Thank you for the update and I am glad you got it working. I hate to say it, but I thought you had a certificate problem, but I did not say anything since I did not think that the certificate would have any relationship to the VPN.
You could use a free ssl service like Start SSL (www.startssl.com), but I get what you are saying. Well, good job on getting it working!
It means you need more or less an certified server to get things running well. Thererfore in the help of Server App it is explained already in the first points that you should buy a public certificate. I myself though: Ok, first I will test the server because I will not spend more money for something maybe I not like. And with this logic the server realy not working fine. For example, I found out, that I need change the certificate settings also in E-Mail-Server, but not in the Server App but in the Admin-Tool from former Snow Leopard Server. At once the TTLS error of my e-Mails vanished. So, this server seams adicted to certificate usage. 2 Weeks ago I also activated one time the selfsigned certificate to the webserver component. At once it was damaged, cannot repair anymore and I need reinstall all: First the original Snow Leopard CD, than the Lion Update, than the generell updates, than the Lion Server ... Kind of interesting sport if only a certificate is the problem, isn't it?
@bobgeo: You suggest StartSSL as free certificate service. Maybe this is realy a good starting point for someone who wants to test this Lion server. I cannot sugest using this Lion server without certificate and then searching for "virtual errors" everywhere in the system that at once vapourise if you install the certificate.
You believe Apple get some money from each certificate offerer they bring people to?
Sure, Apple is the left arm of the media industry, watch about ACTA what seams to crash in Europe now according to the people protests everywhere. Altough they prepared this ACTA topsecret and in no conventional media channel (TV or radio) here in Germany they mentioned that our politicians and we the people should get dictated this ACTA intl. tradelaw.
For me, this is all a matching story and IPv6 is only another easy way to reach this aim of Internet 2. This will be an Internet that not work without everything certified and each transaction between such certifieds are transaction usage-fee bound. This is all in the concept to get each computer clearly identified like a car with number plate, to comercialize the Internet after individuals are clearly identified, to pay taxes like the 19% VAT on each electronic transaction and a 1 Cent Communication Tax on top of all to EU-government. This they already mentioned: E-Mail should become usage-fee based, the German Government will get the 19% tax for each E-Mail and the EU will geht the 1 Cent / E-Mail transaction tax. Internet 2 will be the Internet of identity and per RFID and NFC-mobiles bound to the material as what is said "the internet of the things". If the big ones not like something they just cut you off by Ipv6 or taking your certificate.
I think it might help to keep this higher strategy such products like Lion Server is driven in mind. Then we can more easily understood the pattern of some technical things not working at much single points at the same time (without certificate) and why we are endless watching for errors, but the errors are not of technical but strategical matter: Commercializing of the free Internet 1 to become Internet 2.