Hello,
While I haven't personally tested this configuration, it may be possible via CLI. Likely, you wont be able to achieve this configuration via WebUI.
As far as I know, in terms of supporting multiple users, the "conn rwPUBKEY" part of the configuration you mentioned may not directly support multiple users. Each client should have a distinct identifier (such as rightid or FQDN) to differentiate them on the server. Without unique identifiers, the server may not be able to distinguish between multiple clients, and only the first connection will be established while subsequent connections remain in the "connecting" state.
One approach to support multiple users is to configure multiple "conn" sections in the IPsec configuration, each with its own set of X.509 certificates for authentication.
Kind Regards,