Standard MTU for ethernet is 1500 bytes.
Various virtualization and encapsulation technologies reduce MTU due to those encapsulation overheads.
You are building an encrypted VPN tunnel across what I assume is the internet between two routers or firewalls.
Each router has a Real Internet IP Address, and a Private IP Address as part of your internal network.
The tunnel is built from public IP to public IP to transport your private network conversations.
If you ping from your laptop to a server at the far-end you are pinging through the tunnel or inside the tunnel.
If you login to the router and tell the router to fire some pings specifically from the public Internet interface to the public internet address of the other router you are outside of the tunnel, pinging across the public internet, unencrypted.
For your carrier to hand you a service that can only support 1350 MTU does feel a little odd to me as well, but it’s not unheard of.