diff --git a/CHANGES.md b/CHANGES.md
index f52ee36d9..d253b42ba 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -4,6 +4,7 @@
 
 - New: Raspberry Pi OS Base Image 64-bit (August 2020)
 - New: Build SD card Image with parameters & FatPack [details](https://github.com/rootzoll/raspiblitz/pull/2044)
+- New: Improve LND uptime and reliability over Tor [details](https://github.com/rootzoll/raspiblitz/pull/2148)
 - New: Lightning Terminal 0.4.1-alpha (Loop, Pool & Faraday UI Bundle) [details](https://github.com/lightninglabs/lightning-terminal#lightning-terminal-lit)
 - New: chantools 0.8.2 [details](https://github.com/guggero/chantools/blob/master/README.md)
 - New: Circuitbreaker LND firewall (settings menu) [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
diff --git a/build_sdcard.sh b/build_sdcard.sh
index 0ff18b432..1ffa140e2 100755
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@@ -641,23 +641,6 @@ fi
 # add /sbin to path for all
 sudo bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
 
-# script auto-start for admin user
-homeFile=/home/admin/.bashrc
-autostartDone=$(grep -c "automatically start main menu" $homeFile)
-if [ ${autostartDone} -eq 0 ]; then
-  # bash autostart for admin
-  sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
-  sudo bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
-  sudo bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
-  sudo bash -c "echo '    ./00raspiblitz.sh' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'fi' >> /home/admin/.bashrc"
-  echo "autostart added to $homeFile"
-else
-  echo "autostart already in $homeFile"
-fi
-
 echo ""
 echo "*** RASPIBLITZ EXTRAS ***"
 
@@ -679,9 +662,6 @@ sudo bash -c "echo '' >> /home/admin/.bashrc"
 sudo bash -c "echo '# https://github.com/rootzoll/raspiblitz/issues/1784' >> /home/admin/.bashrc"
 sudo bash -c "echo 'NG_CLI_ANALYTICS=ci' >> /home/admin/.bashrc"
 
-sudo bash -c "echo '' >> /home/admin/.bashrc"
-sudo bash -c "echo '# Raspiblitz' >> /home/admin/.bashrc"
-
 homeFile=/home/admin/.bashrc
 keyBindings="source /usr/share/doc/fzf/examples/key-bindings.bash"
 keyBindingsDone=$(grep -c "$keyBindings" $homeFile)
@@ -693,6 +673,27 @@ else
   echo "key-bindings already in $homeFile"
 fi
 
+homeFile=/home/admin/.bashrc
+autostart="automatically start main menu"
+autostartDone=$(grep -c "$autostart" $homeFile)
+
+if [ ${autostartDone} -eq 0 ]; then
+  # bash autostart for admin
+  sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
+  sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
+  sudo bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
+  sudo bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
+  sudo bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
+  sudo bash -c "echo '    ./00raspiblitz.sh' >> /home/admin/.bashrc"
+  sudo bash -c "echo 'fi' >> /home/admin/.bashrc"
+  echo "autostart added to $homeFile"
+else
+  echo "autostart already in $homeFile"
+fi
+
+sudo bash -c "echo '' >> /home/admin/.bashrc"
+sudo bash -c "echo '# Raspiblitz' >> /home/admin/.bashrc"
+
 echo ""
 echo "*** SWAP FILE ***"
 # based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
diff --git a/home.admin/config.scripts/bonus.joinmarket.sh b/home.admin/config.scripts/bonus.joinmarket.sh
index 55abd7943..f470944d0 100755
--- a/home.admin/config.scripts/bonus.joinmarket.sh
+++ b/home.admin/config.scripts/bonus.joinmarket.sh
@@ -145,11 +145,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     sudo sed -i "s:^CookieAuthFile*:#CookieAuthFile:g" /etc/tor/torrc
     if ! grep -Eq "^CookieAuthentication 1" /etc/tor/torrc; then
       echo "CookieAuthentication 1" | sudo tee -a /etc/tor/torrc
-      sudo systemctl restart tor
+      sudo systemctl restart tor@default
     fi
     if ! grep -Eq "^AllowOutboundLocalhost 1" /etc/tor/torsocks.conf; then          
       echo "AllowOutboundLocalhost 1" | sudo tee -a /etc/tor/torsocks.conf
-      sudo systemctl restart tor
+      sudo systemctl restart tor@default
     fi
 
