The usual approach to this is to monitor for some evidence that the tunnel is working, not that it's down. And then infer from that whether the tunnel is there.
So for instance, query against s_qos_snapshot with sql/jdbc_response for a qos that's captured reliably from every hub (like CDM cpu usage) and then if that value in the snapshot table gets old, you know that no data is coming in from that hub/robot.
That will get many more failure cases than just the tunnel down but those typically are more valuable than just the infrastructure failure.