You should be able to track the steps of the connection buildup and failure in your log files, both on the client as well as on the server.
Also, you might look into this: http://support.apple.com/kb/HT4748
You can find the shortname for the vpn user in Workgroup Manager->View System Records
This is the solution that worked for me when using L2TP, and only the server admin could login as VPN user.
In vpnd.log there should be an error about 'failing to retrieve MPPE encryption keys' for the user trying to logon. Maybe best if you check that first.