Unfortunately, none of the four tests included the sip debug info. When Asterisk is reloaded or restarted, sip debug (and pjsip logger) are turned off. After reload or restart, you have to re-issue the
sip set debug on
command to re-enable it. Since you had to configure a softphone to do the tests, it is not surprising that Asterisk was at least reloaded.
However, what’s strange is that the logs show that Asterisk was restarted right before each test, even though you were only changing router parameters. Did you do a restart on purpose? Were there any changes to the PBX config between tests?
In general, it is best practice to forward the RTP port range (default is UDP 10000-20000) to the private address of the PBX. It is necessary in some situations (such as forwarding an incoming call to a mobile) to get any audio. However, in the simple case of an outbound call from a local extension, it usually doesn’t matter, because audio from the extension is being sent out on the trunk, so audio from the trunk appears to the router as ‘replies’ and gets passed to Asterisk and eventually the extension. Although incoming audio would fail if Vitelity didn’t do ‘symmetric RTP’ (sending audio to whatever port it came from) and Mikrotik modified the source port number, I didn’t address that issue, because in your first post you noted that Vitelity also identified a signaling problem (lack of ACK), which forwarding RTP ports could not possibly fix.
Just guessing, a change at Vitelity affecting how they handle malformed SIP. Or, an ‘upgrade’ to Mikrotik modules that affected the strangeness of chan_sip binding to port 5160, which was not listed among the service ports. Or, some other device on your network that is using UDP ports in the 10000-20000 range, requiring the router to rewrite the source ports for your RTP.
Assuming that the OpenVPN client is on the same machine as ZoiPer and the OpenVPN server is on the FreePBX machine, possibly you forgot to include 10.8.0.0/24 in Local Networks (you must restart Asterisk after changing that). Otherwise, this is a complex setup and you need to describe the VPN config in detail.