diff --git a/CHANGELOG.md b/CHANGELOG.md
index 697b93c7d..02231e178 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
 - frontpage: Show app logos instead of generic icons.
 - Prevent anonymous users from accessing setup pages.
 - Firstboot, KVStore: merge old firstboot state fields.
+- tor: Use Plinth-specific instance instead of default.
 
 ## [0.12.0] - 2016-12-08
 ### Added
diff --git a/actions/tor b/actions/tor
index 19d52d56a..db9bace8f 100755
--- a/actions/tor
+++ b/actions/tor
@@ -70,21 +70,24 @@ def parse_arguments():
 def subcommand_setup(_):
     """Setup Tor configuration after installing it."""
 
+    # Disable default tor service. We will use tor@plinth instance
+    # instead.
     _disable_apt_transport_tor()
     action_utils.service_disable('tor')
+
     subprocess.run(['tor-instance-create', 'plinth'], check=True)
 
+    # Remove line starting with +SocksPort, since our augeas lens
+    # doesn't handle it correctly.
     with open('/etc/tor/instances/plinth/torrc', 'r') as torrc:
         torrc_lines = torrc.readlines()
     with open('/etc/tor/instances/plinth/torrc', 'w') as torrc:
         for line in torrc_lines:
             if not line.startswith('+'):
-                torrc.write(line + '\n')
+                torrc.write(line)
 
     aug = augeas_load()
 
-    aug.set(TOR_CONFIG + '/#comment[last() + 1]',
-            'Run as non-exit bridge relay')
     aug.set(TOR_CONFIG + '/SocksPort[1]', '[::]:9050')
     aug.set(TOR_CONFIG + '/SocksPort[2]', '0.0.0.0:9050')
     aug.set(TOR_CONFIG + '/ControlPort', '9051')
@@ -92,7 +95,6 @@ def subcommand_setup(_):
     aug.set(TOR_CONFIG + '/ExitPolicy[1]', 'reject *:*')
     aug.set(TOR_CONFIG + '/ExitPolicy[2]', 'reject6 *:*')
 
-    aug.set(TOR_CONFIG + '/#comment[last() + 1]', 'Enable transparent proxy')
     aug.set(TOR_CONFIG + '/VirtualAddrNetworkIPv4', '10.192.0.0/10')
     aug.set(TOR_CONFIG + '/AutomapHostsOnResolve', '1')
     aug.set(TOR_CONFIG + '/TransPort[1]', '127.0.0.1:9040')
@@ -111,6 +113,7 @@ def subcommand_setup(_):
 
     aug.save()
 
+    action_utils.service_enable('tor@plinth')
     action_utils.service_restart('tor@plinth')
     _update_ports()
 
@@ -286,7 +289,7 @@ def _enable_relay(relay=None, bridge=None, restart=True, aug=None):
 
     if restart:
         if is_enabled() and is_running():
-            action_utils.service_restart('tor')
+            action_utils.service_restart('tor@plinth')
 
 
 def _enable_hs(restart=True):
@@ -308,7 +311,7 @@ def _enable_hs(restart=True):
 
     if restart:
         if is_enabled() and is_running():
-            action_utils.service_restart('tor')
+            action_utils.service_restart('tor@plinth')
 
             # wait until hidden service information is available
             tries = 0
@@ -333,7 +336,7 @@ def _disable_hs(restart=True):
 
     if restart:
         if is_enabled() and is_running():
-            action_utils.service_restart('tor')
+            action_utils.service_restart('tor@plinth')
 
 
 def _enable_apt_transport_tor():
diff --git a/data/usr/share/augeas/lenses/tests/test_tor.aug b/data/usr/share/augeas/lenses/tests/test_tor.aug
index c73c55088..063290a8a 100644
--- a/data/usr/share/augeas/lenses/tests/test_tor.aug
+++ b/data/usr/share/augeas/lenses/tests/test_tor.aug
@@ -8,5 +8,4 @@ test Tor.lns get "SocksPort [::]:9050\n" = { "SocksPort" = "[::]:9050" }
 test Tor.lns get "ExitPolicy reject *:*\n" = { "ExitPolicy" = "reject *:*" }
 test Tor.lns get "VirtualAddrNetworkIPv4 10.192.0.0/10\n" = { "VirtualAddrNetworkIPv4" = "10.192.0.0/10" }
 test Tor.lns get "ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy\n" = { "ServerTransportPlugin" = "obfs3,obfs4 exec /usr/bin/obfs4proxy" }
-test Tor.lns get "HiddenServiceDir /var/lib/tor/hidden_service/\n" = { "HiddenServiceDir" = "/var/lib/tor/hidden_service/" }
-test Tor.lns get "+SocksPort auto" = { "SocksPort" = "auto" }
+test Tor.lns get "HiddenServiceDir /var/lib/tor-instances/plinth/hidden_service/\n" = { "HiddenServiceDir" = "/var/lib/tor-instances/plinth/hidden_service/" }
diff --git a/data/usr/share/augeas/lenses/tor.aug b/data/usr/share/augeas/lenses/tor.aug
index 6dfe46f36..021a0f516 100644
--- a/data/usr/share/augeas/lenses/tor.aug
+++ b/data/usr/share/augeas/lenses/tor.aug
@@ -22,8 +22,8 @@ autoload xfm
 let eol = Util.eol
 
 let ws = /[ \t]/
-let kc = /[A-Za-z0-9_.,:*+]/
-let vc = /[A-Za-z0-9_.,:*\/ ]/
+let kc = /[A-Za-z0-9_.,:*]/
+let vc = /[-A-Za-z0-9_.,:*\/ ]/
 let keyname = kc+
 let val = /[[\/]*/ . kc . (vc* . /[]]*/ . vc* . kc . /[\/]*/)?
 
diff --git a/plinth/modules/tor/__init__.py b/plinth/modules/tor/__init__.py
index c0310f0cb..498c21aeb 100644
--- a/plinth/modules/tor/__init__.py
+++ b/plinth/modules/tor/__init__.py
@@ -32,7 +32,7 @@ from plinth.signals import domain_added, domain_removed
 from . import utils
 
 
-version = 1
+version = 2
 
 depends = ['apps', 'names']