I thought this seemed familiar and after looking around I found I had the same issue a few years ago, just forgot about it, @vgaetera explains what's needed for user/password with vpn server in this thread, although it sounds like its more secure to just use the certs.