn_file_path, 'client.crt'), 'w')
    cert_file.write(match_string.group(1))
    cert_file.close()
    ovpn_config = regex_cert.sub("",ovpn_config)
    ovpn_file.write("cert client.crt\n")

match_string = regex_key.search(ovpn_config)
if match_string is not None:
    cert_file = open(os.path.join(ovpn_file_path, 'client.key'), 'w')
    cert_file.write(match_string.group(1))
    cert_file.close()
    ovpn_config = regex_key.sub("",ovpn_config)
    ovpn_file.write("key client.key\n")

# copy and append previous config
ovpn_file.write(ovpn_config)
ovpn_file.close()

## OpenVPN Extractor.md

      
    Raw
  

              OpenVPN Extractor.md
            
          
    This python script is intended to automate the extraction of embedded certificates and keys from OpenVPN config files.
Unfortunately the GNOME Network-Manager is not able to automatically import OpenVPN config files with embedded certificates and keys. A workaround is to manually extract these and store them in separate files (e.g. see https://naveensnayak.wordpress.com/2013/03/04/ubuntu-openvpn-with-ovpn-file/).
Instructions:


Make shure all the required packages are installed. For example on Ubuntu and Debian run:

$ sudo apt-get install python3 network-manager-openvpn-gnome


Extract the certs and keys using the python script

$ python3 extract_ovpn_cert.py path/to/VPNCONFIG.ovpn


Import the created file path/to/VPNCONFIG_nocert.ovpn with the GNOME network config tool


References:

Manual extraction HOWTO https://naveensnayak.wordpress.com/2013/03/04/ubuntu-openvpn-with-ovpn-file/
Ubuntu bug report https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/606365
	#!/usr/bin/python3
	#
	# Extract certificates and keys from an OpenVPN config file (*.ovpn)
	# The config file is rewritten to use the extracted certificates.
	#
	# Usage: >$ extract_ovpn_cert.py VPNCONFIG.ovpn
	#

	import os
	import re
	import sys

	# open input ovpn config file
	ovpn_file_path = os.path.dirname(os.path.abspath(sys.argv[1]))
	ovpn_file = open(sys.argv[1], 'r')
	ovpn_config = ovpn_file.read()
	ovpn_file.close()

	# open output config file
	ovpn_file = open(os.path.splitext(sys.argv[1])[0]+"_nocert.ovpn", 'w')

	# prepare regex
	regex_tls = re.compile("<tls-auth>(.*)</tls-auth>", re.IGNORECASE\|re.DOTALL)
	regex_ca = re.compile("<ca>(.*)</ca>", re.IGNORECASE\|re.DOTALL)
	regex_cert = re.compile("<cert>(.*)</cert>", re.IGNORECASE\|re.DOTALL)
	regex_key = re.compile("<key>(.*)</key>", re.IGNORECASE\|re.DOTALL)

	# extract keys
	match_string = regex_tls.search(ovpn_config)
	if match_string is not None:
	cert_file = open(os.path.join(ovpn_file_path, 'tls-auth.key'), 'w')
	cert_file.write(match_string.group(1))
	cert_file.close()
	ovpn_config = regex_tls.sub("",ovpn_config)
	# get key direction setting
	regex_tls = re.compile("key-direction ([01])", re.IGNORECASE)
	match_string = regex_tls.search(ovpn_config)
	if match_string is not None:
	key_direction = match_string.group(1)
	else:
	key_direction = ""
	ovpn_file.write("tls-auth tls-auth.key " + key_direction + "\n")

	match_string = regex_ca.search(ovpn_config)
	if match_string is not None:
	cert_file = open(os.path.join(ovpn_file_path, 'ca.crt'), 'w')
	cert_file.write(match_string.group(1))
	cert_file.close()
	ovpn_config = regex_ca.sub("",ovpn_config)
	ovpn_file.write("ca ca.crt\n")

	match_string = regex_cert.search(ovpn_config)
	if match_string is not None:
	cert_file = open(os.path.join(ovpn_file_path, 'client.crt'), 'w')
	cert_file.write(match_string.group(1))
	cert_file.close()
	ovpn_config = regex_cert.sub("",ovpn_config)
	ovpn_file.write("cert client.crt\n")

	match_string = regex_key.search(ovpn_config)
	if match_string is not None:
	cert_file = open(os.path.join(ovpn_file_path, 'client.key'), 'w')
	cert_file.write(match_string.group(1))
	cert_file.close()
	ovpn_config = regex_key.sub("",ovpn_config)
	ovpn_file.write("key client.key\n")

	# copy and append previous config
	ovpn_file.write(ovpn_config)
	ovpn_file.close()