I am testing the IPsec VPN. It's working great with users set up in Local Directory. So I configured RADIUS on Windows Server 2012 and installed the trial of Directory Connector. I configure it, and when I try the RADIUS test with a known username and password, it returns "RADIUS authentication successful!" When I put in a bad password, it returns "RADIUS authentication failure." So the RADIUS Connector seems to be working just fine.
However, when I switch the IPsec VPN User Authentication to RADIUS from Local Directory, it does not work. When I attempt to connect from Windows VPN, I get:
Verifying user name and password...
Error 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.
I've tried including the domain info, excluding domain info, checked the Network Policy settings, but can't seem to get anywhere. I'm using MS-CHAP v2 for Authentication Method. Like I said, the RADIUS Test works. Any help would be greatly appreciated!