Docker openvpn unresolvable

i would like to host my own vpn on vpn.my-domain.com.
i have followed this tutorial
my compose file:

version: "3.7"
services:
  traefik:
    hostname: "traefik"
    image: "traefik:latest"
    container_name: "traefik"
    restart: always
    domainname: ${DOMAINNAME}
    command:
      - "--log.level=DEBUG"
      - "--log.filepath=/logs/traefik.log"
      - "--accesslog.filepath=/logs/access.log"
      - "--accesslog.filters.retryAttempts=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/opt/traefik/rules"
      - "--providers.file.watch=true"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.traefik.address=:9103"

      - "--certificatesResolvers.mydnschallenge.acme.email=${MY_EMAIL}"
      - "--certificatesResolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
      - "--certificatesResolvers.mydnschallenge.acme.dnsChallenge=true"
      - "--certificatesResolvers.mydnschallenge.acme.dnsChallenge.provider=cloudflare"

    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

    environment:
      - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
      - CF_API_KEY=${CLOUDFLARE_API_KEY}
    ports:
      - "80:80"
      - "443:443"
      - "9103:9103"
    volumes:
      - ${USERDIR}/docker/traefik/acme:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${USERDIR}/docker/traefik/file-based-rules:/opt/traefik/rules:ro
      - ${USERDIR}/docker/traefik/logs:/logs

  openvpn:
    cap_add:
      - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
      - "1194:1194/udp"
    restart: always
    volumes:
      - ${USERDIR}/docker/openvpn/conf:/etc/openvpn
    environment:
      - DEBUG=1
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.openvpn.entrypoints=web"
      - "traefik.tcp.routers.openvpn.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.openvpn.service=openvpn"
      - "traefik.tcp.services.openvpn.loadbalancer.server.port=1194"

the traefik dashboard tells me something is up with the openvpn service, but there is nothing but debug messages in the traefik logs (ie. no warnings or errors)

the openvpn app cannot resolve vpn.my-domain.com.

any pointers on how to debug or what might be wrong or if im missing some security would be greatly appreciated!

I don't think that traefik supports UDP yet: https://github.com/containous/traefik/issues/5048