The source was derived from the 2.0.5 source base. You can diff against that for line-level changes, however here is a big-picture overview of what was done. Aside from diff'ing, all areas I touched I have marked with the comment //HHH to make them easy to find, and sometimes have a comment explaining the rationale behind the change.
The driver is an NDIS driver. CE thankfully supports NDIS, however an extension is used which is not supported. Specifically the extension that provides for a named device driver that can be connected to from the user-mode application. This was replaced with a CE-specific 'stream' driver that does largely the same thing.
CE does not support overlapped IO, except in the special case of sockets. An emulation of overlapped IO was created for the stream driver interface, thus the existing architecture of openvpn could remain as-is.
Trivial modifications to other things like generating a random MAC and registry structure assumptions were made as needed.
I tried to make as little change to the main application as possible. The edge that touches the driver, tun.c, has some modification and delegates to alternative implementations in the new file wince_tun.c based on conditional compilation.
A few very minor changes were made in win32.c. cryptoapi.c was modified to include the config-win32.h header.
There is a huge missing chunk of otherwise standard C runtime library routines. CE was created with in the spirit of culling away alternative implementations of similar functionality. I didn't want to hack on the original source code too much, though, so I provided implementation of the missing APIs in terms of existing APIs. That way the original source will compile. This wound up being a substantial amount of code, and it is located in wince_portstuff.h and .c. These are conditionally included and are not needed at all to build win32 or unix builds.
Overlapped reads in WinSock for stream sockets often does not queue a read unless it can be immediately satisfied. There is a workaround involving a background worker thread that attempts to make overlapped reads look the work correctly to the rest of the application.
A modification was put in place in the interface route testing logic. Previously, the usefulness of an interface in satisfying a route was based upon it's IP and net mask. This has been extended to include the declared gateway address for adapters of type PPP.
This is a binary I added to provide the user-interface to the application. I tried to make it sensible from a PocketPC UI standpoint. PocketPC doesn't have a console like desktop systems, so using openvpn.exe directly is not really practical without an auxiliary UI to control it.