ikev2 2 sessions under one certificate

Using same certificate might work..? If you ignore remote-id if I am not mistaken. Then VPN server cannot identity any of your client who is who, so just assigns random IP from the pool.

Anyway, it’s better to generate a separate certificate for each client and select “match-by=certificate” as well as “remote-certificate=”. Source: me with some testing.