diff --git a/src/include/netif/ppp/chap_ms.h b/src/include/netif/ppp/chap_ms.h
index 102f8396..acfef8ea 100644
--- a/src/include/netif/ppp/chap_ms.h
+++ b/src/include/netif/ppp/chap_ms.h
@@ -71,11 +71,6 @@
 #define MS_CHAP2_FLAGS		48
 
 #if MPPE_SUPPORT
-#include "mppe.h"	/* MPPE_MAX_KEY_LEN */
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-extern int mppe_keys_set;
-
 #if 0 /* UNUSED */
 /* These values are the RADIUS attribute values--see RFC 2548. */
 #define MPPE_ENC_POL_ENC_ALLOWED 1
diff --git a/src/include/netif/ppp/ppp.h b/src/include/netif/ppp/ppp.h
index fe7223b5..fb98ae99 100644
--- a/src/include/netif/ppp/ppp.h
+++ b/src/include/netif/ppp/ppp.h
@@ -366,7 +366,12 @@ struct ppp_pcb_s {
   unsigned int                         :2; /* 2 bit of padding */
 #endif /* PPP_IPV6_SUPPORT */
   unsigned int lcp_echo_timer_running  :1; /* set if a timer is running */
-  unsigned int                         :2; /* 2 bits of padding to round out to 8 bits */
+#if MPPE_SUPPORT
+  unsigned int mppe_keys_set           :1; /* Have the MPPE keys been set? */
+#else /* MPPE_SUPPORT */
+  unsigned int                         :1; /* 1 bit of padding */
+#endif /* MPPE_SUPPORT */
+  unsigned int                         :1; /* 1 bit of padding to round out to 8 bits */
 
 #if PPP_AUTH_SUPPORT
   /* auth data */
@@ -416,6 +421,8 @@ struct ppp_pcb_s {
 #if MPPE_SUPPORT
   ppp_mppe_state mppe_comp;      /* MPPE "compressor" structure */
   ppp_mppe_state mppe_decomp;    /* MPPE "decompressor" structure */
+  u8_t mppe_send_key[MPPE_MAX_KEY_LEN];
+  u8_t mppe_recv_key[MPPE_MAX_KEY_LEN];
 #endif /* MPPE_SUPPORT */
 #endif /* CCP_SUPPORT */
 
diff --git a/src/netif/ppp/ccp.c b/src/netif/ppp/ccp.c
index 0fc5a4a7..70b1f49b 100644
--- a/src/netif/ppp/ccp.c
+++ b/src/netif/ppp/ccp.c
@@ -40,7 +40,6 @@
 #include "netif/ppp/ccp.h"
 
 #if MPPE_SUPPORT
-#include "netif/ppp/chap_ms.h"	/* mppe_xxxx_key, mppe_keys_set */
 #include "netif/ppp/lcp.h"	/* lcp_close(), lcp_fsm */
 #endif /* MPPE_SUPPORT */
 
@@ -587,7 +586,7 @@ static void ccp_resetci(fsm *f) {
 	}
 
 	/* A plugin (eg radius) may not have obtained key material. */
-	if (!mppe_keys_set) {
+	if (!pcb->mppe_keys_set) {
 	    ppp_error("MPPE required, but keys are not available.  "
 		  "Possible plugin problem?");
 	    lcp_close(pcb, "MPPE required but not available");
@@ -772,7 +771,7 @@ static void ccp_addci(fsm *f, u_char *p, int *lenp) {
 	p[1] = opt_buf[1] = CILEN_MPPE;
 	MPPE_OPTS_TO_CI(go->mppe, &p[2]);
 	MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
-	MEMCPY(&opt_buf[CILEN_MPPE], mppe_recv_key, MPPE_MAX_KEY_LEN);
+	MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
 	/* ccp_test() can't fail, we've already tested it! */
 	ccp_test(pcb, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
 	p += CILEN_MPPE;
@@ -1204,7 +1203,7 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
 		    int mtu;
 
 		    MEMCPY(opt_buf, p, CILEN_MPPE);
-		    MEMCPY(&opt_buf[CILEN_MPPE], mppe_send_key,
+		    MEMCPY(&opt_buf[CILEN_MPPE], pcb->mppe_send_key,
 			  MPPE_MAX_KEY_LEN);
 		    if (ccp_test(pcb, opt_buf,
 				 CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
@@ -1484,8 +1483,8 @@ static void ccp_up(fsm *f) {
 	ppp_notice("%s transmit compression enabled", method_name(ho, NULL));
 #if MPPE_SUPPORT
     if (go->mppe) {
-	BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
-	BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
+	BZERO(pcb->mppe_recv_key, MPPE_MAX_KEY_LEN);
+	BZERO(pcb->mppe_send_key, MPPE_MAX_KEY_LEN);
 	continue_networks(pcb);		/* Bring up IP et al */
     }
 #endif /* MPPE_SUPPORT */
diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c
index 03d6e064..5431ff4e 100644
--- a/src/netif/ppp/chap_ms.c
+++ b/src/netif/ppp/chap_ms.c
@@ -146,10 +146,6 @@ bool	ms_lanman = 0;    	/* Use LanMan password instead of NT */
 #endif
 
 #if MPPE_SUPPORT
-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-int mppe_keys_set = 0;		/* Have the MPPE keys been set? */
-
 #ifdef DEBUGMPPEKEY
 /* For MPPE debug */
 /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
@@ -671,10 +667,10 @@ static void mppe_set_keys(ppp_pcb *pcb, u_char *rchallenge, u_char PasswordHashH
     sha1_finish(&sha1Context, Digest);
 
     /* Same key in both directions. */
-    MEMCPY(mppe_send_key, Digest, sizeof(mppe_send_key));
-    MEMCPY(mppe_recv_key, Digest, sizeof(mppe_recv_key));
+    MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
+    MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
 
-    mppe_keys_set = 1;
+    pcb->mppe_keys_set = 1;
 }
 
 /*
@@ -767,7 +763,7 @@ static void mppe_set_keys2(ppp_pcb *pcb, u_char PasswordHashHash[MD4_SIGNATURE_S
     sha1_update(&sha1Context, SHApad2, sizeof(SHApad2));
     sha1_finish(&sha1Context, Digest);
 
-    MEMCPY(mppe_send_key, Digest, sizeof(mppe_send_key));
+    MEMCPY(pcb->mppe_send_key, Digest, MPPE_MAX_KEY_LEN);
 
     /*
      * generate recv key
@@ -783,9 +779,9 @@ static void mppe_set_keys2(ppp_pcb *pcb, u_char PasswordHashHash[MD4_SIGNATURE_S
     sha1_update(&sha1Context, SHApad2, sizeof(SHApad2));
     sha1_finish(&sha1Context, Digest);
 
-    MEMCPY(mppe_recv_key, Digest, sizeof(mppe_recv_key));
+    MEMCPY(pcb->mppe_recv_key, Digest, MPPE_MAX_KEY_LEN);
 
-    mppe_keys_set = 1;
+    pcb->mppe_keys_set = 1;
 }
 
 /*