How can I move from cisco vpn client to vpnc? Is vpnc safe??? pitfalls?

VPNC is open source and Cisco VPN is proprietary. Open source rules.  

There are two types of vpn connections. One that involves ssl (certificates)  and other that involves only groupname and password. Best way would be to install with ssl support, so all cases will be handled. Steps as below

1. First, you need to have development version of two packages (libgcrypt and openssl) installed as a dependency. VPNC compiles with these two and They do not come bundled with vpnc.

In case of fedora, you could use yum to install these with the command
> yum install libgcrypt libgcrypt-devel openssl openssl-devel

2. Next download vpnc from here
wget http://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-0.5.3.tar.gz

3. Change to root user and do
  > tar -xvzf vpnc-0.5.3.tar.gz; cd vpnc-0.5.3

4. Open Makefile and uncomment the following lines. This is to enable ssl.
#OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
#OPENSSLLIBS = -lcrypto  

5. Run the following commands
   > make
   > make install

6. This comletes vpnc setup. Now we need to add the configuration containing the details for the connection you need to establish (vpn host, groupname .. etc). Configuration files for vpnc are taken from "/etc/vpnc" directory and should have .conf extension. We can add our own configuration files here. To do this, simply open a file say /etc/vpnc/office.conf and add your configuration details. A sample file content would look like this.

IPSec gateway <IP address of your gateway here>
IPSec ID MyVPN <Group name of your VPN here>
IPSec secret <Group password in plaintext here. If not known, use IPSec obfuscated secret>
IPSec obfuscated secret 234AB765C <Encrypted group password here. Only if you don't know the above>
#IKE Authmode hybrid <keep this setting unless it's different for your VPN. This corresponds to the MutualGroup authentication in Cisco VPN.>.
#CA-File <Full path to the root server certificate file. This is needed in case hybrid option above is uncommented.>
#Xauth username <your vpn username here. Uncomment this line to avoid user name prompt>
#Xauth password <your vpn password here. Uncomment this to avoid password prompt>

You could also use pcf2vpnc to create the conf file from your Cisco vpn configuration. The tool can be downloaded from here-
http://svn.unix-ag.uni-kl.de/vpnc/trunk/pcf2vpnc
Use the tool as
> chmod a+x pcf2vpnc
> pcf2vpnc [Cisco vpn pcf file>] > /etc/vpnc/office.conf

7. Some housekeeping. vpnc needs to be run as root always. To avoid having to change to root everytime, add the following in /etc/sudoers
<username> ALL=NOPASSWD: /usr/local/sbin/vpnc
<username> ALL=NOPASSWD: /usr/local/sbin/vpnc-disconnect

Also remove any default vpnc installations present. You could end up using these. e,g  In fedora, you could find "/usr/sbin/vpnc".
> rm -rf /usr/sbin/vpnc /usr/sbin/vpnc-disconnect
> ln -s /usr/local/sbin/vpnc /usr/sbin/vpnc
> ln -s /usr/local/sbin/vpnc-disconnect /usr/sbin/vpnc-disconnect

8. Once you have completed the configuration, you can establish and disconnect vpn connections with the commands below. Note that "office" corresponds to the office.conf created earlier
  > sudo vpnc office
  > sudo vpnc-disconnect

Few comments-
A. In case of certificate authentication, you need to have the certificate in plaintext format. You should be having it if you are already using cisco vpn client. Usually it is present in the vpn setup folder (name rootcert). If you were using vpn in windows and you are trying to use vpnc in linux, there are chaces you won't have the certificate. Cisco vpn copies over the certificate to its internal format during install. In case of windows, the certificate present in the setup would get instlled into cisco vpn internal format and you might not find rootcert file in the installation folder. Personally, I tried exporting the certificate using cisco VPN client and converting it to PEM format. But it was no good. Cisco exports the certificate in some proprietary format and I could not convert. Usually you should be able to get this from you company VPN admin.

B. If you are using a certificate and you get an error like
vpnc: quick mode response rejected:  (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)

As a last step of establishing connection, vpnclient sends a greeting message to server. If the host cisco concentrator does not get what it is expecting, it ends the connection abruptly. So to fix this, change the following in config.c
old line - asprintf(&version, "Cisco Systems VPN Client %s:%s", VERSION, uts.sysname);
new line - asprintf(&version, "Cisco Systems VPN Client %s:%s", "4.8.01 (0640)", "Linux");

After changing the lines , you will have to do
> make clean; make; make install

Its a long explanation, but hope it helps