[bogomipz]

I'm not following. Your link appears to be specific to corporate environments. The title of the document is:

"VPN overview for Apple device deployment."

It further states "Secure access to private corporate networks is available in iOS ..."

An individual iPhone user who is not using a company issued device would not be beholden to MDM restrictions or profiles. Nor would access to "private corporate networks" be necessarily relevant.

[dljsjr]

It's written that way because the target audience is enterprise IT folks who are managing fleets of employee devices, but you can freely use MDM profiles as a consumer. It's certainly not user-friendly which is why I commented that the way it works for VPN clients installed as apps could be seen as a dubious implementation.

[neilalexander]

You can create and install mobileconfig profiles on any iPhone, even unmanaged.

[bogomipz]

Yes and if it's an unmanaged device it is by definition not being managed by an MDM. The title of the link makes it clear that the context is "device deployment." Further the section un the linked article states"Always On VPN"

">Always On VPN activation requires device supervision."

Supervision denotes a managed device"

"Supervision generally denotes that the device is owned by the organization, which provides additional control over its configuration and restrictions."[1]

No regular non-corporate iOS device user is ever likely to be downloading manually distributed mobile profiles.

[1] https://support.apple.com/guide/deployment/about-device-supe...

[Twisell]

I once was invited to install a profile as a beta testing user. I guess this process is now streamlined through the TestFlight app though.