One thing to check is if MFA is enabled. MFA should be disabled for RADIUS when you're setting it up and testing. Most testing tools can not handle the challenege-response flow with MFA enabled.
Also make sure that the RADIUS ports are open. By default, the Okta RADIUS Agent uses UDP over port 1812, but that's configurable. That port must be open between the VPN device and the RADIUS Agent for authentication to succeed.