Encrypted Communications for docker swarm


I am looking for a way to force all docker swarm communications through an IPsec tunnel on Centos 7 hosts.
I have set up a host to host tunnel between the two swarm nodes using IPsec, but the management and overlay networks appear to still be going through unencrypted.

I know that docker has its own encryption out of the box, and that you can create an encrypted overlay network, but I need to force all the traffic through the IPsec tunnel because of the need for FIPS validated encryption provided by libreswan/IPsec.
Any advice or suggestions welcome.