Turns out that the endpoint_identifier_order doesn’t need to be changed or set.
Setting the parameter identify_by=auth_username in the endpoint section is enough to force authentication via authentication username instead of username in the from header.
Thank you for your help, I really appreciate it.
You might also want to consider changing PJSIP to support using a registered IP address to do inbound IP based matching.
Inbound calls to Server B now work with identify_by=auth_username set on Server B, however the funny thing is if I send a call from server B to A and back to B, it fails to authenticate again, but only if I am calling from a PJSIP extension. Calling from a chansip extension works fine.
Any idea why that would be?
It’s matching an endpoint that you aren’t expecting, resulting in it challenging and failing to authenticate? Or something along those lines.
So could you say that my pjsip trunk matching on the username in the from header, that would essentially make it a " type=friend" in chansip terms, whereas matching on IP would be the equivalent to “peer”?
I don’t remember the chan_sip world so I can’t comment on that, perhaps someone else can.