Basically for vpnc, it' s very simple. You will need to modify your vpnc.conf file and place the group, xauth information.
Now what that said, I never used it against a fortigate, but the setup should be the same. I would be suspected of what to apply for the group setting but I' m sure it would be remote-peer identify. You will have to play around with it.
I' m doing some FGT-3040 install next week, so maybe I might give it a try and see what happens on one of my VMs.
Here' s my vpnc.conf that I use to a ASA.
#
IKE Authmode hybrid
IKE DH group dh2
IPSec gateway vpn01.xxxx.net
IPSec ID RAWARRIOR
IPSec secret Ims0s3cur3d
IPSec target network 10.20.87.0/255.255.255.0
IKE Authmode PSK
Xauth username neteng-admin
Xauth password Temporary
#
note: LinuxOS = Debian Lenny with bigmem kernel support but I don' t think I had to do anything special within the kernel or recompile anything.
You might be better off using the shrewclient or the real cisco IPSCE client to test ALL parameters and then craft the same for vpnc setting on your LinuxOS. This way you can conduct better diagnostics and get better debug information, and less beating your head into the wall.
I did this when working on how to use my cisco IPSEC client against a fortigate and yes, I got it to worked :)
Same as with the vpnclient or vpnc, you can import a .pcf file extension for cisco into your env and conduct all on the CLI with no interaction. I did this when crafting some linux-fw-gateway devices and in the same fashion of what the cisco EzVPN does for client xauth access.
I don' t think Fortinet has ever came up with something similar ( a PCF file ) that would allow you to hand over all of the vpn-gw information, and just have one pre-configuration file to ease remote-access VPNs.
I think you will have to do some experimentation, no matter what path you go. But I pretty much try all of the above with 3des/AES128 and your choice of diffiehellman group 2 and with PSK or hybrid ( PSK +xauth ).
I never tried any of the above with pfs enabled btw. Like I suggested above, you have to play around with it. On my ASAs it was quite simple to craft a tunnel-group for iPhone/Androids and then one for other users and get it all working with little problems. Only my androids had problems and mainly withe sslvpn and OpenVPN connections.