Yes. Before I start to picture the new setup, please upgrade to 4.x. it is a huge improvement on every GL.iNet device, at least in my setup.
I never worked with an external VPN service. Because I am too paranoid. It is hard to trust the ISP … But where to draw the line?
Ping is ICMP, NMAP is TCP … My fault, forgot to set UDP: nmap -sU -p51820 <VPN provider address>. No need to NMAP your internal device without service/VPN Server.
Nmap needs to work from any client in the network 192.168.1.0/24 to your VPN provider. If the client can reach the endpoint, the GL-iNet should as well.
So no need for DDNS, as you already figured out.