The problem is when i turn on iptables the local phones cant hear between two phones, when i turn off, i have audio but dont have network for vpn clients.
There are my iptables:
# Generated by iptables-save v1.4.7 on Fri Oct 11 00:49:51 2019
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [3:779]
:OUTPUT ACCEPT [3:779]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
Completed on Fri Oct 11 00:49:51 2019
Generated by iptables-save v1.4.7 on Fri Oct 11 00:49:51 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [25:7021]
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22000 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
If the phones are connecting back to FreePBX through the VPN, they should not be using any kind of NAT. In my experience, there are softphones that need NAT=yes even though the use a VPN, like csipsimple, as they advertise their non-vpn IP to Asterisk.
You should first review your iptables rules. It seems they are messing with your configuration and that seems strange. Are you using the firewall module or are you configuring iptables manually?
Install the firewall module and configure the SIP settings correctly with your LAN and VPN networks. Add those networks to the trusted networks in the firewall and try making calls. It should work.