Please see here:
The same thread can be taken as a reference. Simply, tls-crypt is supported and mandatory on entry-IP addresses 3 and 4. OpenVPN 2.4 or higher is required.
tls-crypt encrypts the whole Control Channel and has been reported as effective in bypassing blocks in China and Iran at the moment (to port 443 preferably, otherwise you could experience a generic, not OpenVPN related, outbound port blocking).
I'm sorry, I feel bad for you Staff. No matter how many times you say *entry IP 3 and 4* people still seem to not comprehend. I guess they just don't open their eyes.