Well, actually there is a --node-ip-address option to explicitly set a network interface for ray interconnection. However, in my case, having two different network interfaces with ray set to use only one of them was not successful (I got a spurious errors/exceptions, see below). You might manage it better.
PS: Just found that ray allows encrypted connections (unfortunately, not for manual deployment):