Trying to sort the data SIMs and work through some of the remaining niggles. We are making some progress (we have 1500 byte MTU now). Some things are taking longer (IPv6 for a start :-( )
One thing we want to have the option to do is handle the username and password from the phone itself (or iPad or whatever). This is especially important if passing the connection to one of our customers (e.g. corporate network) as it lets them validate the user, not only by the SIM, but by other details. They could even use those clever HOTP keyrings which would be cool.
Sadly it seems that the mobile network want to send the mobile number as the username and password as the password regardless.
However, light at the end of the [L2TP] tunnel as we can tell them to not override the credentials from the phone (in a platform RADIUS response).
Except, if we do that they will reject any connection that is using the password of password. WTF? This is, it seems, quite common for phones to send when not set up with a username and password (which is, itself, quite common). Some makes of phone simply do not work.
So we can either not get any end user credentials.
Or we can get them, but not get any connections for some makes of phone unless a username and password is set up. And if an end user happens to pick password as the password it will also not work and we won't know why! That will be great for tech support...
What kind of numpty devised such a broken system?
Would never have happened if I still worked there...