Actually managed to find the root myself… Of similar looking issues I found online people had not managed to setup correct firewall rules or had messed up somewhere or used some custom service, so didn’t find anything matching until I found:

Basically, I had to run

ethtool -K ens160 tx-checksum-ip-generic off

on all my docker nodes, and then it worked… (My device name was a bit different than jmcombs, it’s the name of the main interface connecting the nodes (outside Docker)

I’m trying to set up Docker on an Ubuntu image someone has tried to harden to avoid hacker holes, so I guess it might have added some non-default setting to check checksums… Though it seems strange that Docker swarm should rely on being able to send messages with what I assume is broken checksums. Not that I know anything about that feature, so maybe it’s not what it sounds like…