In the chapter 17.2 of the wiki, there is a good example how to use ipsec without l2tp
Each client shall have a certificate but can the client certificate be the same for all clients ?
Id guess that only if the clients are not connected or want to connect at the same time. I use the same client cer for multiple machines in OVPN. However since i am the user they can not connect at the same time.