Port forward to a target device from VPS Wireguard (over VPN tunnel)

Let me share my experience. I have two routers deployed. I am downstream of the wireguard router which is a MikroTik RouterBOARD 951Ui-2nD running LuCI openwrt-19.07.

The 'Tic OpenWRT is checked to route all traffic via wg. Connected to it is a lowly Grandstream ATA . For several weeks I attempted to get the device configured (ATA) to connect outside the tunnel with no success. DMZ/Port Fwd nothing allowed the ATA to grab 5060-5061 5079-5080 UPD to get the provisioning. Wireguard is doing it job. Somewhat throwing in the towel I put the ATA on a third router upstream the 'Tik. Since it was no longer encumbered by the tunnel enforced by Wireguard ~ it provisioned.

However, I didn't like having another router in the house with the sole purpose of providing me Voip. I left it like that while I scoured the internet for something that would bring my back to two router and that was PBR/VPR
[vpn-policy-routing 0.2.1-13].

With this regard, I'm not attempting to dissuade you to look for the simplest solution without using PBR. I'm sharing. A third router for you, outside the wg tunnel might be an option to consider if you have not already.

If you have requisite skill in RouterOS we have a community member that could use your help @sevo, and perhaps you two can assist each other achieving goals.
Warm Regards
Bill

The Edit:
Thank you @midler for a thought provoking question:
Thank you @pavelgl for providing me a solution via PM to the ATA
vpn policy base routing is stopped/disabled

The Fix for ATA ~ Voip ~

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'
	option peerdns '0'
	list dns '127.0.0.1'
	option metric '10'     # Added Metric option 

config rule                        # confg rule where option src 'ATA Device'
	option in 'lan'
	option src '192.168.33.xxx/32'
	option lookup '100'

config route                      # option gateway 'ISP gateway'
	option target '0.0.0.0/0'
	option interface 'wan'
	option table '100'
	option gateway 'xxx.254.44.1'

/etc/config$ ip route show default
default dev SSWG proto static scope link 
default via xxx.254.44.1 dev eth0 proto static src xxx.254.44.175 metric 10 
/etc/config$ ip rule
0:	from all lookup local 
1:	from 192.168.33.xxx iif br-lan lookup 100 
32766:	from all lookup main 
32767:	from all lookup default 
/etc/config$ ip route show table 100
default via xxx.254.44.1 dev eth0 proto static metric 10

@midler
If your problem is solved, please consider marking this topic as [Solved]. This will help community members as well as visitor quickly find results. In this case possibly TWO! Happy Routing my friends. See How to mark a topic as [Solved] for a short how-to.