You should not use preshared key to establish an IPSec tunnel because X.509 authentication is more secure. ZeroShell manages X.509 certificates with its CA. You have just to add your Windows XP Client into Host LDAP database of ZeroShell and automatically a related certificate with private key will be created. Then you must export it in pkcs12 format and import it in the Account Computer of XP. To do it you have to use mmc console using administrator user.