Yes, the NAS and FreeRadius share a Shared Secret. The users password is encrypted using the Shared Secret by the NAS before it sends the request to Free Radius
So probably having a config in your clients.conf like:
client
10.64.0.0/16 {
secret = supersecretpassword
shortname = MobileNetworkIPAddresses
}
And assign the same shared password onto all your NAS's would be all you need.
Not all that secure having this over the internet, that's why I said having a "private office" offering from the Telco would be a better option. But if that's not available then you put a firewall in front of your FR box, and then only traffic from the Telco's Mobile IP Address range is permitted is probably the best you are going to be able to do.