Remove the config interface pure_vpn section from /etc/config/network. In the zone vpn_zone section of /etc/config/firewall, use list device tun0 instead of any option network.
Edit: This looks like the tls_key is missing or incorrect.
Though do make sure that (from the router CLI) you can ping general places on the Internet like google.com.
Also ping 5.254.77.10 works for me, though not all VPN servers may answer pings.
Perhaps if I PM you a download link for the backup of my spare HH5a using VPNbook, perhaps you can restore it to your HH5a to test ?
Update: I just switched on test HH5A and previous openvpn setup with VPNbook US1 server moments ago and server appears to be non-functioning. Switch to VPNbook DE4 server to get working VPN connection. US2 server is working when tested.
Just to update - I found the reason why I was unable to connect.
My WAN router is a stock my ISP's stock Plusnet Home Hub. I had to add the OpenWrt router to the DMZ. Further, in order to do this I had to configure the WAN as a DHCP client rather than a static IP config since the name field which is enabled when DHCP is selected is required when adding the device to the DMZ.
Hopefully this might help other who are using stock Plusnet routers on the WAN side. Also I couldn't get reliable connection when using the ovpn files provided by PureVPN. For me the best results were to configure manually using the point-to-point template (per the purevpn setup guide).
Thanks for the help and pointers - we got there eventually!
Running a VPN client would not require placing the router in a DMZ, since it makes an ordinary outgoing connection to the VPN server. A DMZ configuration is so your router can receive incoming connections, for example if you were running a VPN server at home.
fwiw, you've may have uncovered a bug with the stock firmware for the Hub One.
At end of the day, BT retired the HH5a almost 5 years ago! It's only the long suffering Plusnet fibre customers who still have to put up with the rebadged HH5a. Customers with hub problems usually end up replacing the HH5a with a BT smart hub 1 or third party modem-router.