diff --git a/test/scenario/proxy_test.go b/test/scenario/proxy_test.go
index 01847fcec..496c0f2aa 100644
--- a/test/scenario/proxy_test.go
+++ b/test/scenario/proxy_test.go
@@ -24,6 +24,7 @@ import (
 	_ "github.com/p4gefau1t/trojan-go/proxy/server"
 	_ "github.com/p4gefau1t/trojan-go/statistic/memory"
 	"github.com/p4gefau1t/trojan-go/test/util"
+	"github.com/p4gefau1t/trojan-go/tunnel/trojan"
 )
 
 // test key and cert
@@ -86,6 +87,7 @@ func init() {
 }
 
 func CheckClientServer(clientData, serverData string, socksPort int) (ok bool) {
+	trojan.Auth = nil
 	server, err := proxy.NewProxyFromConfigData([]byte(serverData), false)
 	common.Must(err)
 	go server.Run()
diff --git a/tunnel/trojan/server.go b/tunnel/trojan/server.go
index c6c3c8564..55d2159ca 100644
--- a/tunnel/trojan/server.go
+++ b/tunnel/trojan/server.go
@@ -18,6 +18,8 @@ import (
 	"github.com/p4gefau1t/trojan-go/tunnel/mux"
 )
 
+var Auth statistic.Authenticator
+
 // InboundConn is a trojan inbound connection
 type InboundConn struct {
 	net.Conn
@@ -206,29 +208,29 @@ func NewServer(ctx context.Context, underlay tunnel.Server) (*Server, error) {
 	cfg := config.FromContext(ctx, Name).(*Config)
 	ctx, cancel := context.WithCancel(ctx)
 
-	// TODO replace this dirty code
-	var auth statistic.Authenticator
-	var err error
-	if cfg.MySQL.Enabled {
-		log.Debug("mysql enabled")
-		auth, err = statistic.NewAuthenticator(ctx, mysql.Name)
-	} else {
-		log.Debug("auth by config file")
-		auth, err = statistic.NewAuthenticator(ctx, memory.Name)
-	}
-	if err != nil {
-		cancel()
-		return nil, common.NewError("trojan failed to create authenticator")
+	if Auth == nil {
+		var err error
+		if cfg.MySQL.Enabled {
+			log.Debug("mysql enabled")
+			Auth, err = statistic.NewAuthenticator(ctx, mysql.Name)
+		} else {
+			log.Debug("auth by config file")
+			Auth, err = statistic.NewAuthenticator(ctx, memory.Name)
+		}
+		if err != nil {
+			cancel()
+			return nil, common.NewError("trojan failed to create authenticator")
+		}
 	}
 
 	if cfg.API.Enabled {
-		go api.RunService(ctx, Name+"_SERVER", auth)
+		go api.RunService(ctx, Name+"_SERVER", Auth)
 	}
 
 	redirAddr := tunnel.NewAddressFromHostPort("tcp", cfg.RemoteHost, cfg.RemotePort)
 	s := &Server{
 		underlay:   underlay,
-		auth:       auth,
+		auth:       Auth,
 		redirAddr:  redirAddr,
 		connChan:   make(chan tunnel.Conn, 32),
 		muxChan:    make(chan tunnel.Conn, 32),