Where macOS keeps VPN Network configuration?
When using the Default profile with Configuration: for the VPN and modifying its settings, the /Library/Preferences/com.apple.networkextension.plist file, the one starting in the root of the e.g. Macintosh HD, not your Home folder, will contain the VPN settings.
Also note that if you select Add Configuration... with Configuration: for the VPN, then some information is also stored in the ~/Library/Preferences/ByHost/com.apple.networkConnect.<UUID>.plist file for the VPN as well.
By the way, you can use the defaults command e.g. defaults read /Library/Preferences/com.apple.networkextension.plist, to read this and other .plist files, you do not necessarily need to use plutil to convert to XML in order to read them.
You can also try using the scutil command, which should break the dependence on actual .plist file locations, which are fluid from version to version.
You can even register for notifications on networking events, such as vpn connections.
man scutil
Also:
[chiggsy:Faithless:0:~ ]$ scutil --help
usage: scutil
interactive access to the dynamic store.
or: scutil --prefs [preference-file]
interactive access to the [raw] stored preferences.
or: scutil [-W] -r nodename
or: scutil [-W] -r address
or: scutil [-W] -r local-address remote-address
check reachability of node, address, or address pair (-W to "watch").
or: scutil -w dynamic-store-key [ -t timeout ]
-w wait for presense of dynamic store key
-t time to wait for key
or: scutil --get pref
or: scutil --set pref [newval]
or: scutil --get filename path key
pref display (or set) the specified preference. Valid preferences
include:
ComputerName, LocalHostName, HostName
newval New preference value to be set. If not specified,
the new value will be read from standard input.
or: scutil --dns
show DNS configuration.
or: scutil --proxy
show "proxy" configuration.
or: scutil --nwi
show network information
or: scutil --nc
show VPN network configuration information. Use --nc help for full command list
or: scutil --allow-new-interfaces [off|on]
manage new interface creation with screen locked.
or: scutil --error err#
display a descriptive message for the given error code
scutil with no options puts you into a shell and you can see the raw configd data
VPN options:
scutil --nc help
Valid commands for scutil --nc (VPN connections)
Usage: scutil --nc [command]
list
List available network connection services in the current set
status <service>
Indicate whether a given service is connected, as well as extended status information for the service
show <service>
Display configuration information for a given service
statistics <service>
Provide statistics on bytes, packets, and errors for a given service
select <service>
Make the given service active in the current set. This allows it to be started
start <service> [--user user] [--password password] [--secret secret]
Start a given service. Can take optional arguments for user, password, and secret
stop <service>
Stop a given service
suspend <service>
Suspend a given service (PPP, Modem on Hold)
resume <service>
Resume a given service (PPP, Modem on Hold)
ondemand [-W] [hostname]
ondemand -- --refresh
Display VPN on-demand information
trigger <hostname> [background] [port]
Trigger VPN on-demand with specified hostname, and optional port and background flag
enablevpn <service or vpn type> [path]
Enables the given VPN application type. Takes either a service or VPN type. Pass a path to set ApplicationURL
disablevpn <service or vpn type>
Disables the given VPN application type. Takes either a service or VPN type
help
Display available commands for --nc