Debian

How to assign a static IP to StrongSwan clients?

There is a VPS with a white IP address. System - Debian 10. VPN - IKEv2 is raised by means of strongSwan. Login/Password authorization + SSL certificate (Let's Encrypt). IP addresses for clients are issued from the pool 192.168.103.0/24. I set it up according to this manual - https://www.krasovsky.me/it/2016/08/strongswan-ikev2/ .

strongSwan configuration
file /etc/ipsec.conf

config setup
  # Раскомментируйте, если хотите несколько подключений на один логин
  # uniqueids=never	

conn %default
  dpdaction=clear
  dpddelay=35s
  dpdtimeout=300s

  fragmentation=yes
  rekey=no

  left=%any
  leftsubnet=0.0.0.0/0
  leftcert=fullchain.pem
  leftfirewall=yes
  leftsendcert=always

  right=%any
  rightsourceip=192.168.103.0/24
  rightdns=8.8.8.8,8.8.4.4

  eap_identity=%identity

# IKEv2
conn IPSec-IKEv2
  keyexchange=ikev2
  auto=add

# BlackBerry, Windows, Android
conn IPSec-IKEv2-EAP
  also="IPSec-IKEv2"
  rightauth=eap-mschapv2

# macOS, iOS
conn IKEv2-MSCHAPv2-Apple
  also="IPSec-IKEv2"
  rightauth=eap-mschapv2
  leftid=vpn.krasovsky.me

# Android IPsec Hybrid RSA
conn IKEv1-Xauth
  keyexchange=ikev1
  rightauth=xauth
  auto=add

include /var/lib/strongswan/ipsec.conf.inc

file /etc/ipsec.secrets

: RSA privkey.pem

user1 : EAP "password1"
user2 : EAP "password2"

Installed DHCP server dnsmasq for distributing routes.
file /etc/dnsmasq.conf

dhcp-vendorclass=set:msipsec,MSFT 5.0
dhcp-range=tag:msipsec,192.168.103.0,static
dhcp-option=tag:msipsec,6
dhcp-option=tag:msipsec,249, 0.0.0.0/1,0.0.0.0, 128.0.0.0/1,0.0.0.0

The question is: How can a client with login "user1" be given an IP address of 192.168.103.100, and a client with login "user2" should be given an IP address of 192.168.103.200? MAC<->IP binding is not considered as clients will cling from different devices. You need to bind exactly Login<->IP. When building a PPTP tunnel, this was done in an elementary way, why is this not possible here? Or am I just looking in the wrong place?