diff --git a/gpst.c b/gpst.c
index 244aaf044f2ce640b79d5e8aecc275987e11b485..bb4e7373d3a7667c5f5eeafb0a1324057d77fcba 100644
--- a/gpst.c
+++ b/gpst.c
@@ -651,7 +651,9 @@ static int gpst_get_config(struct openconnect_info *vpninfo)
 
 	/* submit getconfig request */
 	buf_append(request_body, "client-type=1&protocol-version=p1&internal=no");
-	append_opt(request_body, "app-version", vpninfo->csd_ticket ? : "6.3.0-33");
+	append_opt(request_body, "app-version",
+		   vpninfo->csd_ticket ? :
+		   (vpninfo->gp_app_version ? : "6.3.0"));
 	append_opt(request_body, "ipv6-support", vpninfo->disable_ipv6 ? "no" : "yes");
 	append_opt(request_body, "clientos", gpst_os_name(vpninfo));
 	append_opt(request_body, "os-version", vpninfo->platname);
diff --git a/main.c b/main.c
index 6c21796b7abf562e47353bd093db6407e73cce75..870869dd5f5c56444a38bd7a5e2c1c58b36bf181 100644
--- a/main.c
+++ b/main.c
@@ -220,6 +220,7 @@ enum {
 	OPT_MULTICERT_CERT,
 	OPT_MULTICERT_KEY,
 	OPT_MULTICERT_KEY_PASSWORD,
+	OPT_GP_APP_VERSION,
 };
 
 #ifdef __sun__
@@ -321,6 +322,7 @@ static const struct option long_options[] = {
 	OPTION("mca-certificate", 1, OPT_MULTICERT_CERT),
 	OPTION("mca-key", 1, OPT_MULTICERT_KEY),
 	OPTION("mca-key-password", 1, OPT_MULTICERT_KEY_PASSWORD),
+	OPTION("gp-app-version", 1, OPT_GP_APP_VERSION),
 	OPTION(NULL, 0, 0)
 };
 
@@ -1072,6 +1074,7 @@ static void usage(void)
 	printf("      --authenticate              %s\n", _("Authenticate only and print login info"));
 	printf("      --cookieonly                %s\n", _("Fetch and print cookie only; don't connect"));
 	printf("      --printcookie               %s\n", _("Print cookie before connecting"));
+	printf("      --gp-app-version=VERSION    %s\n", _("Report GlobalProtect app version VERSION"));
 
 #ifndef _WIN32
 	printf("\n%s:\n", _("Process control"));
@@ -2050,6 +2053,9 @@ int main(int argc, char *argv[])
 		case 'C':
 			vpninfo->cookie = dup_config_arg();
 			break;
+		case OPT_GP_APP_VERSION:
+			vpninfo->gp_app_version = keep_config_arg();
+			break;
 		case 'c':
 			vpninfo->certinfo[0].cert = dup_config_arg();
 			break;
diff --git a/openconnect-internal.h b/openconnect-internal.h
index abf45bbd39c85378eecc7eaebf00661aae4246a2..4f802cce28a6f96127d87dd4a39c2ba623264a14 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -460,6 +460,7 @@ struct openconnect_info {
 	char *csd_starturl;
 	char *csd_waiturl;
 	char *csd_preurl;
+	char *gp_app_version;
 