     # joinin.conf settings
diff --git a/home.admin/config.scripts/bonus.lit.sh b/home.admin/config.scripts/bonus.lit.sh
index d6051f844..f40b46336 100644
--- a/home.admin/config.scripts/bonus.lit.sh
+++ b/home.admin/config.scripts/bonus.lit.sh
@@ -334,6 +334,11 @@ alias lit-frcli=\"frcli --rpcserver=localhost:8443 \
     echo "# OK - the litd.service is enabled, to start manually use: 'sudo systemctl start litd'"
   fi
 
+  # make Loop work with RTL if installed (update will run configRTL)
+  if [ ${#rtlWebinterface} -gt 0 ]&&[ ${rtlWebinterface} = on ];then
+    /home/admin/config.scripts/bonus.rtl.sh update
+  fi
+
   exit 0
 fi
 
diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh
index 5af1cae21..96f5665fb 100755
--- a/home.admin/config.scripts/bonus.rtl.sh
+++ b/home.admin/config.scripts/bonus.rtl.sh
@@ -61,7 +61,7 @@ echo "# making sure services are not running"
 sudo systemctl stop RTL 2>/dev/null
 
 function configRTL() {
-  SWAPSERVERPORT=8081
+  SWAPSERVERPORT=8443
   if [ "$(grep -Ec "(loop=|lit=)" < /mnt/hdd/raspiblitz.conf)" -gt 0 ];then 
     if [ $lit = on ];then
       echo "# Add the rtl user to the lit group"
@@ -76,6 +76,7 @@ function configRTL() {
       echo "# Symlink the loop.macaroon"
       sudo rm -rf "/home/rtl/.loop"                     # delete symlink
       sudo ln -s "/home/loop/.loop/" "/home/rtl/.loop"  # create symlink
+      SWAPSERVERPORT=8081
     fi
     echo "# Make the loop macaroon group readable"
     sudo chmod 640 /home/rtl/.loop/mainnet/macaroons.db
diff --git a/home.admin/config.scripts/internet.hiddenservice.sh b/home.admin/config.scripts/internet.hiddenservice.sh
index e4ac7fc86..1c2e6eaef 100755
--- a/home.admin/config.scripts/internet.hiddenservice.sh
+++ b/home.admin/config.scripts/internet.hiddenservice.sh
@@ -35,7 +35,7 @@ if [ "$1" == "off" ]; then
   sudo chown bitcoin:bitcoin /etc/tor/torrc
 
   echo "# OK service is removed - restarting TOR ..."
-  sudo systemctl restart tor
+  sudo systemctl restart tor@default
   sleep 10
   echo "# Done"
   exit 0
@@ -100,7 +100,7 @@ HiddenServicePort $toPort 127.0.0.1:$fromPort" | sudo tee -a /etc/tor/torrc
   echo ""
   echo "Restarting Tor to activate the Hidden Service..."
   sudo chmod 644 /etc/tor/torrc
-  sudo systemctl restart tor
+  sudo systemctl restart tor@default
   sleep 10
 
   # show the Hidden Service address
diff --git a/home.admin/config.scripts/internet.tor.sh b/home.admin/config.scripts/internet.tor.sh
index 8efc72af6..223e9948f 100755
--- a/home.admin/config.scripts/internet.tor.sh
+++ b/home.admin/config.scripts/internet.tor.sh
@@ -87,26 +87,100 @@ activateLndOverTOR()
   lndExists=$(sudo ls /etc/systemd/system/lnd.service | grep -c "lnd.service")
   if [ ${lndExists} -gt 0 ]; then
 
-    echo "# Make sure the user bitcoin is in the debian-tor group"
-    sudo usermod -a -G debian-tor bitcoin
     # deprecate 'torpassword='
     sudo sed -i '/\[Tor\]*/d' /mnt/hdd/lnd/lnd.conf
     sudo sed -i '/^tor.password=*/d' /mnt/hdd/lnd/lnd.conf
 
