Thanks for that. We did track it down to a problem with native bridging. In this case, Asterisk assumed that the VPN was publicly accessible - but it isn't! The fix we've found is to setup all VPN-based sip devices with canreinvite=no, but I'm not sure if this is the best way to do that.