In order to use Monit to monitor your Wiregaurd tunnel/endpoint on OPNsense we need to direct the Monit ping service to change its source address to the local address of your OPNsense router. By default OPNsense will attempt to ping a remote hose from the default WAN address.
This should also work for monitoring OpenVPN or IPsec VPN’s.
In the example below 10.11.12.100 is the local IP of the Source OPNsense Wiregaurd Router and 10.25.25.100 is the IP of the Destination (Endpoint) OPNsense Wiregaurd Router. We want to send a ping from 10.11.12.100 to 10.25.25.100 to ensure the tunnel is up.
Services -> Monit -> Settings -> Service Test Settings
Add Test
Name: WG_VPN_ALERT
Condition: failed ping address 10.11.12.100
Action: Alert
Services -> Monit -> Settings -> Service Settings
Add Service
Enable Service Checks: Checked
Name: WG_VPN
Type: Remote Host
Address: 10.25.25.100
Tests: WG_VPN_ALERT
Nicholas Saraniti 