Ok, you're not the first one blaming me for defending or gatekeeping, even calling me selfish, so I guess I need to clarify myself a bit: I love WireGuard, Tailscale does a great job making it even more "user" friendly and I'm nowhere suggesting to invest in IPSec instead of something "modern" (or do you mean something invented not longer than 3 years ago?). You're missing my point, putting words in my mouth and you seem to not know what you're talking about if you think for example WireGuard is an alternative for IPSec/IKEv2, because in a lot of cases it's not. You're even calling IPSec/IKEv2 outdated. There's a difference between the protocol and the configured crypto algorithms. If the configured algorithm is outdated, configure a modern one. If that's not possible in your device supporting IPSec/IKEv2, vote with your money and don't buy from that manufacturer. Don't blame IPSec/IKEv2 for it.
Unless there is an alternative it can't be outdated, per definition. WireGuard is not an alternative in many cases. But I get your point, it might have design mistakes (or implementations we would have done different today, while I think you are talking about IKEv1, not IKEv2), but no IPSec/IKEv2 server is left open for scriptkiddies to break, it's receiving updates when bugs are found and in this sense not outdated too. Unless you're using outdated crypto algorithms, but that's up to you. The NSA possibly has capabilities to break IPSec/IKEv2 anytime they want, but that's something we don't know about WireGuard either. If that's the case with WireGuard, it has design flaws too or bugs which aren't found yet. It's better to know about a design flaw and mitigate against it, then not knowing about it and not being able to mitigate against it.
