I think this was the point of WG. OpenVPN/IPSec/etc are beasts since they include all of the above. OpenVPN is TLS based! That makes adding it into the kernel difficult, and you need kernel access or exotic stuff like VPP/DPDK for speed.

I do agree with your overall sentiment, though. The next step is to make a higher level protocol on top.