In bug 5045 we changed tlstunnel to drop root privileges once they were no longer needed. Unfortunately we didn't properly test it as it doesn't work on Debian derived distributions, such as Ubuntu.
The problem is that Debian doesn't have the group "nobody". Instead they have "nogroup". Our code needs to be prepared to deal with both.
This is seen in the log if you enable debug logging:
> 2021-09-02 12:48:24 DEBUG tlwebaccess: [::ffff:10.48.0.7] Could not look up 'nobody' group: Success
Works well now. Tested on Ubuntu 20.04.
Tested on Ubuntu 18.04.
I could reproduce the issue on 4.13.0. Works good with build 2263 containing the changes.