diff --git a/nixos/modules/services/networking/globalprotect-vpn.nix b/nixos/modules/services/networking/globalprotect-vpn.nix
index 19d6e8bfac69..bb60916244fd 100644
--- a/nixos/modules/services/networking/globalprotect-vpn.nix
+++ b/nixos/modules/services/networking/globalprotect-vpn.nix
@@ -5,7 +5,8 @@ with lib;
 let
   cfg = config.services.globalprotect;
 
-  execStart = if cfg.csdWrapper == null then
+  execStart =
+    if cfg.csdWrapper == null then
       "${pkgs.globalprotect-openconnect}/bin/gpservice"
     else
       "${pkgs.globalprotect-openconnect}/bin/gpservice --csd-wrapper=${cfg.csdWrapper}";
@@ -15,6 +16,22 @@ in
   options.services.globalprotect = {
     enable = mkEnableOption "globalprotect";
 
+    settings = mkOption {
+      description = ''
+        GlobalProtect-openconnect configuration. For more information, visit
+        <link
+        xlink:href="https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration"
+        />.
+      '';
+      default = { };
+      example = {
+        "vpn1.company.com" = {
+          openconnect-args = "--script=/path/to/vpnc-script";
+        };
+      };
+      type = types.attrs;
+    };
+
     csdWrapper = mkOption {
       description = lib.mdDoc ''
         A script that will produce a Host Integrity Protection (HIP) report,
@@ -29,12 +46,14 @@ in
   config = mkIf cfg.enable {
     services.dbus.packages = [ pkgs.globalprotect-openconnect ];
 
+    environment.etc."gpservice/gp.conf".text = lib.generators.toINI { } cfg.settings;
+
     systemd.services.gpservice = {
       description = "GlobalProtect openconnect DBus service";
       serviceConfig = {
-        Type="dbus";
-        BusName="com.yuezk.qt.GPService";
-        ExecStart=execStart;
+        Type = "dbus";
+        BusName = "com.yuezk.qt.GPService";
+        ExecStart = execStart;
       };
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
diff --git a/pkgs/tools/networking/globalprotect-openconnect/default.nix b/pkgs/tools/networking/globalprotect-openconnect/default.nix
index e35abc33ca91..6558d72ecd93 100644
--- a/pkgs/tools/networking/globalprotect-openconnect/default.nix
+++ b/pkgs/tools/networking/globalprotect-openconnect/default.nix
@@ -21,10 +21,6 @@ stdenv.mkDerivation rec {
   patchPhase = ''
     substituteInPlace GPService/gpservice.h \
       --replace /usr/local/bin/openconnect ${openconnect}/bin/openconnect;
-    substituteInPlace GPClient/settingsdialog.ui \
-      --replace /etc/gpservice/gp.conf $out/etc/gpservice/gp.conf;
-    substituteInPlace GPService/gpservice.cpp \
-      --replace /etc/gpservice/gp.conf $out/etc/gpservice/gp.conf;
     substituteInPlace GPService/CMakeLists.txt \
       --replace /etc/gpservice $out/etc/gpservice;
   '';