Configuration Quickstart :: strongSwan Documentation seems streamlined enough. That's why I seriously considered ipsec vpn with strongswan despite ipsec vpn's limitations. I prefer something that I can actually understand how to set up.
For my network's size, even something like yggdrasil with some port forwarding can work.... Actually, yggdrasil with port forwarding for machines that can't run a full operating system is simplest at my current scale.
I believe openziti is manageable with a streamlined configuration guide, but the documentation currently doesn't make it easy to understand how to set it up from scratch manually.
I've gone through it numerous times here on the forums and numerous times on YouTube. Here's one that I did last year for a discourse user (referenced on this post):
Yes, certainly. That's THE first step in the quickstart and on that gist. The first 100 lines of that gist are dedicated to setting up the PKI... It's 2/3 of the whole script