Docker openvpn UDP resolution

Now that traefik 2.2 supports UDP, I've decided to revisit the issue I previously described in Docker openvpn unresolvable

I would like to host my own vpn on vpn.my-domain.com.
I have followed this tutorial
My compose file:

version: "3.7"

services:

  traefik:
    hostname: "traefik"
    image: "traefik:latest"
    container_name: "traefik"
    restart: always
    domainname: ${DOMAINNAME}
    command:
      - "--global.sendAnonymousUsage"
      - "--log.level=DEBUG"
      - "--log.filepath=/logs/traefik.log"
      - "--accesslog.filepath=/logs/access.log"
      - "--accesslog.filters.retryAttempts=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/opt/traefik/rules"
      - "--providers.file.watch=true"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.udp.address=:8093/udp"
      - "--entrypoints.traefik.address=:9103"

      - "--certificatesResolvers.mydnschallenge.acme.email=${MY_EMAIL}"
      - "--certificatesResolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
      - "--certificatesResolvers.mydnschallenge.acme.dnsChallenge=true"
      - "--certificatesResolvers.mydnschallenge.acme.dnsChallenge.provider=cloudflare"

    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"


    environment:
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
      - CF_API_KEY=${CLOUDFLARE_API_KEY}
    ports:
      - "80:80"  # may be necessary for cert renewal?
      - "443:443"
      - "9103:9103"
    volumes:
      - ${USERDIR}/docker/traefik/acme:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${USERDIR}/docker/traefik/file-based-rules:/opt/traefik/rules:ro
      - ${USERDIR}/docker/traefik/logs:/logs

  openvpn:
#    keys made using https://github.com/kylemanna/docker-openvpn/blob/master/docs/docker-compose.md
    cap_add:
      - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
      - "1194:1194/udp"
    restart: always
    volumes:
      - ${USERDIR}/docker/openvpn/conf:/etc/openvpn
    environment:
      - DEBUG=1
    labels:
      - "traefik.enable=true"
      - "traefik.udp.routers.openvpn.entrypoints=udp"
      - "traefik.udp.routers.openvpn.service=openvpn"
      - "traefik.udp.services.openvpn.loadbalancer.server.port=1194"

The traefik dashboard shows everything set up successfully.

Any pointers on how I can get cloudflare dns routing to traefik so that the openvpn app can resolve vpn.my-domain.com would be greatly appreciated!