OpenVPN depends on TLS and basically all the code in openssl (many lines of code, not possible to audit by one person).
In a version I used, after TLS handshake it used a custom bulk data protocol and defaulted to blowfish for the crypto (these defaults might have changed since).
It runs in userspace so the speed is not good.
IPSec has better performance because it runs in the kernel, but the protocol is bad and the amount of code in the kernel is enormous, as much as all of openssl, and this cannot be audited by a single person.
Wireguard has good performance, has only ~4000 lines of code that need to be audited (designed to be audited by a single person) and uses very modern crypto.
In a version I used, after TLS handshake it used a custom bulk data protocol and defaulted to blowfish for the crypto (these defaults might have changed since).
It runs in userspace so the speed is not good.
IPSec has better performance because it runs in the kernel, but the protocol is bad and the amount of code in the kernel is enormous, as much as all of openssl, and this cannot be audited by a single person.
Wireguard has good performance, has only ~4000 lines of code that need to be audited (designed to be audited by a single person) and uses very modern crypto.