Why are VPNs so shitty (so little native IPsec)

I’m really frustrated. Somehow there seems to be some best practice / standard solution for everything but VPNs.

So pretty much everyone online suggests OpenVPN which don’t get me wrong is nice but I just don’t enjoy the implementation. It is not very well equipped for enterprise use and is a bit fiddly. Also, every business use case costs a lot of money.

Now many times I hear that using your router or firewall systems as VPN makes sense. Unfortunately, those that I have worked with have been absolute garbage. Furthermore, with any higher number of active users, I doubt that it performs well. Am I wrong?

Standalone hardware VPNs have caught my eye as well. I just don’t quite understand the benefits over server-hosted solutions.

I just want native IPsec L2TP! Mac OS, Windows 10, iPhone, and even Android all bring their native IPsec stack with them. Is there an open-source project that offers native IPsec configuration files for all those devices?

My dream software would be one that can connect to LDAP for vpn config creation. Basically, I want the system to make certificates for each user in a LDAP vpn group. Then, users log in to a web interface using their LDAP login (maybe with an additional 2F) and can download their vpn config file that configures their OSs native IPsec stack. After that, they only should have to toggle a button. Why does every VPN require its own client? Am I thinking about this all wrong?

I often work for those small and medium-sized companies that often have a BYOD policy. This is the first time I’m asked to help with a VPN strategy and I have to say I’m not comfortable consulting on this topic. But I would like to at least know a bit more about the topic.