+    # lnd-tor instance
+    # https://www.torservers.net/wiki/setup/server#multiple_tor_processes
+    NODENAME="lnd"
+    SOCKSPORT=9070
+    CONTROLPORT=$((SOCKSPORT+1))
+    echo "# Creating a dedicated Tor instance for $NODENAME"
+    sudo tor-instance-create $NODENAME
+
+    echo "# Make sure the user bitcoin is in the _tor-$NODENAME group"
+    sudo usermod -a -G _tor-$NODENAME bitcoin
+
+    # create tor data directory if it not exist
+    if [ ! -d "/mnt/hdd/tor-$NODENAME" ]; then
+      echo "# - creating tor data directory"
+      sudo mkdir -p /mnt/hdd/tor-$NODENAME
+      sudo mkdir -p /mnt/hdd/tor-$NODENAME/sys
+    else
+      echo "# - /mnt/hdd/tor-$NODENAME data directory exists"
+    fi
+    # make sure its the correct owner
+    sudo chmod -R 700 /mnt/hdd/tor-$NODENAME
+    sudo chown -R _tor-$NODENAME:_tor-$NODENAME /mnt/hdd/tor-$NODENAME
+
+    echo "
+### torrc for tor@$NODENAME
+### https://github.com/lightningnetwork/lnd/blob/master/docs/configuring_tor.md
+
+DataDirectory /mnt/hdd/tor-$NODENAME/sys
+PidFile /mnt/hdd/tor-$NODENAME/sys/tor.pid
+
+SocksPort $SOCKSPORT
+ControlPort $CONTROLPORT
+CookieAuthentication 1
+CookieAuthFileGroupReadable 1
+
+SafeLogging 1
+Log notice stdout
+Log notice file /mnt/hdd/tor-$NODENAME/notice.log
+Log info file /mnt/hdd/tor-$NODENAME/info.log
+" | sudo tee /etc/tor/instances/$NODENAME/torrc
+    sudo chmod 644 /etc/tor/instances/$NODENAME/torrc
+
+    sudo mkdir -p /etc/systemd/system/tor@$NODENAME.service.d
+    sudo tee /etc/systemd/system/tor@$NODENAME.service.d/raspiblitz.conf >/dev/null <<EOF
+    # DO NOT EDIT! This file is generated by raspiblitz and will be overwritten
+[Service]
+ReadWriteDirectories=-/mnt/hdd/tor-$NODENAME
+[Unit]
+After=network.target nss-lookup.target mnt-hdd.mount
+EOF
+
+    echo "Setup logrotate"
+    # add logrotate config for modified Tor dir on ext. disk
+    sudo tee /etc/logrotate.d/raspiblitz-tor-$NODENAME >/dev/null <<EOF
+/mnt/hdd/tor-$NODENAME/*log {
+        daily
+        rotate 5
+        compress
+        delaycompress
+        missingok
+        notifempty
+        create 0640 _tor-$NODENAME _tor-$NODENAME
+        sharedscripts
+        postrotate
+                if invoke-rc.d tor status > /dev/null; then
+                        invoke-rc.d tor reload > /dev/null
+                fi
+        endscript
+}
+EOF
+    sudo systemctl daemon-reload
+    sudo systemctl enable tor@$NODENAME
+    sudo systemctl start tor@$NODENAME
+    
     # modify LND service
-    echo "Make sure LND is disabled"
+    echo "# Make sure LND is disabled"
     sudo systemctl disable lnd 2>/dev/null
 
-    echo "editing /etc/systemd/system/lnd.service"
-    sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*/ExecStart=\/usr\/local\/bin\/lnd --tor\.active --tor\.streamisolation --tor\.v3 --listen=127\.0\.0\.1\:9735 \${lndExtraParameter}/g" /etc/systemd/system/lnd.service
+    echo "# Editing /etc/systemd/system/lnd.service"
+    sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*\
+/ExecStart=\/usr\/local\/bin\/lnd --tor\.active --tor\.streamisolation --tor\.v3 --tor\.socks=$SOCKSPORT --tor\.control=$CONTROLPORT --listen=127\.0\.0\.1\:9735 \${lndExtraParameter}/g" \
+    /etc/systemd/system/lnd.service
 
