diff --git a/configure.ac b/configure.ac
index 26065b15d..966b9d002 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1639,6 +1639,7 @@ AC_CONFIG_FILES([
 	src/pki/man/pki---signcrl.1
 	src/pki/man/pki---acert.1
 	src/pki/man/pki---verify.1
+	src/swanctl/swanctl.8
 	src/swanctl/swanctl.conf.5.head
 	src/swanctl/swanctl.conf.5.tail
 ])
diff --git a/src/swanctl/.gitignore b/src/swanctl/.gitignore
index b92b5029c..11c04cb46 100644
--- a/src/swanctl/.gitignore
+++ b/src/swanctl/.gitignore
@@ -1,4 +1,5 @@
 swanctl
+swanctl.8
 swanctl.conf
 swanctl.conf.5
 swanctl.conf.5.main
diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index a232487aa..e5b53a5d1 100644
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -30,6 +30,7 @@ AM_CPPFLAGS = \
 	-DPLUGINS=\""${s_plugins}\""
 
 man_MANS = \
+	swanctl.8 \
 	swanctl.conf.5
 
 BUILT_SOURCES = swanctl.conf swanctl.conf.5.main
diff --git a/src/swanctl/swanctl.8.in b/src/swanctl/swanctl.8.in
new file mode 100644
index 000000000..d7abae67a
--- /dev/null
+++ b/src/swanctl/swanctl.8.in
@@ -0,0 +1,83 @@
+.TH SWANCTL 8 "2014-04-28" "@PACKAGE_VERSION@" "strongSwan"
+.SH NAME
+swanctl \- strongSwan configuration, control and monitoring command line interface.
+.SH SYNOPSIS
+.SY "swanctl"
+.I command
+.RI [ option\~ .\|.\|.]
+.YS
+.
+.SY "swanctl"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH DESCRIPTION
+swanctl is a cross-platform command line utility to configure, control and
+monitor the strongSwan IKE daemon. It is a replacement for the aging
+.BR starter ,
+.B ipsec
+and
+.B stroke
+tools.
+
+swanctl uses a configuration file called
+.BR swanctl.conf (5)
+to parse configurations and credentials. Private keys, certificates and other
+PKI related credentials are read from specific directories.
+
+To communicate with the IKE daemon, swanctl uses the VICI protocol, the
+Versatile IKE Configuration Interface. This stable interface is usable by
+other tools and is often preferable than scripting swanctl and parsing its
+output.
+
+.SH COMMANDS
+.TP
+.B "\-i, \-\-initiate"
+initiate a connection
+.TP
+.B "\-t, \-\-terminate"
+\-\-terminate\fR
+terminate a connection
+.TP
+.B "\-p, \-\-install"
+install a trap or shunt policy
+.TP
+.B "\-u, \-\-uninstall"
+uninstall a trap or shunt policy
+.TP
+.B "\-l, \-\-list\-sas"
+list currently active IKE_SAs
+.TP
+.B "\-P, \-\-list\-pols"
+list currently installed policies
+.TP
+.B "\-L, \-\-list\-conns"
+list loaded configurations
+.TP
+.B "\-x, \-\-list\-certs"
+list stored certificates
+.TP
+.B "\-A, \-\-list\-pools"
+list loaded pool configurations
+.TP
+.B "\-c, \-\-load\-conns"
+(re\-)load connection configuration
+.TP
+.B "\-s, \-\-load\-creds"
+(re\-)load credentials
+.TP
+.B "\-a, \-\-load\-pools"
+(re\-)load pool configuration
+.TP
+.B "\-T, \-\-log"
+trace logging output
+.TP
+.B "\-v, \-\-version"
+show daemon version information
+.TP
+.B "\-h, \-\-help"
+show usage information
+.SH SEE ALSO
+.BR swanctl.conf (5)