Okta Radius agent MFA

Hi,
i want to use Okta MFA on VPN gateway that doesnt support SAML. to do that, i installed okta RADIUS agent on-prem to relay the radius requests and its working fine.

i now want to enable MFA for the same.

i installed OKTA radius app, mapped the user to the app, and selected RADIUS in the AND option of sign-on rules but the authentication completely fails.

am i doing it incorrecly? what is the right way of enabling MFA for radius agent?

I would suggest opening a support ticket with Okta for issues about RADIUS. They were pretty helpful last time I reached out to them.