-    echo "Enable LND again"
+    echo "# Enable LND again"
     sudo systemctl enable lnd
-    echo "OK"
-    echo ""
+    echo "# OK"
+    echo 
 
   else
-    echo "LND service not found (yet) -  try with 'internet.tor.sh lndconf-on' again later" 
+    echo "# LND service not found (yet) - try with 'internet.tor.sh lndconf-on' again later" 
   fi
 }
 
@@ -231,9 +305,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   isTorConfigOK=$(sudo cat /etc/tor/torrc 2>/dev/null | grep -c "BITCOIN")
   if [ ${isTorConfigOK} -eq 0 ]; then
     echo "# - updating Tor config ${torrc}"
-    PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
-    HASHED_PASSWORD=$(sudo -u debian-tor tor --hash-password "$PASSWORD_B")
     cat > ./torrc <<EOF
+### torrc for tor@default
 ### See 'man tor', or https://www.torproject.org/docs/tor-manual.html
 
 DataDirectory /mnt/hdd/tor/sys
@@ -259,35 +332,19 @@ HiddenServicePort 80 127.0.0.1:80
 # NOTE: since Bitcoin Core v0.21.0 sets up a v3 Tor service automatically 
 # see /mnt/hdd/bitcoin for the onion private key - delete and restart bitcoind to reset
 
-# Hidden Service for BITCOIN P2P (v2FallBack for Bisq)
-HiddenServiceDir /mnt/hdd/tor/bitcoin8333
-HiddenServiceVersion 2
-HiddenServicePort 8333 127.0.0.1:8333
- 
-# Hidden Service for LND (incoming connections)
-HiddenServiceDir /mnt/hdd/tor/lnd9735
-HiddenServiceVersion 3
-HiddenServicePort 9735 127.0.0.1:9735
+# NOTE: LND is using a separate Tor instance: tor@lnd
+# find the torrc at /etc/tor/instances/lnd/torrc
+# onion private key at /mnt/hdd/lnd/v3_onion_private_key
 
 # Hidden Service for LND RPC
 HiddenServiceDir /mnt/hdd/tor/lndrpc10009/
 HiddenServiceVersion 3
 HiddenServicePort 10009 127.0.0.1:10009
 
-# Hidden Service for LND RPC (v2Fallback)
-HiddenServiceDir /mnt/hdd/tor/lndrpc10009fallback/
-HiddenServiceVersion 2
-HiddenServicePort 10009 127.0.0.1:10009
-
 # Hidden Service for LND REST
 HiddenServiceDir /mnt/hdd/tor/lndrest8080/
 HiddenServiceVersion 3
 HiddenServicePort 8080 127.0.0.1:8080
-
-# Hidden Service for LND REST (v2Fallback)
-HiddenServiceDir /mnt/hdd/tor/lndrest8080fallback/
-HiddenServiceVersion 2
-HiddenServicePort 8080 127.0.0.1:8080
 EOF
     sudo rm $torrc
     sudo mv ./torrc $torrc
@@ -396,6 +453,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   # disable TOR service
   echo "# *** Disable Tor service ***"
   sudo systemctl disable tor@default
+  sudo systemctl disable tor@lnd
   echo ""
 
   # DEACTIVATE BITCOIN OVER TOR (function call)
@@ -415,6 +473,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
 
   echo "# *** Stop Tor service ***"
   sudo systemctl stop tor@default
+  sudo systemctl stop tor@lnd
   echo ""
 
   if [ "$2" == "clear" ]; then
@@ -449,6 +508,12 @@ if [ "$1" = "update" ]; then
   echo "# Starting the tor.service "
   sudo systemctl start tor
   echo "# Installed $(tor --version)"
+  if [ $(systemctl status lnd | grep -c "active (running)") -gt 0 ];then
+    echo "# LND needs to restart"
+    sudo systemctl restart lnd
+    sleep 10
+    lncli unlock
+  fi
   exit 0
 fi