I think my scenario is quite close to what this user here asked, but solved with layer4 & caddy-yaml:
I know which subdomains bring which traffic, could that be enough to route?
Example:
vpn.domain.tld → always UDP wireguard
turn.domain.tld → can be TCP and UDP, but UDP preferred
mumble.domain.tld → main traffic is udp
For now I’m able to use port 8080 for turn, which already enables me passing by some firewalls.