With plugin 1.45 all is working.
Upgraded to 1.46.1 and although the agents report themselves as available, they have no network access to the outside world. Reverting to 1.45 got them back again.
The agents are each configured with the same single private subnet to launch into. Investigations showed things like `ping -c 3 google.com` times out.
Checking out from bitbucket.org was the original fault reported. We have apparently made no changes to the Jenkins master, except to upgrade it to the current LTS from a recent release at the same time as updating the plugins this lunchtime.