The minimum datagram size of an IPV4 packetdatagram that gets sent unfragmented is 576 bytes.
With 20 bytes IP and 20 bytes TCP header (assuming no options being used in either) the resulting MSS is 536.
Therefore I would say a TCP SYN packet with the dont-fragment bit on in the IP header offering a MSS of 60 is not valid and the windows server is correct in ignoring this this proposal and sending segments with a MSS size of 536.
After all this is a file transfer session and sending tiny 60-byte chunks would not help achieving an acceptable throughput.
Why is is set to 60 in general ?
I think this is done at the entry into the VPN tunnel when the incoming MSS is being 'adjusted' based on the
available MTU size in the tunnel. Seeing a 60 suggests that you have a MTU size of 100 bytes 'defined' in the tunnel ...
Tracing at the clients will probably show a much higher value in the TCP MSS option .
Regards Matthias