An opaque profile file that you double click and your VPN connectivity works makes as much, if not more sense for end users than endless screens of incomprehensible parameters.
No. There are plenty of setting an end user shouldn't normally poke around in, that are still accessible under something like an Advanced button, or are an Option-click away. This should be no different.
What if I'm a consultant, with a Mac, and I need to access a client's VPN? They aren't going to change their router just for me, and they aren't going to provide me an MDM profile.
Why wouldn't they provide you an MDM profile? Lots of companies have committed in writing to ensuring that anyone with access to prod is using an endpoint registered with MDM; that comes up on self-assessment questionnaires.
The fact that opaque configuration makes it harder for randos to get temporary access to VPNs does not seem like a hardship from my vantage point of managing security teams.
What if I'm a consultant, with a Mac, and I need to access a client's VPN? They aren't going to change their router just for me, and they aren't going to provide me an MDM profile.