I have seen an example open a new thread per client.
Just because the example does it, doesn't mean that you have to do it.
You can still use a single input socket (I presume they do that in the example?) and as long as you associate contexts for the OpenSSL library with the correct remote source (using some hash table, typically,) it can all live in the same thread.
Unfortunately, I haven't used OpenSSL DTLS in anger, and don't remember the exact names of the data structures/functions, so I can't contribute more than that.