I wanted to answer sooner, but I've been busy with the troubleshooting of the vpn, thank you for your suggestions.
There is a generic error when a client cannot connect, error like 'the connection was interrupted' or ' check your network settings'. I've tried turning off the firewall and Symantec, but this didn't solve the problem.
I've examined the IP's and can't find a pattern.
The firewall allows the echo request ICMPv4, it's just certain IP's that can't ping, this doesn't mean that the can't connect, but IP's that can't connect, can't ping the server. Today I had a strange result when pinging the server, for the address we use 'exchange.domain.nl' this points to 'office.domain.nl', but the ping command displayed this as ' OFfiCe.domain.nl', from the IP's that work it is 'office.domain.nl' without the capitals. Maybe it's nothing but it seems strange.
Today I installed a new server with the DC role and just the RAS role, during the day I could connect from various sources: hotspot via mobile and via a mobile datastick that gets a new IP everytime it's used, so that looks hopeful but I'm still a little cautious. Tonight they are going to test the VPN.
I will keep you informed but I'm still open for idea's and suggestions!