So, following up on previous comments and reading the Strongswan docs on Responder Configuration in a bit more detail, it sounds you can configure clients with static IPs using this setting on the server:
Along with this setting on the client based on the Initiator Configuration option that I mentioned previously:
leftsourceip=<your desired static ip here>
The commentary on the responder section states that:
Alternatively, the responder may define the following to let the client choose an address. This is not recommended if the client is not completely trusted.
Since it sounds like you trust all your clients, try specifying a static IP in the client’s
leftsourceip setting. The
rightsourceip=%config should ensure that Strongswan will accept the client’s request.
Do note that you’ll need to keep track of which client has which static IP, since Strongswan won’t be keeping track of which is assigned or duplicated.