 	char *csd_scriptname;
 	xmlNode *opaque_srvdata;
diff --git a/openconnect.8.in b/openconnect.8.in
index 293d3acbcf9e199315bcef786ea4aab96a1d0a6c..db547b46f6e57c2e9b618255293036a1c05992d5 100644
--- a/openconnect.8.in
+++ b/openconnect.8.in
@@ -175,6 +175,12 @@ option sets the private key for the secondary certificate (see
 .B \-C,\-\-cookie=COOKIE
 Use authentication cookie
 .IR COOKIE .
+.TAG opt-gp-app-version
+.TP
+.B \-\-gp\-app\-version=VERSION
+When using GlobalProtect protocol, report the specified client app version to the server.
+Some servers require minimum versions (e.g., 6.1.4 or higher). Common values include
+6.1.4, 6.2.0, 6.3.0, and 6.3.3. Default is 6.3.0.
 .TAG opt-cookie-on-stdin
 .TP
 .B \-\-cookie\-on\-stdin
diff --git a/patch-applied-summary.md b/patch-applied-summary.md
new file mode 100644
index 0000000000000000000000000000000000000000..a25cf81ee5fa992fab134f3272bd57fa65e0127a
--- /dev/null
+++ b/patch-applied-summary.md
@@ -0,0 +1,56 @@
+# Patch Application Summary
+
+## Applied Patch: user-configurable-globalprotect-app-version.patch
+
+This patch has been successfully applied to add support for a user-configurable GlobalProtect app version option.
+
+## Changes Made
+
+### 1. openconnect-internal.h
+- Added `char *gp_app_version;` field to the `openconnect_info` struct
+- Placed after CSD-related fields for logical grouping
+
+### 2. main.c
+- Added `OPT_GP_APP_VERSION` to the option enum
+- Added `OPTION("gp-app-version", 1, OPT_GP_APP_VERSION)` to long_options array
+- Added case handler `case OPT_GP_APP_VERSION:` that assigns `vpninfo->gp_app_version = keep_config_arg();`
+- Added usage documentation: `"--gp-app-version=VERSION    Report GlobalProtect app version VERSION"`
+
+### 3. gpst.c
+- Modified the `append_opt(request_body, "app-version", ...)` call to use new fallback logic:
+  - First priority: `vpninfo->csd_ticket` (existing behavior)
+  - Second priority: `vpninfo->gp_app_version` (new user-configurable option)
+  - Default fallback: `"6.3.0"` (updated from previous default of `"6.3.0-33"`)
+
+### 4. openconnect.8.in
+- Added man page documentation for the new `--gp-app-version=VERSION` option
+- Includes description, use cases, common version values, and default behavior
+
+## Functionality
+
+The patch adds a new command-line option `--gp-app-version=VERSION` that allows users to specify the GlobalProtect client application version reported to the server. This is useful because:
+
+1. Some servers require minimum client versions (e.g., 6.1.4 or higher)
+2. Different versions may have different feature support
+3. Some servers may reject connections from "outdated" clients
+
+## Priority Order for App Version Selection
+
+1. If `csd_ticket` is set (from portal response), use that value
+2. If `--gp-app-version` was specified by user, use that value
+3. Otherwise, use default value "6.3.0"
+
+## Common Version Values
+
+- 6.1.4
+- 6.2.0
+- 6.3.0 (default)
+- 6.3.3
+
+## Usage Example
+
+```bash
+openconnect --protocol=gp --gp-app-version=6.1.4 vpn.example.com
+```
+
+This patch maintains backward compatibility while providing users the flexibility to specify client version when needed for server compatibility.
\ No newline at end of file
diff --git a/pixi.toml b/pixi.toml
new file mode 100644
index 0000000000000000000000000000000000000000..caf764177b6611ad3bf76c37bb4ab526f85510e5
--- /dev/null
+++ b/pixi.toml
@@ -0,0 +1,38 @@
+[workspace]
+name = "openconnect"
+version = "9.12"
+description = "OpenConnect VPN client with GlobalProtect app version patch"
+channels = ["conda-forge"]
+platforms = ["linux-64"]
+
+# This project applies the user-configurable-globalprotect-app-version.patch
+# which adds the --gp-app-version option for GlobalProtect server compatibility
+
+[dependencies]
+# Build tools and rattler-build for creating conda packages
+rattler-build = "*"
+
+[tasks]
+# Build OpenConnect using rattler-build
+build = "rattler-build build --recipe . --output-dir .pixi/build"
+
+# Build and install the package locally
+install = { depends-on = ["build"], cmd = "pixi global install -c file://$(pwd)/.pixi/build -c conda-forge openconnect" }
+
+# Clean build artifacts
+clean = "rm -rf .pixi/build build_output .pixi/envs/*/conda-bld"
+
+# Test the built OpenConnect binary
+test = "openconn-cli --help | grep 'gp-app-version' && echo 'GlobalProtect app version patch found!' || echo '❌ GlobalProtect app version patch NOT found'"
+
+# Show OpenConnect version and build info
+info = "openconnect --version || echo 'Build first with: pixi run build'"
+
+# Development workflow: clean, build, and test
+dev = { depends-on = ["clean", "build", "test"] }
+
+# Complete workflow: build, install, and test
+all = { depends-on = ["build", "install", "test"] }
+
+[environments]
+default = { features = [], solve-group = "default" }
diff --git a/recipe.yaml b/recipe.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7c74036af6b220938f2bd76e236c1199a67c32d5
--- /dev/null
+++ b/recipe.yaml
@@ -0,0 +1,67 @@
+package:
+  name: openconnect
+  version: "9.12"
+
+source:
+  path: "."
+
+build:
+  number: 1
+  script:
+    - ./autogen.sh
+    - ./configure --prefix=$PREFIX --enable-shared --disable-static
+    - make -j$CPU_COUNT openconnect libopenconnect.la
+    - make install-exec install-pkgconfigDATA install-man8
+    - cp $PREFIX/sbin/openconnect $PREFIX/bin/openconn-cli
+
+requirements:
+  build:
+    - ${{ compiler('c') }}
+    - make
+    - autoconf
+    - automake
+    - libtool
+    - pkg-config
+    - libxml2-devel
+  host:
+    - libxml2
+    - libxml2-devel
+    - openssl
+    - zlib
+    - gnutls
+    - nettle
+    - gmp
+    - libtasn1
+    - p11-kit
+    - lz4-c
+    - libiconv
+  run:
+    - libxml2
+    - openssl
+    - zlib
+    - gnutls
+
+tests:
+  - package_contents:
+      bin:
+        - openconn-cli
+      files:
+        - sbin/openconnect
+        - lib/libopenconnect.so
+        - lib/libopenconnect.so.5
+        - lib/libopenconnect.so.5.9.0
+        - share/man/man8/openconnect.8
+  # - script:
+  #     - openconnect --help
+  #     - openconnect --help | grep -q "gp-app-version" && echo "GlobalProtect app version patch found!"
+  #     - openconn-cli --help
+  #     - openconn-cli --help | grep -q "gp-app-version" && echo "GlobalProtect app version patch found in openconn-cli!"
+
+about:
+  homepage: https://www.infradead.org/openconnect/
+  license: LGPL-2.1-only
+  summary: OpenConnect VPN client with GlobalProtect app version patch
+  description: |
+    OpenConnect is a client for Cisco's AnyConnect SSL VPN and other compatible
+    VPN servers. This version includes a patch that adds the --gp-app-version
+    option for GlobalProtect protocol compatibility.