Wireguard?

Well, you can already use OpenVPN on many Zyxel firewalls, like the flex h, so that choice is already here. I also don't think that will go away. OpenVPN and Ipsec will stay for the time being, don't worry about them, because there is stuff like FIPS in the US and the BSI standards in Germany, which mandate certain algorithms. And you can't just change the algorithms in Wireguard willy nilly like you can in OpenVPN or Ipsec (downgrade attacks ahoi), so whenever you're bound to compliance you can't use Wireguard anyway (in the foreseeable future).

But as an IT Security professional I would really like to have the choice to use Wireguard whenever I can. The design is just so elegant. Like, you can't even discover an open Wireguard port via portscan or whatever, because the server won't even respond when a client can't authenticate in the very first package sent. No variable length header fields, no attack surface for downgrade attacks, no worrying about DDos attacks. And if you care about post quantum security, you can use a pre shared key in addition to ed25519. Just beautiful. Whenever you can, I strongly recommend using it. Whenever you can't, OpenVPN and Ipsec will not go away anytime this decade, probably even longer.

@Zyxel_Melen
Yes, I do think it does. Sure, with Tailscale there are many more moving parts than with statically configured Wireguard, however I do think that the added complexity is worth it in relation to the features it brings. Maybe the option to configure an own Tailscale control server (like a self hosted Headscale) instead of only tailscale.com would be nice, either for cost reasons or to not entrust the configuration of the VPN infrastructure to an external provider.
Other than that, I do think this is a big step forward 👍