Each month we are seeing location data come across that shows access devices being used from outside of the country. When we follow up with our users they usually tell us that they were not in that country at the time the VPN attempt was recorded. We even have the same IP being tied to different users. How reliable is the location information that we see in the Duo reports? Does anybody else also experience this same type of behavior?
At Duo we leverage a widely used geo location service called GeoIP. This service attempts to map IP Address to geographic locations like city and states. MaxMind, the creator of GeoIP tests the accuracy of the GeoIP2 and GeoIP Legacy Databases on a periodic basis. In their recent tests, the downloadable databases were 99.8% accurate on a country level, 90% accurate on a state level in the US, and 86% accurate for cities in the US within a 50 kilometer radius. (https://support.maxmind.com/geoip-faq/geoip2-and-geoip-legacy-databases/how-accurate-are-your-geoip2-and-geoip-legacy-databases/).
When someone leverages a cellular or VPN network connection, it’s common for those locations to report inaccurately. Because GeoIP leverages the IP Address of the request origin a user accessing via VPN will report from the VPN’s origin server IP address, which is usually different from the users actual location.
We do regularly update our GeoIP database.
I encourage you contact support (Support | Duo Security) to further troubleshoot.
Do you plan to support IP2Location LITE or other free database?
We have problem with the accuracy of the GeoIP and do not want to buy the commercial one for better coverage.
I am presently unaware of any plans to support other geolocation services, but I will gladly put in a feature request for our development team to consider.