Clearly you have not thought this all the way through @liquidjoe which is probably because you don’t do this in large scale production environments. It’s more than just setting up the VPN it would also mean making sure that there are not any overlaps in the network routing between all of these clients, which is why it’s just not a practical solution.
We don’t need to open ports or use VPN’s on clients networks to admin them because we have other tools that allow us to do this, here is a full list of them as of September 2023: