So, after few tries, I set up Site to Site tunnel with PSK and XAuth. RUTXR side are behind NAT with private IP, this means Aggressive mode, and XAuth require IKEv1. SITE2 - id for IPsec tunnel and site_s2 - are user login for authentication, which must exist on remote VPN server.
So to provision such setup, turn on Multiple Secrets switch and enter PSK and XAuth records for this tunnel under Global Secrets Settings.
Local Identifier: SITE2
SITE2 - PSK - "PSK string"
site_s2 - xauth - "user_password string"
XAuth identity: site_s2
P.S. Too bad attached pictures are sized to such small dimensions, what became unreadable.