Generally this question is asked because a pptp login causes 'cant find mppe key' errors in the server log...
The process starts with a vpn user with a unique string in its name
You must have a vpn user in the directory where your users are stored.
to search both local and ldap
dscl /Search -list /Users | grep vpn
to search local
dscl . -list Users | grep vpn
so search ldap - depends on your path, but is generallly this
dscl /LDAPv3/127.0.0.1 -list Users | grep vpn
In my case, this reveals the unique username
vpn_70bde2690380
Now open keychain utility and search for the ID. In my case, I can search 70bd to find the entry with a name of com.apple.ras. Open the entry, and choose to show password.
If you don't have the user in your LDAP (where your users are) or are missing the keychain entry, you can recreate them with vpnaddkeyagentuser. Not a bad idea to delete and com.apple.ras entries from the keychaijn first, then add run vpnkeyagentuser for both local and ldap (if thats where your users are)
For more info
man vpnaddkeyagentuser