Official OpenVPN builds for Windows use the openvpn-build buildsystem, which uses MakeNSIS and mingw-w64 internally. Patched versions of both are required due to few issues:

  • The openvpn.nsi script makes use of EnvVarUpdate.nsh to append OpenVPN\bin to the system-wide PATH variable on Windows. When using default NSIS builds, PATH can't be longer than 1024 characters or OpenVPN install destroys it. To support longer PATHs you need rebuild makensis with larger NSIS_MAX_STRLEN.
  • The mingw-w64 packages have buggy header files which prevent building of recent OpenVPN versions (2.3.8+ or so).


You need apt-src to build customized Debian packages:

$ apt-get install apt-src

Because apt-src is a bit messy, it's best to create a separate working directory:

$ mkdir ~/apt-src

Rebuilding NSIS

Here we rebuild nsis and nsis-common:

$ cd ~/apt-src
$ apt-src install nsis

Next open nsis-2.46/debian/rules in a text editor and add NSIS_MAX_STRLEN=8192 to the suitable place:


Next add a changelog entry as described below, then build the packages:

$ apt-src build nsis

Rebuilding mingw-w64

NOTE: On Ubuntu 16.04 and later you don't have to use a patched version of mingw-w64.

The process is about the same as for NSIS:

$ cd ~/apt-src
$ apt-src install mingw

Download the two patches (fwptypes.h.patch and iketypes.h.patch). Copy the patches to the patches directory and the series file:

$ cp *.patch ~/apt-src/mingw-w64-3.1.0/debian/patches
$ echo fwptypes.h.patch >> ~/apt-src/mingw-w64-3.1.0/debian/patches/series
$ echo iketypes.h.patch >> ~/apt-src/mingw-w64-3.1.0/debian/patches/series

Next add a changelog entry as described below, then build mingw-w64:

$ apt-src build mingw-w64

Adding changelog entries

Adding a changelog entry is important, because that determines the version and build number of the package. The changelog is in debian/changelog, and an entry looks like this:

mingw-w64 (3.1.0-101) unstable; urgency=medium

  * Fixes to header files to allow OpenVPN builds

 -- John Doe <>  Wed, 13 Jan 2016 07:00:00 +0000

Note the last number (101) in the version: it prevents the package from getting updates (broken) by package updates from the stock Ubuntu repositories.

Last modified 6 months ago Last modified on 08/02/17 07:22:25

Attachments (2)

Download all attachments as: .zip