PJSIP: Anonymous call is unauthorized

I have an endpoint which cannot be identified by the auth username. So From=“Anonymous” sip:anonymous@anonymous.invalid and the Authorization header contains the username but the endpoint cannot be found. What can I do?

You can configure an endpoint to be matched using the username in the auth header by specifying “identify_by=auth_username” on the endpoint. You would also need to configure the endpoint_identifier_order in the global section.

Otherwise you would need to provide the configuration and the SIP traffic (pjsip set logger on) if the above does not work.

identify_by=username,auth_username
endpoint_identifier_order=auth_username,username,ip,anonymous

I have multiple endpoints with the same auth. Can I use the Contact header in the INVITE to identify the endpoint?

There is no mechanism currently to do that.

So I can identify my endpoint by ip only? (auth username is not possible)

The options for identifying an endpoint are the following:

User portion of the From header
Authentication username
IP
Generic header (can’t currently be Contact)

With the data you’ve provided that would leave IP.

Why is this function not already implemented? To me, using the contact user makes much more sense than the username/auth username or the ip address. I even thought it’s normal to analyse the contact header.

Is there any patch or a pull request?

It’s not implemented because noone has ever needed it or written it. I know of no patch to do it. Whether the Contact would even be viable or not really depends on the endpoint itself - some put in an IP address only, some put a random user, some put other things. It’s not something you can depend on in all circumstances.

The user part of the Contact header is opaque data, so, if you make assumptions about what it will contain, you are relying on implementation details that are not specified by SIP.