Here are all of the things you need to know about DMVPN and NAT.

 

Hub:
If the HUB must be behind a NAT, it can only be a static NAT, no PAT.
If the HUB is behind a STATIC NAT, it must use IPSEC transport mode.
If the HUB is behind a STATIC NAT it can still form a tunnel to a SPOKE regardless if the spoke is using NAT or STATIC PAT or no NAT.

Spoke:
Spokes can ALWAYS form a tunnel with the hub regardless of spoke NAT.
Spokes can be either in STATIC NAT or PAT.
If a spoke is behind a STATIC NAT, it may form a tunnel with another spoke behind a STATIC NAT.
If a spoke is behind a STATIC NAT, it may form a tunnel with another spoke behind a PAT.
If a spoke is behind a PAT, it CAN NOT form a tunnel with another spoke behind a PAT, traffic must traverse the hub.
Spokes can use either IPSEC in transport or tunnel mode but transport is always recommended due to saving 20 Bytes per packet. (less overhead)

The files needed to follow along:

GNS3 Project WITH images (recommended, plug and play):
https://upw.io/3w8/DMVPN-NAT-TRANSPARENCY-EXPLAINED.gns3project

GNS3 Project WITHOUT images
https://upw.io/3w9/DMVPN-NAT-TRANSPARENCY-EXPLAINED-NOIMAGES.gns3project

For Just config files of routers
https://upw.io/3wa/DMVPN_NAT.zip