Hi,
all right, I’ll elaborate on this a bit more. 
Assuming you have already read the wiki page mentioned above, you will need to do the following steps:
-
Save the root and host certificates of both IPFire machines. Ensure you can tell them apart later, e. g. by putting them into different folders.
-
On IPFire machine A, upload B’s root certificate. On B, upload A’s root certificate.
-
On both IPFire, create a new IPsec Net-to-Net connection, and fill in all basic information (destination FQDN, routed IP networks, etc.), as you already did with your PSK-based connection.
-
When it comes to authentication, click “upload a certificate” on both IPFire machines.
-
On IPFire A, upload B’s host certificate. On B, upload A’s host certificate.
-
Save the connection.
That’s it. The only trick is not to confuse root and host certificates, and not to confuse the certificates of A with those of B.
Thanks, and best regards,
Peter Müller