In the Gateway Settings you can define an Encryption Domain that will be used by every community per default. So whenever you create a new community, this encryption domain will be used.
But since recently(like like 2 years ago or so I think?) you can define alternative encryption domains for every community in Smart Console. And this is also what you need to do for Route-Based Tunnels. So you don't change the Encryption Domain in the Gateway Object directly(this would override the encryption domain of EVERY tunnel, which you don't want) but rather in the community settings like you showed by clicking on that "pencil icon". Then you can choose to use the "default" encryption domain or a custom one only specific to this tunnel.
What does the yellow marked text mean?
It just means that for this tunnel, it will use your "custom" domain and not the default encryption domain according to the gateway settings. You don't have to worry about your other tunnels 🙂