If you are using a VPN to access a sensitive network (home or office), you want to make it harder for an attacker to steal keys or passwords to the network (especially since any roaming devices are more vulnerable to evil maid attacks). 2FA through a token or phone apps means they now need to compromise two devices instead of one.
OK, I get you. I think we're coming from different angles. You're concerned about getting into a network, I'm concerned on not identifying identification.
