As I said already and @krazeh explained again, the encryption is ONLY between the AR750S and the laptop. The data is encrypted by the laptop and sent to the AR750S where it is decrypted and vise versa. All of the data that moves between the internet (i.e. your Vodafone station) and your AR750S is unencrypted.
If it helps, imagine that there are 4 people talking:
Person A = your desired user-level network activity (say loading a web page)
Person B = your laptop's Wireguard Peer (one side of the tunnel)
Person C = your OpenWrt router's Wireguard Peer (the other end of the tunnel)
Person D = your OpenWrt router's connection to the upstream network (Vodafone/internet).
A wants a web page.
A asks B in english.
B relays the request to C in German.
C translates that request from German to English and gives the message to D (in English).
The result is that the translation from English to German and back to English is pointless. This means that A can really talk directly to D.
How could it be a configuration then to make sure that the data of my notebook comes out encrypted without being decrypted, the vodafone router cannot delete or modify it ...
You would have to use a commercial vpn provider. Or have your own vpn endpoint are some other location that you trust.
my intent is to have a proprietary connection where I become MASTER of my network with DNSSEC no LOGS (dnscrypt) and all my outgoing data encrypted with WIREGUARD protocol.
Just to give an idea of my project I am attaching a photo to understand us better. I contacted my ISP "VODAFONE ITALIA" and I discovered that for some months a new Italian law provides for ROUTER FREE, any vodafone ADSL subscriber user can replace the vodafone brand router with a personal router. This seems to me the right step to advance my project. I should instead of the vodafone station insert a modem or router with openwrt firmware at this point everything should work according to this scheme that I have published.
You are only providing protection between your wireguard server and wireguard client.
Which is only a few metres and withing your own home or office.
When the data leaves the WAN it is NOT encrypted. Your diagram is wrong.
So basically done a lot of work but have achieved no protection of your data.
yes @krazeh had already explained to me what you just reported, it was this discovery that made me review my plans and understand how to implement them by changing devices and strategies. My question is: if I replaced the vodafone router would it change something or would my data always come out decrypted? how can I make sure that using an openwrt firmware with wireguard support my data can be encrypted without using T.O.R or S.O or gateway like Whonix?
I know very well that Tor uses .onion servers and changes my ip, I would like not to change IP but to encrypt the data that I transport to watch for example KODI TV and all the other activities of my devices.
There's no way to run something solely within your network that encrypts your data once it leaves. You can use an external VPN provider which will encrypt your data between your network and the provider, but it will still be decrypted before it goes out onto the wider internet. A VPN provider will also change your IP.