WireGuard's connect times seem downright magical.
Standard VPN protocols such as OpenVPN or IPSec have a slow and complex handshake process. This is mainly because of so many configuration options that both client and server have to agree on. WireGuard relies on crypto versioning. If a devastating cryptographic attack against one of WireGuard's underlying primitives is discovered, a new WireGuard protocol will be devised as a total package.
After such an update, a WireGuard client and WireGuard server would simply need to say "let's use v2.0 instead of v1.0!" and be off to the races. (This is in contrast to a crypto agile negotiation, in which client and server must negotiate and agree on every single primitive and key length, piece by piece.) Once an admin is certain all of their clients have been updated to support the new protocol, they could simply disable the 1.0 protocol at the server and be done with it.