diff --git a/src/include/netif/ppp/mppe.h b/src/include/netif/ppp/mppe.h
index 6bf3ccde..935b8c00 100644
--- a/src/include/netif/ppp/mppe.h
+++ b/src/include/netif/ppp/mppe.h
@@ -173,9 +173,6 @@ void mppe_comp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
 err_t mppe_compress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb, u16_t protocol);
 void mppe_decomp_reset(ppp_pcb *pcb, ppp_mppe_state *state);
 err_t mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb);
-#if 0 /* unused */
-void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt);
-#endif /* unused */
 
 #endif /* MPPE_H */
 #endif /* PPP_SUPPORT && MPPE_SUPPORT */
diff --git a/src/netif/ppp/mppe.c b/src/netif/ppp/mppe.c
index 751f877c..d1f21a9b 100644
--- a/src/netif/ppp/mppe.c
+++ b/src/netif/ppp/mppe.c
@@ -389,24 +389,4 @@ mppe_decompress(ppp_pcb *pcb, ppp_mppe_state *state, struct pbuf **pb)
 	return ERR_OK;
 }
 
-#if 0 /* unused */
-/*
- * Incompressible data has arrived (this should never happen!).
- * We should probably drop the link if the protocol is in the range
- * of what should be encrypted.  At the least, we should drop this
- * packet.  (How to do this?)
- */
-void mppe_incomp(ppp_pcb *pcb, ppp_mppe_state *state, unsigned char *ibuf, int icnt)
-{
-	LWIP_UNUSED_ARG(state);
-	LWIP_UNUSED_ARG(icnt);
-
-	if (PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa) {
-		PPPDEBUG(LOG_DEBUG,
-		       ("mppe_incomp[%d]: incompressible (unencrypted) data! "
-		       "(proto %04x)\n", pcb->netif->num, PPP_PROTOCOL(ibuf)));
-	}
-}
-#endif /* unused */
-
 #endif /* PPP_SUPPORT && MPPE_SUPPORT */
diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c
index ed52935a..c2ab154d 100644
--- a/src/netif/ppp/ppp.c
+++ b/src/netif/ppp/ppp.c
@@ -760,6 +760,26 @@ void ppp_input(ppp_pcb *pcb, struct pbuf *pb) {
   }
 
 #if CCP_SUPPORT
+#if MPPE_SUPPORT
+  /*
+   * MPPE is required and unencrypted data has arrived (this
+   * should never happen!). We should probably drop the link if
+   * the protocol is in the range of what should be encrypted.
+   * At the least, we drop this packet.
+   */
+  if (pcb->settings.require_mppe && (0
+#if PPP_IPV4_SUPPORT
+       || protocol == PPP_IP
+#endif /* PPP_IPV4_SUPPORT */
+#if PPP_IPV6_SUPPORT
+       || protocol == PPP_IPV6
+#endif /* PPP_IPV6_SUPPORT */
+       )) {
+    PPPDEBUG(LOG_ERR, ("ppp_input[%d]: MPPE required, received unencrypted data!\n", pcb->netif->num));
+    goto drop;
+  }
+#endif /* MPPE_SUPPORT */
+
   if (protocol == PPP_COMP) {
     u8_t *pl;