IPSec IKEv2 is actually pretty good

It's pretty good if you have two devices that support the same proposed ciphers and don't implement other non-standard behaviour (I'm looking at you, Juniper). It's eye-bleed otherwise.

Why Juniper? I would not trust proprietary stuff over Strongswan, even if it worked correctly :) And Apple IKEv2 native clients work fine too.

strongSwan is literally 2 orders of magnitude more code than WireGuard, and for all that you get 1990s cryptography. Why would you trust it at all?

Trust must be earned. In crypto it is mostly by time, since it takes quite a few research papers to arrive at scientific consensus.

Codebase size is good argument, but consider how many optional components are in Strongswan, tens of RFCs supported. You can build it smaller omitting it in make.

And what is the size of OpenBSD iked?

Try again. strongSwan hasn't earned trust. It's had something like 30 vulnerabilities over the last 10 years, including 6 code execution vulnerabilities. And strongSwan is considered one of the better IPSEC implementations! What do I care whether it bought support for "tens of RFCs" with those vulnerabilities? I don't want "tens of RFCs". I want a working VPN and no vulnerabilities.

Bugs scale with C codebase size, full stop.

Is it?

You are holding the rope you're hanging on. Your choice :)